Truck & Off-Highway Engineering - October 2022 - 28
SECURING CAN NETWORKS IN
COMMERCIAL VEHICLES
Long life platforms, integration of several subassemblies,
software complexity for end-to-end security, and the
lack of a secure communication standard are among the
unique challenges facing CV manufacturers.
A CAN transceiver with built-in security functions can avoid the complexity of
end-to-end security solutions that are especially hard to implement on CVs.
by Karthik Sivaramakrishnan
C
ommercial road vehicles are the backbone of the modern
consumer economy. Almost any business from construction,
to energy, to online retail at some point relies on the delivery
of goods by commercial vehicles, which in turn are becoming
increasingly connected both to the external world and to
each other via telematics. This enables CV owners to optimize and
manage their fleets via platooning for safety and efficiency improvements
as well as cost and fuel-consumption reduction to meet the
increasingly stringent CO2
emissions requirements necessitated by
climate change. However, the increased connectivity brings with it an
increase in cyberattack surfaces and CV fleets are prime targets for
cybercrime due to the high value of the cargo they carry, and their
importance to large businesses and the greater economy.
While CV manufacturers are familiar with and prepared for the risk of
physical attacks - typically carried out on one vehicle, such as odometer
manipulation or theft - they may risk being caught by surprise at
the scale and impact of what is possible with remote cyberattacks.
Hackers can exploit a vehicle's wireless network or internet connection
to gain entry into the vehicle's communication network and compromise
security to access a vehicle's CAN (Controller Area Network) and
take over remote management of the vehicle while it is in motion.
Modern ECUs in commercial vehicles run on millions of lines of
code, which opens up vulnerabilities for compromising them. Even
conservative estimates predict a bug every 1000 lines of code. A
range of activities can then be carried out with malicious intent from
28 October 2022
fraudulent manipulation of data to complete control of
safety-critical functions such as steering, acceleration
and braking. Location tracking and theft also are
among the potential motivations for hackers to inject
malicious CAN data frames into the CAN network.
UNECE R155: Mandatory
cybersecurity compliance
Risks of malicious cyberattacks are relatively new to
commercial vehicles, and industry experts are looking at
several approaches to mitigate these risks. However,
there is already the expectation from regulatory bodies
such as UNECE (United Nations Economic Commission
for Europe) that it is no longer a question of if there is
an attack but when there is an attack on a vehicle network.
This has resulted in mandatory cybersecurity
compliance regulation R155, which is applicable at first
for new vehicle types but then for all vehicles on the
road, increasing the sense of urgency for the implementation
of cybersecurity measures within vehicles that
will be on the road in one of the 54 countries that are
party to the agreement.
R155 has explicit requirements, such as " The vehicle
shall verify the authenticity of the messages it receives, "
TRUCK & OFF-HIGHWAY ENGINEERING
NXP
Truck & Off-Highway Engineering - October 2022
Table of Contents for the Digital Edition of Truck & Off-Highway Engineering - October 2022
Truck & Off-Highway Engineering - October 2022 - CVRA
Truck & Off-Highway Engineering - October 2022 - CVRB
Truck & Off-Highway Engineering - October 2022 - CVR1
Truck & Off-Highway Engineering - October 2022 - CVR2
Truck & Off-Highway Engineering - October 2022 - 1
Truck & Off-Highway Engineering - October 2022 - 2
Truck & Off-Highway Engineering - October 2022 - 3
Truck & Off-Highway Engineering - October 2022 - 4
Truck & Off-Highway Engineering - October 2022 - 5
Truck & Off-Highway Engineering - October 2022 - 6
Truck & Off-Highway Engineering - October 2022 - 7
Truck & Off-Highway Engineering - October 2022 - 8
Truck & Off-Highway Engineering - October 2022 - 9
Truck & Off-Highway Engineering - October 2022 - 10
Truck & Off-Highway Engineering - October 2022 - 11
Truck & Off-Highway Engineering - October 2022 - 12
Truck & Off-Highway Engineering - October 2022 - 13
Truck & Off-Highway Engineering - October 2022 - 14
Truck & Off-Highway Engineering - October 2022 - 15
Truck & Off-Highway Engineering - October 2022 - 16
Truck & Off-Highway Engineering - October 2022 - 17
Truck & Off-Highway Engineering - October 2022 - 18
Truck & Off-Highway Engineering - October 2022 - 19
Truck & Off-Highway Engineering - October 2022 - 20
Truck & Off-Highway Engineering - October 2022 - 21
Truck & Off-Highway Engineering - October 2022 - 22
Truck & Off-Highway Engineering - October 2022 - 23
Truck & Off-Highway Engineering - October 2022 - 24
Truck & Off-Highway Engineering - October 2022 - 25
Truck & Off-Highway Engineering - October 2022 - 26
Truck & Off-Highway Engineering - October 2022 - 27
Truck & Off-Highway Engineering - October 2022 - 28
Truck & Off-Highway Engineering - October 2022 - 29
Truck & Off-Highway Engineering - October 2022 - 30
Truck & Off-Highway Engineering - October 2022 - 31
Truck & Off-Highway Engineering - October 2022 - 32
Truck & Off-Highway Engineering - October 2022 - 33
Truck & Off-Highway Engineering - October 2022 - 34
Truck & Off-Highway Engineering - October 2022 - CVR3
Truck & Off-Highway Engineering - October 2022 - CVR4
https://www.nxtbook.com/smg/sae/24TOHE12
https://www.nxtbook.com/smg/sae/24TOHE10
https://www.nxtbook.com/smg/sae/24TOHE08
https://www.nxtbook.com/smg/sae/24TOHE06
https://www.nxtbook.com/smg/sae/24TOHE04
https://www.nxtbook.com/smg/sae/24TOHE02
https://www.nxtbook.com/smg/sae/23TOHE12
https://www.nxtbook.com/smg/sae/23TOHE10
https://www.nxtbook.com/smg/sae/23TOHE08
https://www.nxtbook.com/smg/sae/23TOHE06
https://www.nxtbook.com/smg/sae/23TOHE04
https://www.nxtbook.com/smg/sae/23TOHE02
https://www.nxtbook.com/smg/sae/22TOHE12
https://www.nxtbook.com/smg/sae/22TOHE10
https://www.nxtbook.com/smg/sae/22TOHE08
https://www.nxtbook.com/smg/sae/22TOHE06
https://www.nxtbook.com/smg/sae/22TOHE04
https://www.nxtbook.com/smg/sae/22TOHE02
https://www.nxtbook.com/smg/sae/21TOHE12
https://www.nxtbook.com/smg/sae/21TOHE10
https://www.nxtbook.com/smg/sae/21TOHE08
https://www.nxtbook.com/smg/sae/21TOHE06
https://www.nxtbook.com/smg/sae/21TOHE04
https://www.nxtbook.com/smg/sae/21TOHE02
https://www.nxtbookmedia.com