RSS Feed

Embedded Systems Blog

News from iCC17 & EW17, CANcrypt released

March 20th, 2017 Olaf No comments

The last two weeks were very exciting for us: We held several papers at the International CAN Conference and Embedded World (both in Nuremberg, Germany), participated in the first CANopen FD demonstrator at both events – with the new NXP LPC54618 – and finally released our book “Implementing scalable CAN security with CANcrypt”.

The CANopen FD demonstrator at the CiA (CAN in Automation) booth showed one of the new features of CANopen FD: segmented broadcast of larger data blocks with “Universal Service Data Objects” (USDOs). This feature can be used to broadcast images, configuration tables or even firmware updates. Here, any participant could be commanded to broadcast an image to all other participants. Such use cases were almost unthinkable with classic CANopen communication.

At Embedded World, PHYTEC showed a Nano Dimension 3D printer for PCBs. Prototyping your printed circuit boards just became a lot easier and faster. The circuits are printed with a highly conductive ink. It looks like the machine can directly produce boards from Gerber files.

At the NXP booth, one of the demos featured the NXP LPC54618 microcontroller with two CAN FD interfaces. The “FD” (Flexible Data rate) allows the data portion of a CAN message to be transmitted at higher bit rates. So far, classical CAN was limited to 1 Mbps. With currently available transceivers the data rate can now be up to 5 Mbps. Also in CAN FD, the maximum payload for each message is 64 bytes compared to eight bytes in traditional CAN. The demo compared different firmware download speeds. Using CAN FD, updates can now be transferred multiple times faster than before.

The release of our book about CANcrypt (www.cancrypt.eu) stirred a lot of interest and we had many engaged discussions, also with some security experts. CANcrypt is a security framework and the security level actually used is configurable. As usually, there is a trade-off: the more security you require, the more resources both in CPU time as well as in memory space you need. For a configuration on the upper end of security, proven encryption methods like AES-128 can be used. It will be interesting to see if the lower-end lightweight “Speck” cipher reaches adequate security levels, too.

A first potential weak spot in one of the initial published configurations (user section, where user’s are setting up their own security configuration) was already discovered and is currently improved. The encryption of the secure heartbeat accidentally used only limited parts of the shared dynamic key, reducing the effective key to 32-bit. However, CANcrypt supports key sizes of up to 1024-bit. The next release will use a demo where a larger key is applied properly.

To learn about our bounty program, stay tuned by joining our mailing list or following us on twitter . Within the next few weeks we will start such a program to encourage others to search for possible flaws in the CANcrypt implementation.