Encrypted and secure messages with CAN FD
Tipus de documentProjecte Final de Màster Oficial
Data2021-05-17
Condicions d'accésAccés obert
Llevat que s'hi indiqui el contrari, els
continguts d'aquesta obra estan subjectes a la llicència de Creative Commons
:
Reconeixement-NoComercial-SenseObraDerivada 3.0 Espanya
Abstract
The project intends to portray an approach to design a cryptographic secured way to transmit messages on the well-known CAN bus communication protocol in modern cars. However, due to the requirement of including some message data payload as part of the cryptographic method, the CAN FD (CAN Flexible Data) protocol has been chosen to perform this project. During last years, electronics is getting more importance everywhere and today’s communication between automotive Electronic Control Units (ECUs) is done via protocols such as CAN or CAN FD. Unfortunately, these protocols are not protected against hacker attacks and it is easy to modify the information sent to others changing the behaviour of the devices that they are attempting to control. In this context, this project stablishes a secure encrypted communication based on the CANCrypt method explained in [1] using the CAN FD and its wider payload. Pursuing the CANCrypt idea, three cryptographic methods are implemented in this project using two Raspberry Pis[2]programmed in C language with Geany IDE (Integrated Development Environment) [3] and two MCP2517FD click [4] modules for CAN FD communication. Then, these three cryptographic methods developed are: asymmetric AES–128 (Advanced Encryption Standard) encryption with 16 bytes HMAC (HashMessage Authentication Code) signature, a variable ECDSA (Elliptic Curve Digital Signature Algorithm) bytes signature as asymmetric approach and a 16 bytes DHSS (Diffie-Hellmann Shared Secret) signature approach based on ECC public key cryptography. In this report, these methods are explained in detail to understand the software implementation and the involved security. The results of the tests and the implemented methods are also presented in this document. It must be remarked that the asymmetric approach based on the ECDSA cryptography has a payload that can be bigger than the amount of data that can be sent and it is unpredictable because signature does not have a fixed size. Additionally, in this report it is also presented theDHSS signature approach with similar payload to the symmetric AES and HMAC approach and therefore it does not need continuously key exchange as it is based on asymmetric cryptography. As a conclusion, an operational and reliable CANFD transmission environment for in-vehicle networking is developed in this project. The software has been developed with security checks to avoid non-desired communication and the integration of the three methods were successfully done in CAN FD payload as well as the design of 2APIs (Application Programming Interface): for Receive/Transmit CAN messages with a MCP2517FD click module and for encryption routines
MatèriesController Area Network (Computer network) -- Safety measures, Data encryption (Computer science), Cryptography, Controller Area Network (Xarxa d'ordinadors) -- Mesures de seguretat, Xifratge (Informàtica), Criptografia -- Informàtica
TitulacióMÀSTER UNIVERSITARI EN ENGINYERIA INDUSTRIAL (Pla 2014)
Col·leccions
Fitxers | Descripció | Mida | Format | Visualitza |
---|---|---|---|---|
encryptedandsec ... costamontillaalejandro.pdf | 6,539Mb | Visualitza/Obre | ||
annexes-tfm-acostamontillaalejandro.zip | 11,37Mb | application/zip | Visualitza/Obre |