Open search

IP Core

CANsec pre-implementation for CAN XL

Cast introduced a prototype implementation of the CANsec security protocol under development in the CiA (CAN in Automation) association. CANsec is intended as an add-on function for the CAN XL data link layer.

CANsec trademarked by CiA is a security protocol, which is a data link layer cybersecurity measure for CAN XL (Source: Adobe Stock)

The CAN protocol originally invented mid of the 1980s does not provide any built-in data protection, making CAN networks vulnerable to cyberattacks and other threats. This is also true for the CAN FD and the CAN XL data link layer protocols. However, for CAN XL specified in CiA 610-1, there is an add-on function in preparation to protect this 3rd CAN generation against cyberattack. This approach is called CANsec. It will be specified in the CiA 613-1 (protocol) and CiA 613-2 (conformance test plan). By the way, CANsec is already trademarked by CiA.

CiA member Cast introduced a CANsec pre-implementation. This CANsec Acceleration Engine IP core works with the CAN XL core available from the company. It is also suitable for integration into other CAN XL compliant IP cores. The CANsec IP core protects the CAN XL data payload using two NIST-approved ciphers with up to 256-bit key lengths: AES-CMAC protects data integrity and authenticity, and AES-GCM additionally protects confidentiality. The core protects multiple nodes or devices on the same CAN XL network using up to 256 secure channels to communicate with the CAN XL controller and the system’s host processor.

Implementing CANsec in hardware rather than software, the CAN-SEC core adds negligible delay to data on the CAN XL bus while protecting that data from known cyberattacks including spoofing, sniffing and replay, repudiation, and resource exhaustion. The CANsec core developed by the Fraunhofer IPMS was rigorously verified and produced to meet Cast’s IP reusability and quality standards and has been publicly used in a demonstrator from Renesas Electronics Corporation. It is available now from Cast.

“As with CAN in 2002, TSN Ethernet in 2017, and CAN XL in 2020, the advanced research and development team at Fraunhofer IPMS has enabled us to provide one of the first available IP cores for a hugely-beneficial new technology,” said Nikos Zervas from Cast. “CAN XL helps answer the demanding increases in automotive system complexity, and now CANsec helps protect drivers and passengers from the rising threat of digital attack.”


Publish date

Fraunhofer IPMS