Securing CAN Communication Efficiently With Minimal System Impact

March 22, 2018 //By Bernd Elend, Thierry Walrant, Georg Olma. All authors NXP
Securing CAN Communication Efficiently With Minimal System Impact
Securing CAN communication efficiently can be a challenge. Different options exist today with payload authentication such as AUTOSAR SecOC [1]. These solutions use cryptography that mean higher bandwidth, longer transmit delays and higher processing power are needed, as well as managing the crypto keys themselves.

NXP’s new secure CAN transceiver family provides a seamless and very efficient solution to secure CAN communication without using cryptography. This reduces the system impact experienced with other solutions.

NXP believes that secure CAN communication is possible with transceivers that offer distributed intrusion detection and containment methodology without cryptography [2]. CAN message identifier (ID) filtering mechanisms in the transmit and receive path help prevent and contain network security attacks like spoofing, remote frame tampering and denial of service by flooding. By monitoring and filtering network traffic on the bus, the secure CAN transceiver protects that CAN bus from any ECU attempting to send unauthorized malicious messages.

From a security perspective, the obvious choice is to use cutting-edge solutions to protect against security threats with cryptographic message authentication code (MAC), based on cryptography and associated secure key management. Secure microcontrollers are designed with crypto accelerators to support these state-of-the-art solutions. Despite this unique hardware support, this solution is not always the most efficient for secure CAN communication. Secure microcontrollers will likely be used to secure end-to-end communication over multiple CAN networks, or other networks like Ethernet or LTE. As well as for secure boot, authenticated diagnostics and authenticated firmware updates.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.