MADISON, Wis. — Until the recent wave of carmakers rolling out more and more connected cars for the consumer market, cyber security was always a matter of indifference to car OEMs and Tier Ones. Now, it’s a big deal.
Fresh in everyone’s memory are several celebrated hacking incidents this past summer. These include the vulnerabilities found in Chrysler Jeeps, which resulted in Chrysler’s recall of 1.4 million vehicles, and a flaw in General Motors’ OnStar RemoteLink system, through which a hacker found a way to remotely unlock doors and start engines.
As Egil Juliussen, director research & principal analyst at IHS Automotive, pointed out in a recent presentation to the automotive industry, “Hacking research has shown that nearly all access points can be compromised.” To cope with this reality, technology suppliers are beginning to launch a number of cyber security solutions, he said. They range from hardware security to CAN (Controller Area Network) bus firewalls and ECU software monitoring.
(Source: IHS Automotive)
But what the world hasn’t seen yet – and Juliussen hasn’t seen either – is a technology capable of encrypting CAN bus itself.
That’s about to change, according to Trillium, a Japan-based start-up headed by David Uze, former CEO of Freescale Japan. Uze told EE Times this week that a small team of Trillium engineers has developed what it calls SecureCAN -- “a CAN bus encryption and key management system for protecting payloads less than 8bytes.”
Essential to this assertion is a claimed ability to handle data “in 8bytes,” instead of the 128-bit block the Rijndael algorithm needs for AES-based encryptions.
Because of its ultra-light weight block cipher, Trillium’s SecureCAN can encrypt CAN (and LIN) messages in real time, claimed Uze. More specifically, Trillium’s symmetric block cipher and key management system allows SecureCAN to “encrypt, transmit and decrypt within the 1ms threshold,” he said, which is required for automotive CAN bus real-time applications.
Trillium with a dozen employees is a self-funded company that’s been in existence a little over a year. The company has received investment of an undisclosed sum from semi-government Japanese organization called NEDO (New Energy and Industrial Technology Development), according to Uze. The firm’s engineering team includes a security expert who previously worked for Motorola.
Trillium’s SecureCAN “isn’t a vaporware,” stressed Uze. “We will be demonstrating it in Intrepid Control Systems’ booth” at the IEEE Standards Association (IEEE-SA) Ethernet & IP @ Automotive Technology Day (Oct. 27-28) next week in Yokohama.
Trillium does not claim that protecting CAN bus is a panacea for automotive cyber security.
“Absolutely, you must have a gateway firewall,” said Uze. But, as with any security, no system can afford to have a single point of failure. “You need multiple layers of security measures,” he explained.
But Uze noted, “CAN is a native unencrypted bus.” CAN bus doesn’t implement any security features. Further, with CAN bus, it’s possible to access every function of the car, including control locks, steering and brakes. All that accessibility makes CAN bus a perfect playground for hackers.
Next page: What Trillium delivers