NXP’s new secure CAN transceiver family provides a seamless and very efficient solution to secure CAN communication without using cryptography. This reduces the system impact experienced with other solutions.
NXP believes that secure CAN communication is possible with transceivers that offer distributed intrusion detection and containment methodology without cryptography . CAN message identifier (ID) filtering mechanisms in the transmit and receive path help prevent and contain network security attacks like spoofing, remote frame tampering and denial of service by flooding. By monitoring and filtering network traffic on the bus, the secure CAN transceiver protects that CAN bus from any ECU attempting to send unauthorized malicious messages.
From a security perspective, the obvious choice is to use cutting-edge solutions to protect against security threats with cryptographic message authentication code (MAC), based on cryptography and associated secure key management. Secure microcontrollers are designed with crypto accelerators to support these state-of-the-art solutions. Despite this unique hardware support, this solution is not always the most efficient for secure CAN communication. Secure microcontrollers will likely be used to secure end-to-end communication over multiple CAN networks, or other networks like Ethernet or LTE. As well as for secure boot, authenticated diagnostics and authenticated firmware updates.