Enhancing security and robustness of Cyphal on Controller Area Network in unmanned aerial vehicle environments

Abstract

A controller area network (CAN) has been widely deployed in automotive environments due to the decentralized environment which enables the easy control of many components in a vehicle. The CAN is now being adopted in other areas, including aviation and robots, especially unmanned aerial vehicles (UAV). Cyphal has been developed for years to provide communication over the CAN in UAV environments. For instance, the plug-and-play mode of Cyphal enables the automated configuration of the unique source IDs to nodes on the CAN bus. This reduces the overhead to assign static nodes to each node newly attached to the CAN bus. As such a configuration may occur the collision of the frames to the small size of the source ID, Cyphal currently recommends the use of such features only for non-critical applications. While attaching a new node to the CAN bus needs the authentication process to prevent the unauthorized devices attached and used by adversaries, Cyphal does not consider such security issues. To address these issues, we propose a security design to improve the robustness and security of the plug-and-play mode in Cyphal. Our proposal provides the collision avoidance and authentication of modules. To give efficiency in lightweight modules, our design uses the symmetric key-based method. We evaluate how the collision is avoided in our design compared to Cyphal, and also analyze the security of our proposal. Evaluation results demonstrate that our proposed scheme is effective in enabling the plug-and-play mode of Cyphal for the critical environment.