Embedded Systems Academy

This year, Nuremberg’s doors open for the Embedded World (#ew24) from April 9th to April 11th. From EmSA, Peter, Chris and Olaf will be at the event all three days. If you want to talk to us about topics like CAN, CANopen, J1939 and CAN security, meet us at the booth of Peak-System, hall 1, booth 304.

As every year, the conference also features a CAN session. This year it is session “SESSION 2.2 CONNECTIVITY SOLUTIONS | CAN” (April 9th, starting at 1:45PM) with the following presentations:

Thilo Schuhmann: Standardized Cybersecurity in CAN-Based Systems

This paper concentrates on cybersecurity requirements specific to embedded systems employing Controller Area Network (CAN) communication, encompassing CAN, CAN FD, and the emerging CAN XL. Our primary focus lies on CAN XL, which incorporates CANsec, a data link layer add-on facilitating message authentication and encryption,in the data plane. In the control plane the specification of the CANsec Key Agreement protocol (CKA) is defining for key exchange and agreement mechanisms to allow broadcast communication for the authenticated and encrypted messages.

Reiner Zitzmann: Improved Network Start-up for Dynamically Changing Embedded CAN Systems

Controller Area Network (CAN) networks often serves as the conduit for data exchange; on the very deeply embedded level. Devices, connected to these embedded networks may be dynamically added or removed, by the end user. Thus these devices need to show a certain degree of plug and play behavior. Host controllers must have the ability to rapidly identify these devices. Unlike current implementations, the enhanced Layer Setting Services (LSS) enable CAN/CANopen devices to convey their identity to the host controller or LSS manager. This eliminates the need for laborious searches to determine the presence and type of newly added devices. The presentation shows the functioning of the improved Layer Setting Services, and practical use cases.

Olaf Pfeiffer: Collaborative Design of Security Measures for CAN and CANopen Systems

The rise of connected devices in the embedded world has intensified the need for strong security measures, especially in Controller Area Network (CAN) and CANopen systems. These technologies are crucial in a wide range of applications such as industrial automation, automotive systems, and medical equipment. Given the limited resources available in CAN protocols, security often becomes a challenging aspect to address effectively. This paper presents a joint project between Hochschule Offenburg and Embedded Systems Academy, focusing on overcoming these security challenges.
We argue that collaboration among multiple partners is essential for the design and implementation of effective, robust security measures. Our proposed security framework brings together expertise from various stakeholders to identify vulnerabilities, assess potential threats, and formulate countermeasures. A significant aspect of our project is the aim to standardize these security measures through the CAN in Automation (CiA) organization. This makes the security framework transparent and open for public review.
The framework is optimized for CANopen but can also be used by CAN, CAN FD, CANopen FD and other higher-layer protocols.
This paper will outline the architecture of our security framework, showing its applicability to a broader range of CAN or CANopen based applications.

You can’t make it to Nuremberg?

For the latest news and developments in CAN, CANopen and CAN Security, follow us here: https://www.linkedin.com/company/embedded-systems-academy/

For more info on these topics, also see our video collection at https://www.em-sa.com/video

Over the last years we published more than 50 articles, papers, books, webinars and we also continuously updated our training materials. However, some of the training material and especially scientific papers only reach a small percentage of the embedded community. Therefore we decided to publish more free educational videos to reach more of you. As a start we created several playlists on our EmSA Youtube channel. These include:

• CANopen FD Intro:
  Introductory videos to CANopen FD, also covering some basics like an introduction to the CANopen Object Dictionary concept
• CAN (FD) Security:
  Video collection about CAN and CAN FD security challenges and solutions
• MCUXpresso Middleware:
  Video collection about NXP’s MCUXpresso and CANopen libraries included

We plan to publish more videos in the upcoming month, further focusing on CAN, CAN FD, CANopen, CANopen FD topics including introductory videos as well as in-depth technology classes.

Please subscribe to the channel to stay informed about new videos published.

This year we present multiple papers at the upcoming Embedded World (25th to 27th of February in Nuremberg, Germany) and the international CAN Conference (17th to 18th March in Baden-Baden, Germany). Chris and I will be talking with our partners of NXP Semiconductors, PEAK

-Systemtechnik and the Hochschule Offenburg about CAN (FD) security and CANopen (FD) Smart Bridging. In our security papers, we examine how different existing and CAN capable security methods can best complement each other. With SmartBridgingFD we show how classical CANopen devices or networks can easily and transparently be mixed with newer CANopen FD installations. As classical CANopen and CANopen FD are not compatible on the bitrate level, they can not share the same CAN wiring. However, the SmartBridgeFD allows combining classical CANopen and new CANopen FD networks into one large logical network.

At the Embedded World, you can see the SmartBridgeFD integrated into the CANopen FD demonstrator at the CiA booth (hall 1 booth 630). Another of our CANopen (FD) demos will be displayed at NXP Semiconductors (hall 4A booth 220), as our CANopen software is now part of NXP’s latest SDK. Our CAN hardware partner PEAK Systemtechnik is in hall 1 (booth 483).

The Embedded World conference program is now online, we are in Session 2.1. The program for the international CAN Conference is here, our papers are in Session IV and VII.

With every start of a new year, those preparing for the Embedded World and its conference in Nuremburg get busy – so do we. This year our tutors and partners present several papers, mostly around CAN (FD), CANopen (FD) and security issues. Over the last year it became clear that in embedded communication there are a variety of attack vectors as illustrated in the figure right. For protection, security is required on multiple levels, preferably at every network layer.

Find some recommended classes below. The full program is available here.

Tuesday 26th, from Communication – CAN

09:30 – 10:00 / Troubleshooting in Embedded Networks Based on CANopen FD
Reiner Zitzmann, CAN in Automation

10:00 – 10:30 / Automated Node ID Assignment in CAN and CAN(FD) Networks
Christian Keydel & Olaf Pfeiffer, Embedded Systems Academy

10:30 – 11:00 / Signal Improvement Concept for CAN FD Networks
Yao Yao, CAN in Automation

Tuesday 26th, from HW-based Security

12:00 – 12:30 / Extend MCU Security Capabilities Beyond Trusted Execution with Hardware Crypto Acceleration and Asset Protection
Saurin Choksi, NXP Semiconductors

15:00 – 15:30 / Methods for Provisioning Security Features in a Cortex-M33 based MCU Using A Physically Unclonable Function
Rob Cosaro, NXP Semiconductors

Wednesday 27th, from Architectures & Hacking

16:30 – 17:00 / Securing all Network Layers of CAN (FD) Communication
Olaf Pfeiffer, Embedded Systems Academy
Andreas Walz, Offenburg Univeristy

Meet us at Embedded World

During the show, you will find our tutors either at the CiA booth (hall 1, booth 630) with the CANopen FD Demonstrator or at the NXP booth (hall 4A, booth 220) featuring a Multi-Layer CANopen FD Security Demonstrator.

Visit us in Nuremberg for the 28th international exhibition for Electric Automation, Systems and Components, the “sps ipc drives 2017”. The show is open from November 28th to 30th, 2017. Our software and solutions are shown on two displays at the NXP booth and the CiA (CAN in Automation) booth.

Our display at the NXP booth (Hall 10.1, Booth 325) focuses on CAN FD and security. The new features of CAN FD (bigger message frames, higher bit rate) are used to implement a more efficient and secure bootloader based on CANcrypt and AES based authentication and encryption. Join us for an informal lunch & learn session about CAN FD on Tuesday or Wednesday starting at noon (for about 45min) in the NXP on-site meeting room. Seats are limited, please register here to join.

Our display at the CiA booth (Hall 2, Booth 300) focuses on CANopen FD. A multi vendor demo setup shows one of the many new features available with CANopen FD: segmented broadcast. This transfer mode supports sharing data blocks (for example tables with data of drive acceleration ramps) instantly among multiple participants. In the demo, the data exchange is visualized using graphics, which are shared among multiple nodes.

Contact us, if you still need tickets for the event or if you would like to set an appointment to discuss your CAN FD / CANopen FD / CAN security requirements.

The CiA (CAN in Automation) user’s group released the presentation videos of the iCC 2017. Besides the keynote by Holger Zeltwanger there are three more presentations that we would like to highlight here in our blog:

Andrew Ayre and Olaf Pfeiffer (both ESAcademy): Automated trace analysis for testing of CANopen devices

This paper presents a summary of the debug information extractable from CANopen trace recordings. The functionality described in this paper are implemented in our Logxaminer software.

Olaf Pfeiffer (ESAcademy): Scalable security for CAN, CANopen, and other CAN protocols

This paper describes the main functionality of the CANcrypt security framework described in our book “Implementing Scalable CAN Security with CANcrypt”.

Bernhard Floeth (Opel) and Olaf Pfeiffer (ESAcademy): Using an enhanced condensed device configuration file format for CANopen boot-loading and/or device testing

This paper presents the enhanced CDCF player integrated in our free CANopen File Player and CANopen Diag projects. It supports spreadsheet based (.csv) Object Dictionary access with active flow control.

For a complete list of all available videos, go to: www.can-cia.org/services/conferences/icc

This spring, the tutors of ESAcademy present five CAN and CANopen related papers at the 16th international CAN Conference and the Embedded World Conference 2017.

16th iCC, 7th to 8th March 2017 in Nuremberg
www.can-cia.org/services/conferences/icc/icc-2017/

Bernhard Floeth (Opel) and Olaf Pfeiffer (ESAcademy):
Using an enhanced condensed device configuration file format for CANopen boot-loading and/or device testing
This paper presents the enhanced CDCF player integrated in our free CANopen File Player and CANopen Diag projects. It supports spreadsheet based (.csv) Object Dictionary access with active flow control. (Tuesday, March 07, 2017, Session II)

Andrew Ayre (ESAcademy):
Automated trace analysis for testing of CANopen devices
This paper presents a summary of the debug information extractable from CANopen trace recordings. The functionality described in this paper are implemented in our Logxaminer software. (Wednesday, March 08, 2017, Session VII)

Olaf Pfeiffer (ESAcademy) and Christian Keydel (ESAcademy):
Scalable security for CAN, CANopen, and other CAN protocols
This paper describes the main functionality of the CANcrypt security framework described in our book “Implementing Scalable
CAN Security with CANcrypt”. (Wednesday, March 08, 2017, Session VIII)

Meet our tutors at our tabletop display table at the conference.

Embedded World Conference 2017, 14th to 16th March 2017, Nuremberg
www.embedded-world.eu/program.html

Christian Keydel (ESAcademy):
Secure CANopen (FD) Bootloading
This paper shows how to adapt the security mechanisms introduced by CANcrypt to CANopen, CAN (FD) and bootloading. (THURSDAY, MARCH 16, 2017, Session 25/I)

Olaf Pfeiffer (ESAcademy):
CiA 447, the CANopen Standard for After-Market Automotive Applications
This paper summarizes the key features of the CANopen application profile CiA 447. These include wake-up and sleep mechanisms as well as plug-and play functionality. (THURSDAY, MARCH 16, 2017, Session 25/II)

Meet our tutors at the PEAK System booth (Hall 1, Booth 1-483)

We look forward to meeting you

The 15th international CAN Conference took place in Vienna on October 27th and 28th 2015. On two days, a total of 23 papers were presented. Topics included current application examples, security and IoT (Internet of Things)  issues and “everything” CAN FD (Flexible Data Rate) related. CAN FD with its increased data rate was the major topic of this conference, many papers were directly related to it.

As CAN FD is not backward compatible to CAN, one of the session topics was migration from CAN to CAN FD. Mixing CAN and CAN FD controllers is only possible if the CAN FD messages are hidden from the CAN controllers as they would generate error frames upon reception. One approach is using partial networking transceivers where traditional CAN controllers are put to sleep during CAN FD communication. After seeing a specific sleep message, transceivers for partial networking can keep the connected CAN controller in sleep mode until a specific wake up message is received – no other message on the network causes a wake-up.

NXP presented a paper about their “FD Shield” transceiver. This transceiver is used to connect legacy CAN controllers to a CAN FD network. The CAN FD traffic is somewhat “shielded” from the CAN controller, only regular CAN traffic passes through but CAN FD messages are blocked as soon as they can be detected. However, there is a side effect: Each CAN FD frame on the network causes a local, not propagated receive error at the CAN controller side. As a result the CAN controller may go error passive. However, as transmits works fine, it will not go bus off and can still be used. Although not perfect, this is a quick and easy solution during a migration phase from CAN to CAN FD.

Another way to quickly connect to CAN FD networks is using Microchips external CAN FD controller using an SPI connection to the host controller. Here designers need to carefully choose the clock rate used on the serial interface side; depending on the CAN FD data rate used the SPI clock might need to be 10 or even 16Mhz. If a CAN FD data rate of 8Mbps is used, then a 10Mhz clock rate on the SPI side is sufficient to handle 100% bus load. However, the host controller of course needs to be able to handle the 10Mhz SPI traffic, too.

Other papers showed how CAN FD can be used in Linux systems, AUTOSAR and J1939, In general, the physical layout for CAN FD networks is not as flexible as it is with regular CAN. With faster bit rates ringing and reflections become more of a problem as they used to be. As usual, if an application tries to get close to the physical limits that a technology provides, more care must be taken when determining the physical layout and terminations.

With more and more CAN networks also getting some “remote access” option or even a gateway/firewall to the Internet, security of CAN networks suddenly becomes more important. In the past, CAN networks could be regarded as “closed” (inside a machinery, no remote access) so no precautions were taken in regards to security. Once a CAN network goes “online”, even if it is by the means of some firewall and even if it is only part-time, the entire security concept needs to be re-evaluated. Recent car hacks have shown that once hackers are past the firewall, they can do “anything” because there is no security layer in the CAN network.

Papers from Robert Bosch GmbH and the CiA showed some possible options to add encryption also to CAN communication, however, that directly has an impact on debugging and testing. If communication between two ECUs is secure, how do we monitor or debug it? So the debugger/tester/logger needs to part of this equation, too. It will be interesting to see where this goes, will at some point security be added to all CAN communication or will it be limit to “relevant” transmissions like commands that actually do something to the system?

Once the papers are added to the CiA’s server system, they will be available for download.

At today’s 15th international CAN conference Olaf Pfeiffer of Embedded Systems Academy presented a paper about testing of highly dynamic CANopen systems. Such systems support plug-and-play and node ID assignment by LSS (Layer Setting Services, node ID gets assigned through the network). As a result, devices may change their node ID, making tests more challenging.

One of the test utilities introduced in this paper is now available as free download from ESAcademy’s web pages. It supports the extended concise DCF (Device Configuration File) as introduced in the paper. It allows you to easily write down configuration or test sequences in a table (save as .csv) and execute them using the free CANopen File Player.

The file format, the concise Default Configuration File is part of the basic CANopen definitions and has been in use for quite some time. The extension to it is simply a definition of a set of commands introducing the option to control things like addressing specific devices (identify by CANopen Identity record 1018h) and time delays / timeouts or user interactions.

In addition, the utility can re-play previously made CAN trace recordings, supporting a wide variety of formats from Vector, PEAK and others.

For more information on the format of the extended CDCF see the manual or download the free utility.

On March 5th, ESAcademy will conduct the following classes at the iCC together with NXP Semiconductors:

08:30 to 09:30 Everything CAN and NXP CAN Controller Intro
A 30 year old technology, here to stay for another 30 years

An overview of the almost 30 year old CAN technology, where it came from and where it goes. CAN is used in many new electronic designs, also thanks to continuous advancements in CAN controller technology. Comparison of various CAN controller technologies.

09:45 to 10:30 CANopen Essence
New to CANopen? Learn the key features in just 45 Minutes

With its 4000+ pages the CANopen drafts and standards are overwhelming to newcomers. Join this class to get an overview of the common technical key features that make CANopen work.

11:30 to 13:00  Introduction to NXP CAN microcontrollers and Co-Processors
CAN controllers, CANopen Co-Processor, J1939 Co-Processor

Specialties of NXP CAN controllers and how an LPC11C24 can be used as a communication Co-Processor. Using the LPC11C24 with integrated CAN transceivers to implement a Co-Processor to implement and handle a higher-layer protocol, offloading this task from a host processor system. The host system communicates with the gateway via
UART, I2C or SPI.

Participants may qualify for a free NXP Evaluation Kit (must be present to qualify, 50 kits available).

For more information about the international CAN conference visit: www.can-cia.org