Secure CAN Demo

The Secure CAN demo is designed to present a simple secure CAN network. You can break the security on the network with the ChipWhisperer, demonstrating how side-channel power analysis is useful in all sorts of interesting situations. This example network was used in the paper "Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?" by Colin O'Flynn and Greg d'Eon, published in SAE International Journal of Transportation Cybersecurity & Privacy.

The objective is to have a network as shown here, which might be similar to those used in a car:

This is implemented in real life with several UFO targets with STM32Fx devices. They provide hardware CAN support, and a MBED TLS AES is used as the software AES. The attack example is portable to devices with hardware AES support (such as the STM32F415 targets).

The network itself uses a special secure CAN protocol. This protocol is detailed in the following figure:

Full details are seen in the paper & the source code. The above protocol was chosen for these reasons:

• No good secure CAN using AES available as public standard.
• Desired to avoid CAN-FD or CAN fragmentation to simplify demonstrating the fundamental attack principles.
• Needed both encryption & authentication.
• Needed message counter for replay prevention.

The protocol is roughly based on AES-CCM. Due to the single block encrypted there is no actual count happening, but the message frame ID serves as a counter (similar to IEEE 802.15.4).