Embedded Systems Academy

Latest cybersecurity acts and regulations now expect a Defense in Depth approach. As our figure illustrates, several protection layers can be applied to CAN-based systems. With our CANcrypt/SPsec solution we offer cryptographic protection just above the data link layer. For many applications, however, the CANopen higher-layer protocol still needs cybersecurity of its own.

EmSA has been working on exactly that, and we want to share where it stands. Two white papers set the foundation. EmSA-WP-104 covers key provisioning for minimal fieldbus systems, and EmSA-WP-105 describes SOFA, our Secure Object Fieldbus Access method. Together they define how base keys are provisioned and how a per-transfer challenge-response, FBsec, authenticates each access. The idea is deliberately simple to adopt. Security lives in new, secure Object Dictionary entries that run entirely above the application layer. A secure entry mirrors existing data into an authenticated object, so a client can read an authentic device identity or a server can accept only an authentic write. Reads and writes are authenticated and encryption is optional. Because nothing inside the CANopen stack has to change, the method ports to existing CANopen CC and CANopen FD devices with little effort. The practical payoff shows up in everyday operations. A client can read an authenticated 1018h identity record. A server can accept a concise Device Configuration File only when it is authentic. A single secure 32-bit function code can activate a bootloader, lock write access to selected entries or authenticate Network Management (NMT) commands.

To make these features interoperable across vendors, we are working with CiA standardization groups to define common objects for security methods and configurations, so the same entries are available regardless of device or application profile.

We have gathered the full picture on a new web page at https://can-security.net, where you can follow the work as it develops.

A beta of our open-source reference implementation is available on request.