CAN Data Encryption Using Secret ID and Remote Frame
2022-01-0125
03/29/2022
- Event
- Content
- Controller Area Network (CAN) is very popular data transportation mechanism in all modern vehicles. CAN bus by design is not security oriented. It is an open communication with transparent messaging. Messages transmitted on bus can be easily read/decoded/spoofed by intruder This paper explores specific method of in-vehicle network security for CAN. This paper presents new method which is based on principal of using CAN remote frame for message encoding. This is a new solution which will provide some degree of defense for the message eavesdrop and message spoof attacks on CAN bus Solution is based on set of specialized DB’s being stored in every ECU in system. These DB’s will have different message ID’s for the same message. Remote framework message is a standard CAN frame message. In this new approach ECU’s will use Remote frame to communicate request about switching ID of particular message. Requested message will be replaced with new ID as requested from the sender ECU. Since Remote frame looks like normal CAN frame hacker will not understand secret logic inside remote frame. System design: (1) Carefully designed CAN data base set will be utilized and stored in all ECU’s. (2) Remote frame message is used to communicate about the secret message selection. Remote frame will have 4 bit DLC field. This DLC field will be used to communicate the Db selection. For other messages on system which are not requested to be secured, will continue using original identifier Technology Benefits (1) More secured communication since difficult to reverse engineer secret message ID used only for specific time and not used in other time (2) Hacker presence detection: When message ID changed and hacker uses old message ID’s, hacker presence is detected (3) More secured communication with the vehicle and increased difficulty to reverse engineer changing messages on CAN bus (4) In the event of hacker trying to target a specific ECU by sending error message or is trying to listen or eavesdrop on the communication, victim ECU can switch important messages to secret ID. Hacker is not aware of the secret message ID’s and hence cannot understand the secret message content (5) Secured delivery of important messages on CAN bus is ensured
- Citation
- Kulkarni, A., "CAN Data Encryption Using Secret ID and Remote Frame," SAE Technical Paper 2022-01-0125, 2022, .