Date of Original Version
Abstract or Description
Distributed embedded systems are becoming increasingly vulnerable to attack as they are connected to external networks. Unfortunately, they often have no built-in authentication capability. Multicast authentication mechanisms required to secure embedded networks must function within the unique constraints of these systems, making it difficult to apply previously proposed schemes. We propose an authentication approach using message authentication codes which exploits the time-triggered nature of many embedded systems by putting only a few authentication code bits in each message, and by requiring authentication to be confirmed by the correct reception of multiple messages. This approach can work for both state transition commands and reactive control messages, and enables a tradeoff among per-message authentication cost, application-level latency, and the probability of induced system failure. Authentication parameters can be tuned on a per-message basis while satisfying typical wired embedded network constraints.