Layered approach needed
The lack of security solutions for ECU networks poses a real safety problem, he said, because CAN networks are directly tied to a vehicle’s actuation — brakes, steering, etc. By his count, “85 percent of actuation occurs on the CAN networks.”
Without authentication, encryption or cryptographic key management, the CAN network is the weakest link in the entire security chain, he stressed.
To protect cars from hackers, the automotive industry needs a layered approach, noted Uze.
First, if authentication is done on the network, it allows only a legitimate member to participate in CAN bus communications, said Uze.
Second, by adding encryption to a CAN bus, a rogue message, in order to be recognized as legitimate, would have to emulate everything from encryption to key exchange and authentication code.
The third element is an asymmetric solution for key exchange. When all legitimate members on the network – 50 ECUs, for example – are white-listed, then when the 51st pops up, “you know it isn’t legitimate.”
Trillium, a two-year-old start-up founded by Uze in Japan, has developed a technology called SecureCAN — “a CAN bus encryption and key management system for protecting payloads less than 8bytes.”
Historically, the assumption among automakers and tier ones was that protecting the CAN bus is impossible, due to limits in the ECU’s processing power and in-vehicle bandwidth.
With SecureCAN, Trillium claims it can offer authentication, encryption or cryptographic key management to the CAN bus. No other technology company is offering this yet.