This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Secure Controller Area Network Logging
Technical Paper
2021-01-0136
ISSN: 0148-7191, e-ISSN: 2688-3627
This content contains downloadable datasets
Annotation ability available
Sector:
Event:
SAE WCX Digital Summit
Language:
English
Abstract
Practical encryption is an important tool in improving the cybersecurity posture of vehicle data loggers and engineering tools. However, low-cost embedded systems struggle with reliably capturing and encrypting all frames on the vehicle networks. In this paper, implementations of symmetric and asymmetric algorithms were used to perform envelope encryption of session keys with symmetric encryption algorithms while logging vehicle controller area network (CAN) traffic. Maintaining determinism and minimizing latency are primary considerations when implementing cryptographic solutions in an embedded system. To satisfy the timing requirements for vehicle systems, the memory-mapped Cryptographic Acceleration Unit (mmCAU) on the NXP K66 processor enabled 6.4Mb/sec symmetric encryption rates, which enables logging of multiple channels at 100% bus load. Using AES-128 in Cipher Block Chaining (CBC) mode provides the encryption for data confidentiality. Errors and integrity checks are handled by a Cyclic Redundancy Check (CRC) checksum withing the data and digitally signed SHA256 hash values of the overall encrypted record secured the integrity of the data. A hardware security module (HSM) is utilized to store asymmetric key pairs for key management. The HSM implements Elliptic-Curve Cryptography (ECC) algorithms for key exchanges and digital signatures. Secure collection and secure data uploads to a central server are demonstrated. This work and the source code are open source with the goal of inspiring improved secure communications for vehicle networks.
Citation
Daily, J. and Van, D., "Secure Controller Area Network Logging," SAE Technical Paper 2021-01-0136, 2021, https://doi.org/10.4271/2021-01-0136.Data Sets - Support Documents
Title | Description | Download |
---|---|---|
Unnamed Dataset 1 | ||
Unnamed Dataset 2 | ||
Unnamed Dataset 3 | ||
Unnamed Dataset 4 | ||
Unnamed Dataset 5 | ||
Unnamed Dataset 6 |
Also In
References
- National Motor Freight Traffic Association, Inc A Survey of Heavy Vehicle Cyber Security Jan. 4, 2016
- SAE International Oct. 2018
- Miller , C. and Valasek , C. Remote Exploitation of an Unaltered Passenger Vehicle Aug. 10, 2015 http://www.illmatics.com/Remote%20Car%20Hacking.pdf
- Mukherjee , S. , Shirazi , H. , Ray , I. , Daily , J. , and Gamble , R. Practical DoS Attacks on Embedded Networks in Commercial Vehicles ICISS 2016: Information Systems Security 2016
- Cho , K.-T. and Shin , K.G. Error Handling of In-vehicle Networks Makes Them Vulnerable CCS ’16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Vienna Austria 2016
- Shaout , A. , Mysuru , D. , and Raghupathy , K. CAN Sniffing for Vehicle Condition, Driver Behavior Analysis and Data Logging 2018 International Arab Conference on Information Technology (ACIT) Werdanye Lebanon 2018
- Johanson , M. and Karlsson , L. Improving Vehicle Diagnostics through Wireless Data Collection and Statistical Analysis 2007 IEEE 66th Vehicular Technology Conference Baltimore, MD 2007
- Daily , J. and Van , D. https://github.com/SystemsCyber/CAN-Logger-3
- https://github.com/SystemsCyber/FlexCAN_Library
- NXP Aug. 4, 2018 https://www.nxp.com/docs/en/reference-manual/K66P144M180SF5RMV2.pdf
- Microchip https://ww1.microchip.com/downloads/en/DeviceDoc/ATWINC15x0-MR210xB-IEEE-802.11-b-g-n-SmartConnect-IoT-Module-Data-Sheet-DS70005304C.pdf
- Microchip 2017 http://ww1.microchip.com/downloads/en/DeviceDoc/40001977A.pdf
- Chahar , H. , Keshavamurthy , B. , and Modi , C. Privacy-Preserving Distributed Mining of Association Rules Using Elliptic-Curve Cryptosystem and Shamir’s Secret Sharing Scheme Sādhanā 42 1997 2007 2017
- Groll , A. and Ruland , C. Secure and Authentic Communication on Existing In-Vehicle Networks 2009 IEEE Intelligent Vehicles Symposium 1093 1097 2009
- SAE International SAE J1939-16 Automatic Baud Rate Detection Process Surface Vehicle Recommended Practice 2018
- Alabaichi , A.M. , Mahmood , R. , Ahmad , F. , and Mechee , M.S. Randomness Analysis on Blowfish Block Cipher Using ECB and CBC Modes Journal of Applied Sciences 13 768 789 2013
- https://github.com/SystemsCyber/CAN-Logger-3/tree/master/tests/cryptolibAESSHA
- Stoffregen , P. https://github.com/PaulStoffregen/CryptoAccel
- Dworkin , M. 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf
- https://github.com/linux-can/can-utils
- NIST