Safety/Security Co-Design

CAN is probably the most successful bus in the automotive domain, especially, due to its low cost and robustness. However, with increasing connectivity, there is a need to encrypt data to avoid attacks such as Spoofing and Sniffing. This ends up exposing CAN’s severe limitations. In particular, each encrypted message requires sending two frames due to the restrictive payload in CAN. Moreover, each frame of an encrypted message undergoes a separate arbitration process which negatively impacts timing and makes it difficult to meet deadlines.

To work around this problem, we propose a technique that consists in assigning different priorities to encrypted CAN frames so as to compensate for increased delay. The basic idea is that, once the first frame of an encrypted CAN message wins arbitration, its second frame will always win arbitration within a specified scope and can be sent with lesser delay. We have conducted experiments on real hardware and performed extensive simulations indicating that the proposed technique reduces transmission delay to one half or even one third compared with the standard approach allowing us to still meet typical automotive deadlines on an encrypted CAN bus.