Free CAN FD middleware
Embedded Systems Academy (EmSA) published the first release of a free CANcrypt FD implementation for the NXP LPC54618 micro-controller. CANcrypt FD is a security middleware, providing authentication and encryption for CAN FD.
The middleware uses an 8-byte security record, embedded in the 64-byte data field of CAN FD frames. The cipher to use is configurable – the examples use Speck-64, XTEA-64, and AES-128.
The base security mechanism in CANcrypt FD is a secure heartbeat that cyclically generates a dynamic, shared key among the grouped devices. The device address / ID has now 8 bits, up from 4. While still only up to 15 devices can actively participate in the key generation, another up to 239 devices can passively update their keys to transmit and receive secure messages.
A new feature is the active initial grouping cycle. Similar to the pairing process, this mode allows the automatic grouping of devices during a first-time power-up of the network. The devices participating in the grouping process generate/negotiate a group key that is then kept in local non-volatile memory.
For more details, see the article “No excuses for not securing your CAN FD communication” in the current September 2018 issue of the CAN Newsletter magazine or download the CANcrypt FD NXP LPC54618 example implementation including documentation.
News and reports