Fast CAN message authentication for vehicular systems

What is claimed is: 1. A method for authenticating messages, comprising: calculating a hash value based on a key and a message count value; receiving from a first electronic control unit, a data message associated with the message count value; receiving from the first electronic control unit, an authentication message that includes the message count value and a message authentication code derived from the data message, the message count value and the key, wherein the calculating the hash value is performed by a second electronic control unit prior to the receiving the data message and prior to the receiving the authentication message, wherein calculating the hash value prior to the receiving the data message and prior to the receiving the authentication message acts to decrease a latency; applying, by the second control unit, portions of the received data message as an index into the hash value to look up portions of the hash value; combining, by the second control unit, the portions of the hash value to form a verification version of the message authentication code; and determining, by the second control unit, whether the message authentication code matches the verification version of the message authentication code. 2. The method of claim 1 , wherein the latency is from the receiving the data message and receiving the authentication message until the determining. 3. The method of claim 1 , wherein: the key is stored in each of the first electronic control unit and the second electronic control unit; and the message count value is determined at each of the first electronic control unit and the second electronic control unit. 4. The method of claim 1 , wherein: applying portions of the data message to look up portions of the hash value includes using the portions of the data message as pointers to the portions of the hash value; and combining the portions of the hash value includes concatenating exclusive ORed portions of the hash value, as pointed to by the portions of the data message. 5. The method of claim 1 , further comprising: calculating a plurality of hash values based on the key and a plurality of message count values, wherein the hash value is included in the plurality of hash values and the message count value is included in the plurality of message count values; and identifying the hash value from the plurality of hash values, based on receiving the message count value in the authentication message. 6. The method of claim 1 , wherein calculating the hash value is further based on a node identification (ID) and a session count. 7. The method of claim 1 , further comprising: calculating, at the first electronic control unit, the hash value calculated at the second electronic control unit, based on the key and the message count value as applied at the second electronic control unit, wherein both of the first electronic control unit and the second electronic control unit track the message count value and have the key; generating the message authentication code at the first electronic control unit based on the hash value calculated at the first electronic control unit and the data message which is to be sent; sending, from the first electronic control unit to the second electronic control unit, the data message and the authentication message, wherein the calculating the hash value is performed by the first electronic control unit prior to assembling the data for the data message and acts to decrease a latency from the assembling the data for the data message and the sending the authentication message. 8. A tangible, non-transitory, computer-readable media having instructions thereupon which, when executed by a processor, cause the processor to perform a method comprising: counting messages received from an electronic control unit; deriving a message count value, for a message to be received from the electronic control unit, based on the counting; generating a hash value from the message count value and a key, wherein generating the hash value is prior to receiving a data message and prior to the receiving an authentication message to decrease a latency; receiving the data message associated with the message count value from the electronic control unit via a vehicular communication network or bus; receiving the message count value and a message authentication code, from the electronic control unit, via the vehicular communication network or bus; generating a verification version of a message authentication code from the received data message and the hash value corresponding to the message count value, by using portions of the received data message as an index to point to portions of the hash value and combining the portions of the hash value to form the verification version of the message authentication code; and verifying whether the message authentication code and the verification version of the message authentication code match. 9. The computer-readable media of claim 8 , wherein the method further comprises: counting messages sent to the electronic control unit; deriving a further message count value, for a message to be sent to the electronic control unit, based on the counting messages sent to the electronic control unit; generating a further hash value from the further message count value and the key; assembling a further data message, with further data therein; generating a further message authentication code from the further data and the further hash value; sending the further data message to the electronic control unit via the vehicular communication network or bus; and sending the further message count and the further message authentication code, to the electronic control unit via the vehicular communication network or bus. 10. The computer-readable media of claim 8 , wherein generating the hash value includes: forming a concatenation of a node identification (ID), a session count, the message count value, an overflow count value and the key; and performing a cryptographic hash calculation on the concatenation. 11. The computer-readable media of claim 8 , wherein generating the verification version of the message authentication code includes: dividing the data into a sequence of strings; translating each string of the sequence of strings into an integer value; applying the integer value of each string of the sequence strings as an index to find a portion of the hash value; applying an exclusive or (XOR) function to pairs of portions of the hash value, as pointed to by pairs of integer values of pairs of strings from the sequence of strings, to form intermediate values; applying the exclusive or function to pairs of the intermediate values to form portions of the message authentication code; and concatenating the portions of the message authentication code, to form the message authentication code. 12. The computer-readable media of claim 8 , wherein the method further comprises: storing a plurality of keys, each key of the plurality of keys associated with a trust group of a plurality of trust groups, a plurality of electronic control units organized according to the plurality of trust groups; tracking message count values of messages sent to each of the plurality of electronic control units; generating hash values and message authentication codes for messages to be sent to the plurality of electronic control units, based on the plurality of keys and message count values derived from the message count values of messages sent, in accordance with association of keys, electronic control units and trust groups; tracking message count values of messages received from each of the plurality of electronic contro