The invention relates to a CAN bus authentication method and system based on broadcasting. The method includes the steps that completeness verification is conducted on all ECUs, seed secret keys are distributed for a gateway and the ECUs passing the verification; the gateway generates an encryption sequence, and the encryption sequence is sent to the ECUs passing the verification through broadcasting; the gateway and the ECUs passing the verification generate identical message authentication code (MAC) tables and identical synchronous counters, wherein the initial value of the counters is zero; the sending ECU attaches the MAC corresponding to the value of the counter of the sending ECU to the data field of a sending data frame; the gateway and the receiving ECU judge whether the MAC in the data field is identical with the MAC in the MAC tables corresponding to the counters of the gateway and the receiving ECU or not; if yes, the data frame is judged to be safe, and if not, the data frame is judged to be the illegal frame; the values of the counters of the sending ECU, the gateway and the receiving ECU are added by one, and whether the values of the counters of the sending ECU, the gateway and the receiving ECU exceed the preset threshold value or not is judged; if yes, an MAC table is generated again; if not, the next frame of communication is conducted, and communication of a next data frame is conducted. According to the CAN bus authentication method and system, due to the fact that a message authentication code is added to the data frames in communication, the attack on the CAN bus can be defended.