Timing Side-Channel Leakage and Fault Resilience Evaluation of Lightweight Authentication on Arduino-Class MCUs

preprint OA: closed CC-BY-4.0
🔓 Open OA copy View at publisher

Abstract

Automotive electronic control units increasingly rely on resource-constrained microcontrollers to implement authentication and message validation for in-vehicle networks such as CAN. Although cryptographic primitives may be mathematically secure, their software implementations on low-cost ECUs can leak sensitive information through timing side-channels. This paper presents a practical timing side-channel evaluation of an embedded authentication routine implemented on Arduino-class microcontrollers representative of entry-level automotive ECUs. A Python-based measurement framework interacts with the target device over a serial interface, repeatedly triggers authentication operations, and records execution time under controlled conditions. Experimental results show statistically distinguishable timing distributions correlated with secret-dependent execution paths, enabling an attacker with CAN-adjacent access to infer partial information about authentication checks. Lightweight countermeasures, including constant-time comparisons and control-flow normalization, are implemented and evaluated. The mitigated design reduces observable timing leakage with minimal execution-time and memory overhead, highlighting the need for implementation-level timing analysis in automotive embedded systems.

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2026) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00
unpaywall
last seen: 2026-05-30T02:00:01.510937+00:00
License: CC-BY-4.0