SnS for CAN/FD BUS , ARINC-825-4
Safe and Secure Technology CAN/FD BUS and ARINC-825-4
CAN bus, CAN-FD and ARINC-825 interfaces are used on military ground vehicles, commercial cars and trucks, military and commercial aircraft and a variety of industrial applications. Sital Technology’s Safe and Secure (SnS) technology satisfies the needs for cyber authentication, along with providing the capability to detect and locate electrical faults in CAN data buses on a continuous basis. In addition, Sital’s SnS includes functionality to provide denial of service (DoS) protection for CAN bus transmitters.
In approximately the first four seconds following power-up, Sital’s SnS sensor undergoes a learning” process performs continuous physical layer monitoring of received signals from all nodes on the bus. Out of this, the sensor and API software compute the “fingerprints” or “signatures” for all nodes on the data bus. Following that, the sensor monitors all received messages and looks for instances where message’s fingerprints don’t match the expected fingerprint.
These mismatches indicate either a cyber “spoofing” (or impersonation) authentication violation or an electrical fault condition. The latter includes intermittent or continuous open or short circuits in either the bus cable, a stub cable, connector, LRU or bus termination. Further, the SnS is able to determine the specific type of open or short circuit, along with its approximate location.
Following detection of either a cyber authentication violation or an electrical fault condition, the SnS API will immediately inform the application software about the detected condition. In either case, it is then up to the system’s “security playbook” software to take the appropriate system-level action.
Further, for CAN bus and ARINC-825, Sital provides denial of service (DoS) mitigation. This feature provides a low-level hardware means for preventing CAN bus nodes from transmitting continuously on a CAN bus. This guarantees that a node on a bus is running malicious or erroneous software, it can’t “take over” all bus bandwidth. As a result, this feature allows all nodes on a bus the opportunity to transmit.
CAN Bus/ARINC-825-4 Safe and Secure (SnS)
- “Fingerprinting” process
- First ~4 seconds after power-up
- Characterize all transmitters’ parameters
- Monitoring Mode: cyber authentication and electrical fault detection
- Check all messages’ parameters, compare to fingerprint parameters
- Detect intermittent or continuous open or short circuit faults
- Mitigate against malicious hacking and software bugs
- Detect unauthorized transmitters
- If detect spoofing/impersonating nodes, notify host
- Host activates “security playbook”
- Denial of Service (DoS) mitigation for local transmitters
- Monitor entire CAN bus from one node
Sital CAN and ARINC-825 IP Cores, including for CAN bus/ARINC-825-4 Safe and Secure (SnS) IP Core
- Compatible with CAN, CAN 2.0, CAN-FD, ARINC-825-4, ISO-11898-5, CAN 2.0, CAN-FD, ARINC-825-4, CAN Aerospace Standard, CANopen, SAE J1939, and DeviceNet4 standards
- Data rates up to 4 Mb/s – 8 Mb/s capable with different transceivers
- CAN-FD/ARINC-825-4 Physical Layer Bit Decoding and Arbitration
- Reconcile reduced ratio between bit length and loopback time
- Different speeds for arbitration and data transfer
- Speed constraints: cable length, transceiver delays and rise/fall times
- 11-bit and 29-bit Message_IDs
- Additional header fields: Modified DLC field; FDF, IDE, RRS, BRS and SRR bits
- 64-byte data fields
- 21-bit CRC
- Standard, Extended and Remote frames supported
- 8 maskable identifier filters, with filtering based on Message ID and first two data bytes
- Loopback mode for self-test
- Monitor (Listen-only) and Low Power Sleep Modes with automatic wake-up possible
- 8-message Transmit and Receive FIFOs
- Internal 16-bit free running counter for time tagging of transmitted or messages
- Re-transmission enable/disable capability
- Transmit Enable pin
- Option for DO-254 DAL A certifiable IP, DO-178 DAL A certifiable software
- ARINC-825-4/CAN bus – Frame Sequencing
- Schedule transmission of synchronous messages in minor frames
- Based on user-defined programmed message periodicities (frame rates)
- User loads message data to FIFO asynchronously for transmission
- Sequencer automatically schedules message for transmission
- User can enable/disable individual messages
- Enables asynchronous message transmission during scheduled messages idle times
- Schedule transmission of synchronous messages in minor frames
- Health Status Features
- Periodic Health Status Message (PHSM) – implemented by both hardware and software
- Implement counters in hardware:
- NB_ERR_RX: # detected receive errors
- NB_ERR_TX: Total number of detected transmit errors, other than acknowledgement errors
- NB_ERR_ACK: Total number of detected Acknowledgment Errors
- ERR_STATES: This parameter consists of two fields: Receiver Error State (bits 4-7) and Transmit Error State (bits 0-3). One byte read to determine range of error status/count (Disabled, Off, 0-96, 96-127, ≥128
- Management Information Base Counters – if needed, could collaborate on definition
CAN Sequencer GRIP and PhysiCAN SnS GRIP Boards
- USB host interface
- CAN Sequencer GRIP:
- Send and receive CAN messages
- Includes all features except Safe and Secure (SnS)
- Windows API/library/driver
- PhysiCAN SnS GRIP:
- Includes all capabilities of CAN Sequencer GRIP + Safe and Secure
- Configuration GUI for Safe-and-Secure operation
- Enables configuring for bus and star CAN topologies
- Provides real-time indications of intrusion detection (cyber authentication violations)
- Provides real-time indications of detected intermittent electrical faults + approximate location
- Comes with Windows GUI setup and monitoring software
