This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Securing J1939 Communications Using Strong Encryption with FIPS 140-2
ISSN: 0148-7191, e-ISSN: 2688-3627
Published March 28, 2017 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
Since 2001, all sensitive information of U.S. Federal Agencies has been protected by strong encryption mandated by the Federal Information Processing Standards (FIPS) 140-2 Security Requirements. The requirements specify a formal certification process. The process ensures that validated encryption modules have implemented the standard, and have passed a rigorous testing and review processes. Today, this same strong security protection has become possible for vehicle networks using modern, cost-effective encryption in hardware.
This paper introduces the motivation and context for the encryption diagnostics security in terms of all vehicles in general, not just trucks which use SAE J1939 communications. Several practical scenarios for using such encryption hardware and the advantages of using hardware compared to software private-key encryption and public-key encryption are described.
This paper describes strong FIPS 140-2 encryption for vehicle diagnostics communications, using as an example the J1939 protocol. The encrypted J1939 data and commands are tamper-proof, since they cannot be changed or altered -- accidentally or otherwise. The encrypted J1939 data and commands can also be stored and transported securely, giving no unauthorized read access.
The examples will show J1939 encryption, communicating over both wired and wireless networks. Two-factor authentication is achieved, since both the hardware and a password key are needed to decrypt. And, the same hardware can provide both private-key encryption (traditional symmetric encryption) and public-key encryption (asymmetric encryption and digital signatures).
The conclusion states results of successfully tested FIPS 140-2 cryptographic hardware implementation for embedded systems communication of J1939 diagnostic commands over wireless networks using both ZigBee and Wi-Fi.
|Technical Paper||FlexRay - From Principles to Products|
|Technical Paper||The Study of Secure CAN Communication for Automotive Applications|
|Technical Paper||An Efficient Technique for Reducing the Cost of Motorcycle ECU-Immobilizer Subsystem Integration|
CitationZachos, M., "Securing J1939 Communications Using Strong Encryption with FIPS 140-2," SAE Technical Paper 2017-01-0020, 2017, https://doi.org/10.4271/2017-01-0020.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
- FIPS 140-2 web site at http://csrc.nist.gov/groups/STM/cmvp/standards.html, accessed September, 2016.
- FIPS 140-2 Standard at http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, accessed September, 2016.
- DG Technologies, Inc. “DG FIPS Non-Proprietary Security Policy”, version 2.3 of August, 2016.
- National Highway Traffic Safety Administration: (2016, October) Cybersecurity best practices for modern vehicles. (Report No. DOT HS 812 333). Washington, DC
- SAE International Surface Vehicle Recommended Prtactice, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems," SAE Standard J3061™, Iss. Jan. 2016.
- Wikipedia article on Hardware Security Module at https://en.wikipedia.org/wiki/Hardware_security_module accessed September, 2016.
- The ZigBee Alliance at http://www.zigbee.org, accessed September, 2016.
- Digi Knowledge Base, “Network Latency Timing” at http://knowledge.digi.com/articles/Knowledge_Base_Article/Sending-data-through-an-802-15-4-network-latency-timing, accessed September, 2016.
- ZigBee technical specifications at https://www.digi.com/resources/standards-and-technologies/rfmodems/zigbee-wireless-standard, accessed September, 2016.
- Wi-Fi technical specifications at https://www.digi.com/products/xbee-rf-solutions/embedded-rf-modules-modems/xbee-wi-fi, accessed September, 2016.