Cybersecurity for CAN
The CAN data link layer protocols (CAN CC, CAN FD, and CAN XL) do not provide cybersecurity measures. To secure a CAN-based system, security measures need to be added. There are different security solutions on the market for different requirements depending on the considered attack scenarios. The network designer should choose an appropriate solution. In addition, the add-on security measures can be changed and improved later, e.g. when the original solution is compromised by hackers.
(Cyber)security standards
To identify the security requirements, three international standards should be considered. The ISO/IEC 27001 (Information technology – Security techniques – Information security management systems – Requirements) is an international standard to manage information security of a facility as a holistic concept. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
The IEC 62443 series (Industrial communication networks – Network and system security) divides the cybersecurity topics by stakeholder category (roles) including the operator, the service provider (for integration and for maintenance) as well as component/device manufacturers. The different roles follow a risk-based approach to prevent and manage security risks in their activities.
The ISO/SAE 21434 (Road vehicles – Cybersecurity engineering) specifies engineering requirements for cybersecurity risk management. It considers concept, product development, production, operation, maintenance, and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.
Secure network design principles
The IEC 62443 defines general secure network design principles to follow. These include identification of important assets (credentials, firmware, data), identification of threat models (closed or open system, local or remote access), definition as well as verification of the protective measures (encryption, authentication). The security requirements as well as the protective measures should be re-iterated over the system lifetime.
Current solutions and developments
There are several security solutions for CAN-based networks available: SecOC by Autosar, Stinger transceiver by NXP, and many other options including the internationally standardized ISO transport layer method (see ISO 14229/ISO 15765). SAE is working on cybersecurity measures for J1939 and CiA develops according solutions in its working groups.
IG04 SIG01 TF “CAN XL security” works on adding cybersecurity to CAN XL. The CANsec security protocol is an add-on function for CAN XL networks. It uses a part of the XLFF data field. Thus, cybersecurity can become a part of CAN XL data link layer hardware. CANsec is going to be specified in the CiA 613-2 (CAN XL add-on services – Part 2: Security).
IG06 “Safety and security” specifies generic security options for CAN CC and CAN FD protocols. The CiA 720 document series under development specifies a cybersecurity higher-layer add-on function. Being of general interest, the approach is pursued by defining generic objects, parameters, and roles required in such a way, that they can be mapped for example to CANopen CC and CANopen FD. Mapping to other communication networks (e.g. I2C or EIA 485) is possible.
Additionally, IG06 is planning to specify a generic document considering security threats on all OSI (Open Systems Interconnection model from ISO) layers.
To work on solutions for cybersecure CAN networks, interested parties should contact secretary(at)can-cia.org.