CANASTA: Controller Area Network Authentication Schedulability Timing Analysis

in IEEE Transactions on Vehicular Technology (2023)

The Controller Area Network (CAN) dominates in-vehicle networking systems in modern vehicles. CAN was designed with low-latency and reliability as key features. Authenticity of a CAN frame was not ... [more ▼]

The Controller Area Network (CAN) dominates in-vehicle networking systems in modern vehicles. CAN was designed with low-latency and reliability as key features. Authenticity of a CAN frame was not considered in the design, thus, most in-vehicle network nodes inherently trust received messages as coming from a legitimate source. As a result, it is trivial to program (or hack) a network node to spoof traffic. Authentication is challenging for CAN and related protocols, such as SAE J1939, due to limited frame sizes and high bus utilization. Adding a message authentication code (MAC) as a separate message can unduly stress the real-time delivery of safety-critical messages. Although this stressor is well-known, the impact of authentication protocols on real-time message delivery in CAN has not yet been thoroughly examined. In this paper, we provide the first comprehensive analysis of realtime schedulability analysis applied to authentication schemes for CAN, CAN Flexible Data-rate (CAN FD), and CAN extra long payload (CAN XL). We formulate the response time analysis for addition of MACs and periodic transmission of MACs, and we examine their impact on two case studies and through evaluation with randomized schedulability experiments over a wide range of message sets. [less ▲]

Automated Fault Tolerance Augmentation in Model-Driven Engineering for CPS

in Computer Standards and Interfaces (2020), 70

Cyber-Physical Systems are usually subject to dependability requirements such as safety and reliability constraints. Over the last 50 years, a body of efficient fault-tolerance mechanisms has been devised ... [more ▼]

Cyber-Physical Systems are usually subject to dependability requirements such as safety and reliability constraints. Over the last 50 years, a body of efficient fault-tolerance mechanisms has been devised to handle faults occurring at run-time. However, properly implementing those mechanisms is a time-consuming task that requires a great deal of know-how. In this paper, we propose a general framework which allows system designers to decouple functional and non-functional concerns, and express non- functional properties at design time using domain-specific languages. In the spirit of generative programming, functional models are then automatically “augmented” with dependability mechanisms. Importantly, the real-time behavior of the initial models in terms of sampling times and meeting deadlines is preserved. The practicality of the approach is demonstrated with the automated implementation of one prominent software fault-tolerance pattern, namely N-Version Programming, in the CPAL model-driven engineering workflow. [less ▲]

Event Notification in CAN-based Sensor Networks

in IEEE Transactions on Industrial Informatics (2019), 15(10), 5613-5625

Preventive and reactive maintenance require the collection of an ever-increasing amount of information from industrial plants and other complex systems, like those based on robotized cells, a need that ... [more ▼]

Preventive and reactive maintenance require the collection of an ever-increasing amount of information from industrial plants and other complex systems, like those based on robotized cells, a need that can be fulfilled by means of a suitable event notification mechanism. At the same time, timing and delivery reliability requirements in those scenarios are typically less demanding than in other cases, thus enabling the adoption of best-effort notification approaches. This paper presents, evaluates, and compares some of those approaches, based on either standard CAN messaging or a recently proposed protocol extension called CAN XR. In the second case, the combined use of Bloom filters is also envisaged to increase flexibility. Results show that the latter approaches are advantageous in a range of event generation rates and network topologies of practical relevance. [less ▲]

Error detection and management in CAN XR

in 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS) (2018)

Nowadays, Controller Area Network is still the most popular solution for in-vehicle communications in automotive scenarios. Recently, the CAN with eXtensible in-frame Replyproposal has been introduced ... [more ▼]

Nowadays, Controller Area Network is still the most popular solution for in-vehicle communications in automotive scenarios. Recently, the CAN with eXtensible in-frame Replyproposal has been introduced, which permits several nodes to write at the same time on the bus in the data field of legacy CAN frames. This enables several new interesting communication services, including distributed key generation and highly-efficient data exchanges according to the combined message approach. Unfortunately, having several concurrent devices acting as transmitters for the same message impairs the ability of the protocol to detect global errors, hence worsening its robustness against electromagnetic disturbance. In this paper, this problem is analyzed in detail and some solutions are proposed, which make CAN XR as robust as the standard CAN protocol. [less ▲]

A Low-Overhead Framework for Inexpensive Embedded Control Systems

in Proc. 12th International Conference on Digital Telecommunications (ICDT2017) (2017)

Embedded control systems are becoming more and more popular, especially in relatively inexpensive consumer prod- ucts, like home appliances and building automation controllers. As a consequence, there is ... [more ▼]

Embedded control systems are becoming more and more popular, especially in relatively inexpensive consumer prod- ucts, like home appliances and building automation controllers. As a consequence, there is an ever increasing desire to reduce firmware development time and cost, without hampering relia- bility and performance. In this paper, a low-overhead firmware development framework is proposed, which allows programmers to develop and deploy typical real-time control software faster than using plain C-language programming. At the same time, experimental results confirm the framework’s efficiency and applicability even to low-end microcontrollers. [less ▲]

Software patterns for fault injection in CPS engineering

in 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) (2017)

Software fault injection is a powerful technique to evaluate the robustness of an application and guide in the choice of fault-tolerant mechanisms. It however requires a lot of time and know-how to be ... [more ▼]

Software fault injection is a powerful technique to evaluate the robustness of an application and guide in the choice of fault-tolerant mechanisms. It however requires a lot of time and know-how to be properly implemented, which severely hinders its applicability. We believe software fault injection can be made more “affordable” by automating it and have it integrated within a model-driven engineering design flow. We first propose in this paper a framework supporting these objectives. Then, illustrating on the domain-specific language CPAL, we present injection patterns that can be embedded in the application code and discuss the types of faults each supports, as well as implementation issues. [less ▲]

Supporting Security Protocols on CAN-Based Networks

in 2017 IEEE 18th International Conference on Industrial Technology (ICIT2017) (2017)

The ever-increasing variety of services built on top of the Controller Area Network (CAN), along with the recent discovery of vulnerabilities in CAN-based automotive systems (some of them demonstrated in ... [more ▼]

The ever-increasing variety of services built on top of the Controller Area Network (CAN), along with the recent discovery of vulnerabilities in CAN-based automotive systems (some of them demonstrated in practice) stimulated a renewed attention to security-oriented enhancements of the CAN protocol. The issue is further compounded nowadays because, unlike in the past, security can no longer be enforced by physical bus segregation. This paper describes how CAN XR, a recently proposed extension of the CAN data-link layer, can effectively support the distributed calculation of arbitrary binary Boolean functions, which are the foundation of most security protocols, without necessarily disclosing their operands on the bus. The feasibility of the approach is then shown through experimental evaluation and by confirming its applicability to a shared key generation protocol proposed in literature. [less ▲]