This website uses cookies to make the content more user-friendly and effective. By using this website, you agree to the use of cookies. You can find additonal information about the use of cookies and the possibility of objecting to the use of cookies here.

26 - 28 February 2019 // Nuremberg, Germany

Conferences and supporting programme

back to day overview
Session 35 II - Connectivity VI / Wired Connectivity II

Embedded Security with Controller Area Network (CAN) Vortragssprache Englisch

Embedded network security is the hot topic of today. Every day there are news about security breaches. Until recently security was a topic for IT only. Embedded systems where considered not vulnerable, because of its nature as you need physical access to exploit. But that changed as more systems are connected together for remote monitoring and control. Controller Area Network (CAN) is not different. CAN is mostly associated with automotive, trucks, and buses. Almost everybody heard of the Jeep Chrysler hack with full control of the car from a remote location. It is the classic example of an embedded system hooked up to the Internet, but not designed for it. It all boiled down to: CAN is unsecure. The IT industry has gone through the same cycle: Ethernet is unsecure by design. But nobody considers Ethernet as unsecure today. Because there are ways to make Ethernet secure. That can be applied to CAN, and other embedded networks. At CAN in Automation (CiA) together with our members and experts in the field of security, we are developing protocols, methods, and principles to secure CAN-based embedded systems. The first idea is a version of the Diffie-Hellman-Key exchange, which makes use of the unique features of CAN that anybody could transmit any message, but nobody really does know who transmitted it. Actually, the CAN-based implementation of that initial key exchange is so unique, that no Man-in-the-Middle (MITM) attack is possible and still it is much more efficient than any existing implementation. It is the in bit-time response that makes that happen. The second idea is to use embedded TLS with reused session IDs to secure transmission and allow certificate-based authentication. It is based on the standardized and widely used TLS version 1.3. TLS supports a diverse range of options to make it multipurpose. At the University Offenbach security experts developed ideas on how to limit TLS to make an embedded TLS and how to use that in CAN. The third idea is to allow distributed, authenticated broadcast transmission for embedded control. While embedded TLS is great for point-to-point communication and as such setting up the communication, CAN is an embedded network for control systems. With CAN outputs, hydraulics, pneumatics, electrical drives, and a diverse range of actuators are controlled reliable and robustly. To extend that we need authenticated control. All of which are only pieces of a puzzle and only work, when secure system design and system integration is done. Because, the weakest link in security, even IT security, is the system integration. CAN in Automation (CiA) want to discuss all solutions publically, because Auguste Kerckhoffs published 1883 in its essay entitled La Cryptographie Militaire the principles of cryptography, which are still true today. One of is strongest is: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

--- Date: 01.03.2018 Time: 2:30 PM - 3:00 PM Location: Conference Counter NCC Ost


 Thilo Schumann

Thilo Schumann

CAN in Automation


The selected entry has been placed in your favourites!

If you register you can save your favourites permanently and access all entries even when underway – via laptop or tablet.

You can register an account here to save your settings in the Exhibitors and Products Database and as well as in the Supporting Programme.The registration is not for the TicketShop and ExhibitorShop.

Register now

Your advantages at a glance:

  • Advantage Save your favourites permanently. Use the instant access – mobile too, anytime and anywhere – incl. memo function.
  • Advantage The optional newsletter gives you regular up-to-date information about new exhibitors and products – matched to your interests.
  • Advantage Call up your favourites mobile too! Simply log in and access them at anytime.