Control Area Network (CAN) is the communication protocol used across a wide array of vehicles including cars, buses, and trucks. CAN lacks any built-in security features and because it is a broadcast network, any connected node can capture any message going through the network, causing vulnerability to numerous cyber-attacks including: External Attacks: Take advantage of software or hardware vulnerabilities to access in-vehicle CAN bus remotely through the vehicle wireless interface (e.g., 5G). Embedded attacks: Vulnerabilities or buggies in vehicle embedded ECU or vehicle program code (e.g., navigation).
VehChain
Leveraging Blockchain-like Concepts As A Cryptographic Solution for In-Vehicle Communication Security
VehChain Enhances Intra-Vehicle Cyber Security
VehChain is a state-of-the-art software solution for CAN Bus security to secure ECU communications against potential CAN Bus cyber attacks and vulnerabilities.
What is CAN Bus Security and VehChain?
VehChain CAN Bus Security Tests on Security Hacking and Protection
VehChain Key Features
VehChain: A Blockchain-reminiscent Intra-Vehicle Communication Security for SAE J1939 and CAN 2.0
As a Blockchain reminiscent cybersecurity solution, VehChain implements firmware-based hash-chain cryptographic technique in aspects of payload encryption, message authentication, node integrity verification, and cyber resilient recovery for the real-time safety-critical CAN Bus to provide a means for intra-vehicle communication cybersecurity. It effectively protects vehicle computers, networks, programs, and data from unintended or unauthorized access, change, or destruction.
VehChain Technical Specs
To reduce communication overhead and latency, VehChain is designed based on the nature of CAN Bus, i.e., messages are broadcasted, nodes have no identifiers, and the frame identifier determines the specified node. Distributed message validation at each node secures the CAN bus through MAC, encryption, and key generation reminiscent of Blockchain technology. Each cryptographic key is tied to the CAN frame’s identifier, hash (plain-text payload), and hash (previous key). To provide resiliency from corrupting messages, a reboot-based recovery approach utilizes CAN's built-in error handling mechanism. Hence, it mitigates the effect of attack propagation bus for ensuring the operational safety, security, and continuity.
- Pluggable software solution installed/updated with Firmware
- CAN Bus data frame confidentiality, integrity, hash keys, traceability, recoverability, and synchronization
- No modification of CAN BUS protocol (e.g., CAN 2.0, J1939)
- Fully distributed and no single point of failure against cyber attacks
VehChain: Secure CAN Bus Vehicle Communication Demo
VehChain Demonstrates Real-time CAN-bus Security Protection for Communications
VehChain Case Studies
In collaboration with U.S. Army Small Business Innovation Research (SBIR)/Small Business Technology Transfer (STTR) program, InfoBeyond is developing an intra-vehicle cybersecurity program for validating communications between trusted and entrusted vehicle control systems. Our proposed VehChain system effectively secures, authenticates, and responds to threats in a distributed way. Once the technology is matured, researched, and developed, VehChain can be transitioned to integrate in the:
- Commercial and Electric Vehicles
- Department of Defense (DOD)
- Aviation Industry
- Energy and Power Grid
Commercial and Electric Vehicles
Modern commercial vehicles also rely on CAN Bus protocols to keep everything running and communicating properly internally in the car. Therefore, they are susceptible to cyber-attacks similar to military vehicles. For example, a hacker can get access to a commercial vehicle CAN Network by simply tapping into the headlight wires and injecting malicious commands into the network that allows them to take control of the vehicle by falsifying the presence of a key and driving off. These attacks have become increasingly more common in today’s world, especially with the growing presence of fully electric vehicles (EVs). EVs The typical EV is equipped with approximately 3,000 chips, surpassing the count found in non-electric vehicles by more than twofold, thus significantly increasing its susceptibility to cyber risks stemming from the software embedded within these chips.
For this reason, InfoBeyond Technology has tested and implemented VehChain using the S32 microcontroller for the automotive market. S32 series from NXP includes S32K Automotive General-Purpose Microcontrollers that deliver quality, reliability and safety for challenging environments found in industrial, automation, communications, transportation, medical and A&D applications. It also includes S32E Real-Time Processors which are ideal for EV control and smart actuation. We have successfully enabled the VehChain algorithm in the S32K144, allowing it to effectively encrypt and decrypt data during communication through CAN 2.0 protocol with the PIC32 microcontroller.
Department of Defense (DOD)
With support of the U.S. Army SBIR/STTR program, the VehChain solution can be available for transition, commercialization, and integration into military vehicles. For example, InfoBeyond could collaborate with Army’s Program Executive Office of Ground Combat Systems (PEO GCS) and Program Executive Office, Combat Support & Combat Service Support (PEO CS & CSS) to implement VehChain’s security on ground systems like Self-Propelled Howitzer System (SPHS), Mounted Armored Vehicles (MAV), Main Battle Tank Systems (MBTS), Stryker Brigade Combat Team (SBCT), Robotic Combat Vehicles (RCVs) and the Joint LIght Tactical Vehicles (JLTVs). VehChain also could aid the U.S. Army Engineering and Support Center (USACE) to mitigate risks of their connected vehicles and other equipment being vulnerable to cyber-attacks.
VehChain is not limited to integrating with just Army intra-vehicle control systems. It also can serve as a security mechanism for Air Force, Navy, and other DoD missions. For example, VehChain can protect naval aviation aircrafts, manned/unmanned aerial vehicles and weapons, and sea/ground missile defense systems.
Aviation Industry
The aviation industry, commercial and defense, also relies on CAN Bus protocols to interconnect the engine, navigations, flight controls, control surface actuations, radar, and other avionic units. As ground vehicles, the cybersecurity in avionic CAN-Bus communications can be originated from external cyber-attacks or inherited from internal vulnerabilities (e.g., embedded malicious code). In 2016, a cybersecurity researcher shows the hack into a commercial aircraft and gain access to the avionics to disrupt the control. In 2019, it was reported that Boeing had discovered a cybersecurity vulnerability in its 787 Dreamliner aircraft that could potentially allow a hacker to access the aircraft’s critical systems.
In 2019, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have warned of insecure CAN bus network implementations affecting aircraft where engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. These falsified readings could cause the pilot to lose control of the aircraft. VehChain can be adapted to encrypt CAN messages on aircraft to mitigate an attack of this nature from taking place.
Energy and Power Grid
Modern power grids rely on SCADA CAN Bus systems (e.g. Power lines, transformers) to maximize efficiency. These grids’ CAN Network can be compromised causing devastation to the national economy. VehChain can protect safety-critical CAN-Bus controls implemented in energy producing plants by means of CAN validation and resiliency against potential attacks.
Contact Us
Do you want to build a live testbed or demo on your Vehicle or CAN Bus System? We are happy to partner with manufacturers and/or OEM (i.e., Original Equipment Manufacturer) vendors and transition the VehChain security to your customers through your products. If interested, please contact us.