SecCAN-FD:A Next Generation Secure CAN Protocol

Abstract

The Controller Area Network (CAN Bus) is the most popular in-vehicle communication network within modern commercial vehicles due to its affordable price, reduced weight, adherence to real-time requirements, and resilient fault-tolerance mechanism. Unlike Ethernet, CAN lacks a source and destination address and instead uses an arbitration identifier, with lower IDs indicating higher priority messages. However, CAN lacks basic security features such as encryption and authentication, and is therefore susceptible to attacks such as replay, masquerade, and denial-of-service (DoS) attacks. Researchers have proposed various methods of securing CAN including encryption schemes, intrusion detection systems, and firewalls. SecCAN [Ullah et. al.] is a secure CAN protocol that protects against both replay and masquerade attacks but is susceptible to DoS and its proposed implementation is limited by the CAN protocol. Thus, we have designed SecCAN-FD, an improved version of SecCAN which will use CAN-FD, rather than CAN 2.0, to utilize its increased payload for enhanced lightweight encryption and authentication. Additionally, we are combining concepts from CANSentry [Humayed et. al.], a novel CAN firewall, to limit communication between ECUs exposed to attack surfaces and internal ECUs. To prevent targeted ID DoS attacks on legitimate arbitration IDs, a lightweight IDS component will monitor the frequency of messages originating from exposed ECUs.