The CANcrypt framework for cyber secure communication can be used with any CAN-based higher-layer protocol (HLP).
The CANcrypt network is described in detail in the book "Implementing Scalable CAN Security with CANcrypt" (ISBN 978-0-9987454-0-4, paperback or ISBN 978-0-9987454-1-1, hardcover). The authors discuss several security aspects for the CAN-based networks and provide a lightweight software security solutions offering authentication and encryption for CAN communication. CANcrypt is application layer independent and supports for example CANopen, J1939, CiA 447, NMEA-2000, Energybus (CiA 454), Cleanopen (CiA 422), and others.
At its base, CANcrypt uses synchronized keys that are dynamically updated based on secret random values introduced. Depending on configuration, keys can be updated several times per second. All security algorithms are customizable, default implementations use variations of the Speck Cipher or AES-128.
"The CANcrypt system not only supports the reliable, active pairing and grouping of devices," said the author Olaf Pfeiffer. "It also provides key management functionality supporting a key hierarchy." Such a key hierarchy allows implementing different security levels. The highest level is for the manufacturer and potential activation of boot-loader functionality. Additional key levels support individual keys for system integrators, owners or last sessions.
Software examples demonstrating the different security features are available for download. The software examples may be freely copied for educational and evaluation purposes. All header files are made available using the Apache license version 2.0. These published examples are also the base for a planned bounty program to be announced later this year. Implementation examples are based on LPC11Cxx and LPC17xx micro-controllers from NXP and STM32F0xx micro-controllers from STMicroelectronics.
News and reports