Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Interface

Can encrypted CAN bus secure connected cars?

Posted: 23 Oct 2015     Print Version  Bookmark and Share

Keywords:connected cars  cyber security  Tier One  OEM  hacking 

Cyber security was not a matter of concern to car OEMs and Tier Ones in the past. But when carmakers started rolling out connected cars for the consumer market, it suddenly became a big deal.

Fresh in everyone's memory are several celebrated hacking incidents this past summer. These include the vulnerabilities found in Chrysler Jeeps, which resulted in Chrysler's recall of 1.4 million vehicles, and a flaw in General Motors' OnStar RemoteLink system, through which a hacker found a way to remotely unlock doors and start engines.

As Egil Juliussen, director research and principal analyst at IHS Automotive, pointed out in a recent presentation to the automotive industry, "Hacking research has shown that nearly all access points can be compromised." To cope with this reality, technology suppliers are beginning to launch a number of cyber security solutions, he said. They range from hardware security to CAN (Controller Area Network) bus firewalls and ECU software monitoring.

Auto system

(Source: IHS Automotive)

But what the world hasn't seen yet – and Juliussen hasn't seen either – is a technology capable of encrypting CAN bus itself.

That's about to change, according to Trillium, a Japan-based start-up headed by David Uze, former CEO of Freescale Japan. Uze told EE Times this week that a small team of Trillium engineers has developed what it calls SecureCAN—"a CAN bus encryption and key management system for protecting payloads less than 8B."

Essential to this assertion is a claimed ability to handle data "in 8B," instead of the 128bit block the Rijndael algorithm needs for AES-based encryptions.

Because of its ultra-light weight block cipher, Trillium's SecureCAN can encrypt CAN (and LIN) messages in real time, claimed Uze. More specifically, Trillium's symmetric block cipher and key management system allows SecureCAN to "encrypt, transmit and decrypt within the 1ms threshold," he said, which is required for automotive CAN bus real-time applications.

Trillium with a dozen employees is a self-funded company that's been in existence a little over a year. The company has received investment of an undisclosed sum from semi-government Japanese organisation called NEDO (New Energy and Industrial Technology Development), according to Uze. The firm's engineering team includes a security expert who previously worked for Motorola.

Trillium's SecureCAN "isn't a vaporware," stressed Uze. "We will be demonstrating it in Intrepid Control Systems' booth" at the IEEE Standards Association (IEEE-SA) Ethernet & IP @ Automotive Technology Day (Oct. 27-28) next week in Yokohama.

CAN bus encryption

CAN bus encryption (Source: Trillium)

No panacea

Trillium does not claim that protecting CAN bus is a panacea for automotive cyber security.

"Absolutely, you must have a gateway firewall," said Uze. But, as with any security, no system can afford to have a single point of failure. "You need multiple layers of security measures," he explained.

But Uze noted, "CAN is a native unencrypted bus." CAN bus doesn't implement any security features. Further, with CAN bus, it's possible to access every function of the car, including control locks, steering and brakes. All that accessibility makes CAN bus a perfect playground for hackers.

1 • 2 • 3 Next Page Last Page

Comment on "Can encrypted CAN bus secure connect..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top