System and method for managing secure communications between modules in a controller area network

What is claimed is: 1. A system for managing secure communications between modules in a Controller Area Network (CAN) comprising: a key management module configured to: organize CAN identities of the CAN into sub-sets based on functionalities of the CAN identities, wherein each sub-set is arranged as a tree structure having a root node which represents a function of the sub-set, arrange the sub-sets of CAN identities into a tree structure having a root node N R , wherein the root nodes of the sub-sets are arranged as descendant nodes of root node N R , and set a key for the root node N R and compute keys for each node in each level in the tree structure, starting from child nodes of the root node N R , wherein a key of a child node in the tree structure is computed using a key of a parent node and an identifier identifying the child node; and a broadcast module communicatively connected to the key management module, configured to: generate a frame to be transmitted on the CAN, wherein the frame is associated with a CAN identity id c1 selected from the CAN identities, compute a CAN identity key k c1 using an ascendant key k 1 associated with an ascendant node of the CAN identity id c1 node and a root-node path identifier associated with the CAN identity id c1 node, wherein the ascendant key k 1 is retrieved from the key management module and the root-node path identifier comprises a value assigned to the CAN identity id c1 node, obtain a scheme parameter p and compute a verification parameter v d based on the scheme parameter p, the CAN identity key k c1 , the CAN identity id c1 , and the frame to be transmitted, wherein the scheme parameter p comprises a variable unique to the scheme, and broadcast information comprising the frame associated with the CAN identity id c1 and the verification parameter v d on the CAN such that a receiver module on the CAN having a filter that comprises the CAN identity id c1 receives the broadcasted information and validates the received frame using the received verification parameter v d . 2. The system according to claim 1 , wherein the computing the keys for each node in each level in the tree structure comprises the key management module being configured to: for each child node in the tree structure, compute a key k c for the child node in the tree structure using a key generating function (KGF( )), a key k p of a parent node of the child node and an identifier identifying the child node id c , the key k c being defined as k c =KGF(k p , id c ). 3. The system according to claim 1 , wherein the computing the CAN identity key k c1 using the ascendant key k 1 associated with the ascendant node of the CAN identity id c1 node and the root-node path identifier associated with the CAN identity id c1 node comprises the broadcast module being configured to: compute the CAN identity key k c1 using a key generating function (KGF( )), the CAN identity id c1 and the ascendant key k 1 , the CAN identity key k c1 being defined as k c1 =KGF(k 1 , id c1 ) when the ascendant key k 1 is associated with a parent node of the CAN identity id c1 node and when the root-node path identifier associated with the CAN identity id c1 node comprises the CAN identity id c1 . 4. The system according to claim 1 , wherein before the key management module sets the key for the root node N R , the key management module is configured to: selectively insert at least one intermediate node between the root node N R and a root node of one of the sub-sets such that the intermediate node represents an ascendant node of the root node of one of the sub-sets. 5. The system according to claim 1 , wherein the scheme parameter p comprises a local time T, the broadcast information further comprises the scheme parameter p, and wherein the broadcast module is configured to: compute the verification parameter v d using the local time T, wherein the verification parameter v d is defined as v d =MAC(k c1 , T∥id c1 ∥‘frame’) where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN. 6. The system according to claim 5 , wherein the validation of the received frame by the receiver module comprises the receiver module being configured to: obtain the CAN identity key k c1 and a receiver local time T R ; perform a first validation check on the validity of the received frame based on the received local time T and the obtained receiver local time T R ; perform a second validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , when the first validation check validates the received frame, wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , T∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and processing the received frame when the second validation check validates the received frame. 7. The system according to claim 6 , further comprising: a gateway module configured to: obtain a gateway local time T G ; generate a general frame using the gateway local time T G that is transmitted and received by all the modules on the CAN such that when each module receives the general frame, wherein each module is configured to: validate the received general frame; and synchronize local time of the module using the gateway local time TG when the received general frame is validated. 8. The system according to claim 6 , wherein the obtaining the CAN identity key k c1 comprises the receiver module being configured to: retrieve the CAN identity key k c1 that is preloaded into the receiver module by the key management module. 9. The system according to claim 6 , wherein the obtaining the CAN identity key k c1 comprises the receiver module being configured to: compute the CAN identity key k c1 using the CAN identity id c1 and a key of an ascendant node, wherein the key of the ascendant node is preloaded into the receiver module by the key management module. 10. The system according to claim 1 , wherein the scheme parameter p comprises a counter CT c1 associated with the CAN identity id c1 and wherein the broadcast module is configured to: increment the counter CT c1 by one, compute the verification parameter v d using the counter CT c1 , wherein the verification parameter v d is defined as v d =MAC(k c1 , CT c1 ∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN. 11. The system according to claim 10 , wherein the validation of the received frame by the receiver module comprises the receiver module being configured to: obtain the CAN identity key k c1 and a receiver counter CT′ c1 associated with the CAN identity id c1 ; perform a validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , (CT′ c1 +1)∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and increment the counter CT′ c1 by one and process the received frame when the validation check validates the received frame, wherein a gateway module is configured to synchronize the counter CT c1 at the broadcast module and the counter CT′ c1 at the receiver module. 12. The system according to claim 11 , wherein the gateway module is configured to synchronize the counter at the broadcast module and the receiver counte