Security

Use Message Authentication Codes (MACs) to verify the authenticity of messages sent over the CAN bus. A MAC appends a cryptographic signature to each message, allowing ECUs to verify the source of the message

HMAC (Hashed Message Authentication Code) can be implemented to ensure data integrity and authentication between ECUs

Use CANcrypt: A lightweight protocol that provides authentication and encryption for CAN communication.

Encrypt CAN messages to protect data confidentiality. Although traditional CAN buses have limited bandwidth, lightweight encryption algorithms like AES-128 can be implemented with minimal overhead. The challenge here is that encryption adds latency and computational overhead, so only critical messages should be encrypted.

Implement a secure CAN gateway that acts as a firewall between different parts of the in-vehicle network. The gateway can filter messages, block unauthorized traffic, and enforce access control policies.

It isolates sensitive CAN buses (e.g., powertrain) from less critical buses (e.g., infotainment) to prevent attacks from spreading across the network.

Implement an Intrusion Detection System (IDS) that monitors the CAN bus for anomalous traffic patterns, such as unusually high message frequency or unauthorized messages. The IDS can trigger alerts if abnormal activity is detected.

CAN IDS can be signature-based (detecting known attacks) or anomaly-based (identifying deviations from normal traffic behavior).

Use rate limiting to prevent any node from flooding the bus with messages.

Implement message filtering at the ECU level or in the CAN gateway to drop suspicious or irrelevant messages before they reach the critical components.

Use Transport Layer Security (TLS) for secure communication between components over Ethernet. TLS provides encryption, integrity, and authentication, protecting data in transit from eavesdropping or tampering.

Implement MACsec (Media Access Control Security) at the data link layer for encryption and authentication of Ethernet frames. MACsec secures point-to-point Ethernet connections and is highly efficient for in-vehicle networks.

Use VLAN segmentation to isolate different types of traffic (e.g., infotainment, ADAS, diagnostics) into separate virtual networks. This segmentation limits the spread of an attack if one network segment is compromised.

Critical systems (e.g., powertrain or safety systems) can be separated from less critical systems (e.g., infotainment) using VLANs and secured gateways.

Implement secure boot to ensure that the ECUs only load trusted, authenticated firmware.

Use Secure Over-the-Air (SOTA) or Firmware Over-the-Air (FOTA) updates with encryption and digital signatures to protect against tampering during software updates.

Deploy firewalls at the gateway level to filter unauthorized or malicious traffic. The firewall can enforce access control lists (ACLs) that only allow legitimate traffic to pass through.

Gateways can monitor network traffic, blocking suspicious packets based on predefined security rules.

Implement an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) that can analyze Ethernet traffic and detect suspicious behavior. This system can alert you to potential breaches and even take preventive actions (in the case of IPS) by dropping malicious packets or blocking unauthorized devices.

Use Network Access Control (NAC) mechanisms to authenticate and authorize devices before allowing them access to the Ethernet network. NAC ensures that only trusted ECUs or external devices (such as diagnostics tools) can connect to the vehicle’s Ethernet network.