can-newsletter.org – Semiconductors

0

The UNECE (United Nations Economic Commission for Europe) requires cybersecurity for road vehicles. In order to protect the CAN network from compromised ECUs (electronic control units), a CAN transceiver with built-in security features can be used. This avoids the complexity of end-to-end security solutions, which are particularly difficult to implement on commercial vehicles.

(Source: Adobe Stock/NXP)

The full article is published in the September issue of CAN Newsletter 2022 magazine. This is just an excerpt.

Commercial road vehicles are the backbone of the modern consumer economy. Almost every business, from construction to energy to online retail, at some point depends on the delivery of goods by commercial vehicles. These commercial vehicles are in turn increasingly connected both to the outside world and to each other via telematics. This enables commercial vehicle owners to optimize and manage their fleets via platoons to improve safety and efficiency as well as reducing costs and fuel consumption to meet increasingly stringent fuel requirements. CO2 emissions made necessary by climate change. However, increased connectivity leads to increased cyberattack surfaces and commercial vehicle fleets are prime targets for cybercrime due to the high value of the cargo they carry and their importance to large businesses and the economy. economy in general.

Securing CAN Networks in Commercial Vehicles with NXP Secure CAN Transceivers (Source: NXP)

Remotely scalable cyberattacks have significant negative impacts

While commercial vehicle manufacturers are aware of and prepared for the risk of physical attacks, usually carried out on a vehicle, such as odometer manipulation or theft, they may risk being taken by surprise by the scale and impact of what is possible with remote cyberattacks. . Remote security breaches have been shown to impact vehicle safety, leading to the recall of millions of vehicles. Hackers can exploit a vehicle’s wireless network or Internet connection to gain access to the vehicle’s communication network and compromise security to gain access to a vehicle’s Controller Area Network (CAN) and support remote management of the vehicle while it is in motion. Modern commercial vehicle ECUs run on millions of lines of code, which opens up vulnerabilities to compromise them. Even conservative estimates predict a bug every 1000 lines of code. A range of activities can then be carried out with malicious intent, from fraudulent manipulation of data to complete control of safety-critical functions such as steering, acceleration and braking. Location and theft are also potential motivations for hackers to inject malicious CAN data frames into the CAN network.

Long-lived platforms, integration of multiple subsets, software complexity for end-to-end security, lack of a secure communication standard, cost and compliance pressures cyber regulations are among the challenges facing commercial vehicle manufacturers (Source: NXP) /figcaption>

UNECE R155 – Mandatory Cybersecurity Compliance

Increased connectivity leads to an increased risk of malicious cyberattacks. These risks are relatively new to commercial vehicles and industry experts are investigating several approaches to mitigate these risks. However, regulators such as UNECE already expect that it is no longer a question of whether there is an attack, but when there is an attack on a network of vehicles. This resulted in the mandatory R155 cybersecurity compliance regulation. It initially applies to new types of vehicles but will then apply to all vehicles in circulation, reinforcing the sense of urgency for the implementation of cybersecurity measures within vehicles that will be circulating in one of the 54 countries party to the agreement. The R155 has explicit requirements such as “The vehicle must verify the authenticity of the messages it receives” because in CAN data link layer communication the sender is unknown and the intended receiver acts on a frame of CAN data it receives, even if it is spoofed. Other requirements are important for security, such as “Measures to detect and recover from a denial of service attack shall be employed”, as a blocked CAN network could prevent the timely transmission of control and critical messages for the safety. It is therefore important not only to detect attacks and implement fixes to prevent them from happening again, but also to find ways to prevent them from causing damage in the first place.

Lack of secure communication standard

Several OEMs (Original Equipment Manufacturers) that manufacture passenger vehicles protect their CAN network through Autosar SecOC’s secure in-vehicle communication implementation. However, commercial vehicles use the CAN-based SAE J1939 upper layer protocol, which does not yet provide standardized cybersecurity measures. For example, there is no way to authenticate the origin of the message. Efforts are underway to achieve a secure communications standard for J1939, but there are still several months to finalize.

Long-lived platforms with legacy ECUs and architectures

Eventually there will be a secure communication standard on J1939 called J1939-91C. However, the implementation would require microcontrollers supporting cryptographic functions. Since most commercial vehicles have a long lifespan once released, there are usually several microcontrollers without the required security functions, not only the most advanced ones for hardware acceleration of cryptographic key generation, but also the more basics of modern microcontrollers such as secure boot. Another vulnerability related to the long lifespan of commercial vehicle platforms is that these architectures were not designed with safety as a priority. As a result, they lack sufficient network separation between individual CAN branches, leaving a larger footprint of vulnerable devices in the event of an attack. To be able to effectively implement such a secure communication standard once released would still require a major overhaul of the in-vehicle network to implement it. Additionally, there is a lot of know-how and infrastructure that will need to be in place before the standards are widely adopted within the supply chain. This would still be beyond the reach of small truck and bus OEMs.

Custom security solutions are complex and prohibitively expensive

As owners of in-vehicle security, some passenger vehicle manufacturers choose to secure their networks with custom security implementations despite the large one-time expense due to perceived security benefits. However, implementing a custom end-to-end security solution is a challenge for commercial vehicle OEMs, as they do not build the whole truck themselves, but put together different sub-assemblies that are integrated to the vehicle. Cryptographic security solutions that require complex software implementations can also be difficult for the commercial vehicle manufacturer’s security teams to coordinate among their vast array of vendors. It would be an integration and testing nightmare. Additionally, most small OEMs purchase off-the-shelf solutions, leaving little room for the Tier I vendor to undertake such one-off security projects.

The TJA1152 secure CAN transceiver has a sleep mode and the TJA1153 supports sleep mode; both are ISO 11898-2:2016 compliant. The block diagram shows a secure CAN transceiver. (Source: CiA/NXP)

Open architectures

Commercial vehicles are susceptible to malicious access to the vehicle network due to the way they are built. Since a single commercial vehicle chassis can be transformed into several different variants, this means that the CAN network can very well come to the outside of the vehicle, for example to establish the connection between the vehicle chassis and a trailer. These could become easy entry points for malicious hackers. As the vehicle is assembled from different sub-assemblies, suppliers must be able to secure each sub-assembly’s network locally and independently, so that when they come together at the OEM, no additional security vulnerabilities is not introduced.

Affordable security is a must

Last but not least is the business aspect of implementing security measures. Although there are growing numbers of commercial vehicles on the road, driven by demand from industries such as construction and e-commerce, the numbers are still well below those of passenger cars. This puts considerable pressure on the development costs of commercial vehicles. Commercial vehicle security solutions must therefore not only be easy to implement, but also affordable. The lack of an easily implementable secure communication standard, durable platforms with legacy components, deployment in a complex production hierarchy, open architectures for functional integration, and pressure on development costs require a affordable solution that is easy to configure, integrate and validate.

But if you want to read the entire article, you can download it for free or you can download the entire magazine.

cw

Share.

Comments are closed.