CAN bus/CAN-FD/ARINC-825 Safe and Secure
CAN bus, CAN-FD and ARINC-825 interfaces are used on commercial cars and trucks, military ground vehicles, military and commercial aircraft and a variety of industrial applications. Sital Technology’s Safe and Secure (SnS) technology satisfies the needs for cyber authentication, along with providing the capability to detect and locate electrical faults in CAN data buses on a continuous basis. In addition, Sital’s SnS includes functionality to protect against denial of service (DoS) attacks by CAN bus transmitters.
Using enhanced physical layer monitoring, Sital Technology’s Safe and Secure (SnS) technology provides continuous real time authentication, along with capability to detect and locate intermittent and continuous open or short circuit faults in CAN bus/CAN-FD/ARINC-825 buses.
Sital’s CAN bus SnS authentication sensor verifies that nodes on the bus are receiving messages from the correct transmitter associated with the respective Message ID. This is necessary to ensure the integrity of messages received by all nodes. This enables the SnS sensor to provide the required protection against “spoofing” (impersonation) attacks that can result in devastating results for vehicle safety or, for military platforms, mission execution.
Wire fault detection provides advance warnings of intermittent open and short circuit faults. If not detected and repaired early, such faults can become continuous fault conditions in CAN bus buses, stubs, connectors, bus terminators or ECUs. Early detection and location determination allows repairs to be made sooner and reduces troubleshooting and repair times. This increases vehicle availability and, for military applications, mission readiness.
In approximately the first four seconds following power-up, Sital’s SnS sensor undergoes a learning” process in which it performs continuous physical layer monitoring of received signals from all nodes on the bus. Out of this, the sensor and API software compute the “fingerprints” or “signatures” for all nodes on the data bus. Following that, the sensor monitors all received messages and looks for instances where CAN bus message’s fingerprints don’t match the expected fingerprint for the respective Message ID.
These mismatches indicate either a cyber “spoofing” (or impersonation) authentication violation or an electrical fault condition. The latter includes intermittent or continuous open or short circuits in either the bus cable, a stub cable, connector, ECU or bus termination. Further, the SnS is able to determine the specific type of open or short circuit, along with its approximate location.
Following detection of either a cyber authentication violation or an electrical fault condition, the SnS API will immediately inform the application software about the detected condition. In either case, it is then up to the system’s “security playbook” software to take the appropriate system-level action. In the case of an authentication violation, system software may choose to ignore data from the received message.
Further, for CAN bus/CAN-FD/ARINC-825, Sital provides denial of service (DoS) mitigation. This feature provides a low-level hardware means for preventing CAN bus nodes from transmitting continuously on a CAN bus. This guarantees that if a node on a bus is running malicious or erroneous software, it can’t “take over” all bus bandwidth. As a result, this feature allows all nodes on a bus the opportunity to transmit.
- For its use in automotive applications, the cornerstone of Sital Safe and Secure (SnS) technology is its FPS (Finger Printing Sensor). FPS provides the following capabilities:
- Detect cyber threats in real-time!
Scale to any car platform without complex setup times
- Protects an entire CAN bus with a single instance
- Seamlessly integrates with the overall cyber security strategy
- Locates intermittent wiring faults in real-time for cost effective maintenance
Improve vehicle worthiness
- Avoid unnecessary ECU replacement
Minimize collateral damage during repair
- Reduce warranty costs
Improve customer satisfaction and prevent buybacks
The key features of Sital’s Safe and Secure FPS include:
Real-time physical signature finger printing for CAN/CAN-FD/ARINC-825-4 buses.
- Detects unauthorized communication
Real-time IPS mode
Highly configurable for runtime setup, firmware updates and operation modes.
- Extremely robust for environmental changes
- Supports unlimited number of ECUs on each bus
- Seamlessly integrates with SoC FPGA platforms and other security measures
- Diagnose intermittent physical automotive control bus during real time vehicle operations