Preprint
Article

This version is not peer-reviewed.

Timing Side-Channel Leakage and Fault Resilience Evaluation of Lightweight Authentication on Arduino-Class MCUs

Submitted:

21 April 2026

Posted:

22 April 2026

You are already at the latest version

Abstract
Automotive electronic control units increasingly rely on resource-constrained microcontrollers to implement authentication and message validation for in-vehicle networks such as CAN. Although cryptographic primitives may be mathematically secure, their software implementations on low-cost ECUs can leak sensitive information through timing side-channels. This paper presents a practical timing side-channel evaluation of an embedded authentication routine implemented on Arduino-class microcontrollers representative of entry-level automotive ECUs. A Python-based measurement framework interacts with the target device over a serial interface, repeatedly triggers authentication operations, and records execution time under controlled conditions. Experimental results show statistically distinguishable timing distributions correlated with secret-dependent execution paths, enabling an attacker with CAN-adjacent access to infer partial information about authentication checks. Lightweight countermeasures, including constant-time comparisons and control-flow normalization, are implemented and evaluated. The mitigated design reduces observable timing leakage with minimal execution-time and memory overhead, highlighting the need for implementation-level timing analysis in automotive embedded systems.
Keywords: 
;  ;  ;  ;  ;  ;  ;  ;  
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
Prerpints.org logo

Preprints.org is a free preprint server supported by MDPI in Basel, Switzerland.

Subscribe

Disclaimer

Terms of Use

Privacy Policy

Privacy Settings

© 2026 MDPI (Basel, Switzerland) unless otherwise stated