Vector implemented the protocol for CAN FD in a CANoe environment. The Vector specialists subjected the protocol to extensive tests using this software tool for development, simulation and testing of ECUs and networks. Along with the required robustness against replay attacks, another focus was to study message losses, failure and re-entry of sender and receiver as well as timing errors and burst attacks. In all of these cases, the encryption system provided stable transmission.
Summary and Outlook
In CAN FD, in particular, it took relatively little effort to implement robust transmission of encrypted data with multiple nodes, and this method can also fit into an existing AUTOSAR-3.x environment. One disadvantage is the serialization and deserialization of the data on the application level (Figure 3), which means that modeling properties of the RTE cannot be used any longer for individual signals. The classic points of attack on such systems must still be kept in mind. They include, for example, weak random number generators for the ID keys (at startup) or spying the symmetrical keys.
Figure 3: Software components for encrypted transmission
In the security technology world, the AES-128 algorithm is considered secure, at least for the near future, and its implementation is mature or even supported by hardware accelerators. The method presented here makes attacks on the CAN(-FD) communication much more difficult, and manipulation is hardly possible without “insider knowledge”. On CAN it has already been in production use for several years, and it also has led to favorable classification of the relevant vehicle for insurance premiums. In this case, security not only protects data; it even offers a direct cost advantage to the end user.