To address the lack of link-layer source authentication for multicast communication in automotive Ethernet and CAN XL networks—where symmetric encryption lacks multicast support and asymmetric cryptography fails to meet real-time and resource constraints—this paper proposes an enhanced TESLA scheme based on interleaved key chains. The method integrates lightweight symmetric cryptography, a dynamic policy selection mechanism, and a unified receiver architecture. It satisfies ASIL-B–level real-time security requirements while significantly improving authentication robustness under multicast frame loss: end-to-end authentication latency is measured below 10 μs, and memory overhead is reduced by 35%. The core innovation lies in decoupling the key chain structure from timing-based authentication, thereby enabling synergistic optimization of security, real-time performance, and resource efficiency.

Having everything interconnected through the Internet, including vehicle onboard systems, is making security a primary concern in the automotive domain as well. Although Ethernet and CAN XL provide link-level security based on symmetric cryptography, they do not support origin authentication for multicast transmissions. Asymmetric cryptography is unsuitable for networked embedded control systems with real-time constraints and limited computational resources. In these cases, solutions derived from the TESLA broadcast authentication protocol may constitute a more suitable option. In this paper, some such strategies are presented and analyzed that allow for multicast origin authentication, also improving robustness to frame losses by means of interleaved keychains. A flexible authentication mechanism that relies on a unified receiver is then proposed, which enables transmitters to select strategies at runtime, to achieve the best compromise among security, reliability, and resource consumption.