Diese Website verwendet Cookies, um das Angebot nutzerfreundlicher und effektiver zu machen. Mit der Nutzung dieser Website stimmen Sie der Verwendung von Cookies zu. Weitere Informationen über die Verwendung von Cookies und die Möglichkeit der Verwendung von Cookies zu widersprechen, finden Sie hier.

26. - 28. Februar 2019 // Nürnberg, Germany

Konferenzen und Rahmenprogramm

Zurück zur Tagesansicht
Session 35 II - Connectivity VI / Wired Connectivity II

Embedded Security with Controller Area Network (CAN) Vortragssprache Englisch

Embedded network security is the hot topic of today. Every day there are news about security breaches. Until recently security was a topic for IT only. Embedded systems where considered not vulnerable, because of its nature as you need physical access to exploit. But that changed as more systems are connected together for remote monitoring and control. Controller Area Network (CAN) is not different. CAN is mostly associated with automotive, trucks, and buses. Almost everybody heard of the Jeep Chrysler hack with full control of the car from a remote location. It is the classic example of an embedded system hooked up to the Internet, but not designed for it. It all boiled down to: CAN is unsecure. The IT industry has gone through the same cycle: Ethernet is unsecure by design. But nobody considers Ethernet as unsecure today. Because there are ways to make Ethernet secure. That can be applied to CAN, and other embedded networks. At CAN in Automation (CiA) together with our members and experts in the field of security, we are developing protocols, methods, and principles to secure CAN-based embedded systems. The first idea is a version of the Diffie-Hellman-Key exchange, which makes use of the unique features of CAN that anybody could transmit any message, but nobody really does know who transmitted it. Actually, the CAN-based implementation of that initial key exchange is so unique, that no Man-in-the-Middle (MITM) attack is possible and still it is much more efficient than any existing implementation. It is the in bit-time response that makes that happen. The second idea is to use embedded TLS with reused session IDs to secure transmission and allow certificate-based authentication. It is based on the standardized and widely used TLS version 1.3. TLS supports a diverse range of options to make it multipurpose. At the University Offenbach security experts developed ideas on how to limit TLS to make an embedded TLS and how to use that in CAN. The third idea is to allow distributed, authenticated broadcast transmission for embedded control. While embedded TLS is great for point-to-point communication and as such setting up the communication, CAN is an embedded network for control systems. With CAN outputs, hydraulics, pneumatics, electrical drives, and a diverse range of actuators are controlled reliable and robustly. To extend that we need authenticated control. All of which are only pieces of a puzzle and only work, when secure system design and system integration is done. Because, the weakest link in security, even IT security, is the system integration. CAN in Automation (CiA) want to discuss all solutions publically, because Auguste Kerckhoffs published 1883 in its essay entitled La Cryptographie Militaire the principles of cryptography, which are still true today. One of is strongest is: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

--- Datum: 01.03.2018 Uhrzeit: 14:30 Uhr - 15:00 Uhr Ort: Conference Counter NCC Ost


 Thilo Schumann

Thilo Schumann

CAN in Automation


Der gewählte Eintrag wurde auf Ihre Merkliste gesetzt!

Wenn Sie sich registrieren, sichern Sie Ihre Merkliste dauerhaft und können alle Einträge selbst unterwegs via Laptop oder Tablett abrufen.

Hier registrieren Sie sich, um Daten der Aussteller- und Produkt-Plattform sowie des Rahmenprogramms dauerhaft zu speichern. Die Registrierung gilt nicht für den Ticket- und AusstellerShop.

Jetzt registrieren

Ihre Vorteile auf einen Blick

  • Vorteil Sichern Sie Ihre Merkliste dauerhaft. Nutzen Sie den sofortigen Zugriff auf gespeicherte Inhalte: egal wann und wo - inkl. Notizfunktion.
  • Vorteil Erhalten Sie auf Wunsch via Newsletter regelmäßig aktuelle Informationen zu neuen Ausstellern und Produkten - abgestimmt auf Ihre Interessen.
  • Vorteil Rufen Sie Ihre Merkliste auch mobil ab: Einfach einloggen und jederzeit darauf zugreifen.