Timing Side-Channel Leakage and Fault Resilience Evaluation of Lightweight Authentication on Arduino-Class MCUs
preprint
OA: closed
CC-BY-4.0
Abstract
Automotive electronic control units increasingly rely on resource-constrained microcontrollers to implement authentication and message validation for in-vehicle networks such as CAN. Although cryptographic primitives may be mathematically secure, their software implementations on low-cost ECUs can leak sensitive information through timing side-channels. This paper presents a practical timing side-channel evaluation of an embedded authentication routine implemented on Arduino-class microcontrollers representative of entry-level automotive ECUs. A Python-based measurement framework interacts with the target device over a serial interface, repeatedly triggers authentication operations, and records execution time under controlled conditions. Experimental results show statistically distinguishable timing distributions correlated with secret-dependent execution paths, enabling an attacker with CAN-adjacent access to infer partial information about authentication checks. Lightweight countermeasures, including constant-time comparisons and control-flow normalization, are implemented and evaluated. The mitigated design reduces observable timing leakage with minimal execution-time and memory overhead, highlighting the need for implementation-level timing analysis in automotive embedded systems.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2026) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00
- unpaywall
- last seen: 2026-05-30T02:00:01.510937+00:00
License: CC-BY-4.0