Two Companies Partner to Secure an Automotive Linchpin—the CAN Bus—at the Hardware

June 01, 2020 by Gary Elinoff

Despite its function as the central data bus for all modern vehicles, the CAN bus is still surprisingly underprotected.

The CAN bus can be one of the most vulnerable (and consequential) cybersecurity gaps in the automotive industry. While software-based protection of the CAN bus is often the go-to approach for security, hardware security may be the better preventative measure for protocol-level attacks. 

Two companies, UltraSoC and Canis Automotive Labs, have recently entered into a partnership to improve CAN bus security against cyber attacks. The CAN bus is the vital link serving as the vehicle’s central nervous system, providing multi-directional connections between the engine, transmission, steering, braking subsystems and the multiple electronic control units (ECU).


Automotive modules that can be attacked using the CAN bus

Visual of the various automotive modules that can be attacked using the CAN bus. Image used courtesy of Bogdan Groza and Pal-Stefan Murvay 

Because software-based protection may prove too slow to prevent protocol-level attacks, the two companies are turning their sights to the hardware. Speed is essential since many attackers rely on a “window of opportunity” when the system is vulnerable; a faster-moving defense can deny the malefactor this transient opening.

Through this partnership and their unique technologies, we can learn more about the essential place of the CAN bus in automotive security and how hardware designers can take an active role in protective measures. 


CAN-HG Technology

CAN-HG is Canis Automotive Lab’s silicon-based protocol for the CAN bus. Canis Automotive Labs says it is 100% compatible with standard CAN physical bus because it exists on millions of vehicles—no modification required. CAN-HG does, however, allow the CAN bus to carry payloads twelve times larger than standard CAN frames. 

Canis Automotive Labs' Mercury chip is inserted between the host MCU and the CAN transceiver.


How the Canis Labs' Mercury chip works to secure the CAN bus

How the Canis Automotive Labs' Mercury chip works to secure the CAN bus. Image used courtesy of Canis Automotive Labs


The host MCU and CAN MCU are conventional devices. The Mercury chip interfaces with the MCU via the SPI bus and an interrupt line requests servicing from the host MCU. For speed, the SPI commands are structured to allow MCU DMA control.


UltraSoC's Sentinels

UltraSoC’s semiconductors, in combination with CAN-HG, allows designers to secure their CAN bus designs at the hardware level. UltraSoC achieves this by employing the fast bits within the CAN-HG-augmented part of a CAN frame, adding security information to the CAN frames. This enables the UltraSoC monitoring hardware to identify and block suspicious or unauthorized traffic traveling over the CAN bus. 


UltraSoC's cybersecurity infrastructure

UltraSoC's cybersecurity infrastructure. Image used courtesy of UltraSoC


The UltraSoC Sentinel can detect and block suspicious transactions at hardware speed. Secure interconnects can be integrated with other on-chip monitoring, analytic, and recording elements. This allows designers to profile normal system behavior and to analyze existing and emerging cyber threats.


Microseconds Rather Than Milliseconds

UltraSoC’s security solutions and Canis Automotive Lab’s CAN-HG continuously check that the subsystem operates as expected while detecting any behavior that indicates a possible security breach. 

Because the solution is based on hardware rather than software, detection and interventions happen real-time—in microseconds rather than the milliseconds. The threat can then be contained before it can do any damage. In this manner, even brand new, unanticipated  “zero-day” type attacks can also be blocked.


The Goals of the Partnership—Secure-CAV Support

The goal of Canis Automotive Labs and UltraSoC partnership is for their hardware-based CAN bus security to be deployed as part of Secure-CAV, a consortium of industry participants formed to drive automotive cybersecurity.

Ken Tindell, Canis Automotive Labs’ CTO has stated, “The most effective way to protect a CAN bus from attacks is to deploy a hardware security device—or better still, use semiconductor IP to incorporate hardware protections into the underlying system."

To this, Aileen Ryan, UltraSoC's CSO, has added, “Up to now, the industry has been forced to use sticking plaster solutions to defend CAN interconnect, relying on software techniques or perimeter security. Incorporating Canis Automotive Labs’ innovative CAN-HG technology into UltraSoC’s products allows us to secure the vehicle ‘from the inside out’: within the underlying electronic hardware.”


Automotive Security: A "Whack-a-Mole" Game With Hackers?

Ken Tindell of Canis Automotive Labs describes present-day automotive security endeavors as a game of  “whack-a-mole”, where “each newly-discovered vulnerability is patched in the hope to stay one step ahead of the hackers.”



If you’re involved in automotive engineering, have you ever felt like a participant in this whack-a-mole game with hackers? Do you think the CAN bus security at the hardware level can help remedy this situation? Share your experiences in the comments below.