CAN Bus Message Authentication via Co-Channel RF Watermark

Abstract

Over the past decade, consumer vehicles have increasingly begun to resemble computers on wheels, with many newer vehicles containing over 100 independent electronic control units (ECU) that make independent decisions within the vehicle. Cost and power constraints for the vehicle significantly constrain processing capabilities and limitations on practical cybersecurity measures that may be employed in the vehicle today. Also, as automotive manufacturers are continuous integrators, many legacy communications links within vehicles were originally designed as standalone entities that assumed internal trust of communications between ECUs by virtue of closed bus structures and an emphasis on reliability, but not security. This paper presents a low-cost authentication mechanism to significantly improve message validation on wired message buses such as the Controller Area Network (CAN) bus by employing a co-channel underlay watermark that arrives time-aligned with the primary bus messages. Concept validation using a gate-level Simulink / HDL Coder simulation provided initial feasibility, while a complete CAN bus hardware testbed was constructed with a custom CAN transceiver built on a Red Pitaya software defined radio (SDR) connected to multiple commercial CAN transceivers to validate backwards compatibility. This testbed incorporates a custom transmission security (TRANSEC) engine that supports dynamic variation of the watermark, further improving security during deployment. Finally, this custom CAN testbed with the watermarking CAN transceiver was tested across a range of operational conditions, with initial performance results presented and discussed. Future work describes potential for near-term ruggedization and productization of the watermarking CAN transceiver.