CAN-FD-Sec: Improving Security of CAN-FD Protocol.

A modern vehicle consists of more than 70 Electronic Control Unit (ECUs) which are responsible for controlling one or more subsystems in the vehicle. These ECUs are interconnected through a Controller Area Network (CAN) bus, which suffers from some limitations of data payload size, bandwidth, and the security issues. Therefore, to overcome the CAN bus limitations, CAN-FD (CAN with Flexible Data) has been introduced. CAN-FD has advantages over the CAN in terms of data payload size and the bandwidth. Still, security issues have not been considered in the design of CAN-FD. All those attacks that are possible to CAN bus are also applicable on CAN-FD. In 2016, Woo et. al proposed a security architecture for in-vehicle CAN-FD. They used an ISO 26262 standard that defines the safety level to determine the security requirements for each ECU, based on that they provided encryption, authentication, both or no security to each ECU. In this paper, we propose a new security architecture for the communication between ECUs on different channels through gateway ECU (GECU). Our experimental results also demonstrate that using an authenticated encryption scheme has better performance than applying individual primitives for encryption and authentication.