NXP introduces new CAN Transceiver family that secures CAN communications without cryptography

NXP Semiconductors announced a CAN transceiver family that offers a seamless, efficient solution for secure CAN communications without requiring software or cryptography.

A large amount of data exchanges takes place across CAN networks and with the number of automotive electronic equipments rising this is only going to increase. Since CAN is a robust multi-point connection network and most data communication within the vehicle is unsecured, a single compromised ECU has direct access to connected ECUs.

Security solutions on the market today protect CAN communication with message authentication code (MAC) based on cryptography and complex key management, but they require increased CAN bus load, message latency and computing power consumption. Moreover, existing ECU designs cannot be easily upgraded to support secure CAN messages if the processors do not have sufficient compute power.

With secure CAN transceivers, however, automakers can secure messages from the ECUs already used in the design, offering a simpler, faster rollout of security than it would take to transition the existing ECUs to secure ones. A pure transceiver based solution for the CAN network developed by NXP offers security without bandwidth overhead, delays and processor load. This approach complements crypto-based security solutions with an additional layer in a Defense-in-Depth (DiD) concept, or as a standalone option.

Security features of the secure CAN transceiver

  • Spoofing prevention on transmit side: Designed to protect the CAN bus from a compromised ECU by filtering messages based on CAN message IDs in the transmit path. If the ECU tries to send a message with an ID that is originally not assigned to it, the secure CAN transceiver can refuse to transmit it to the bus.
  • Spoofing prevention on receive side: A complementary protection is used to invalidate messages on the bus with a CAN message ID assigned for transmission. This method means each ECU has the ability to protect its own IDs in the eventuality that a rogue ECU manages to send a message with the same ID.
  • Tamper protection: Invalidating messages on the CAN bus can be used to prevent tampering, offering a clear sign of a compromised ECU has stepped into the transmission.
  • Flooding prevention and rate limit control: Limiting the number of transmitted messages per ECU from the sender side at any time, helps prevent flooding the bus but leaves the busload open for certain types of critical tasks.

Related Articles