Defending the CAN bus Part 3: Security Gateways
Episode 2 of this series covered cryptography on CAN. This third episode describes security gateways, using as a case study the Canis Labs security gateway. Covered are the things that security gateways must do, particularly the buffering and real-time handling of frames. There are also things that are very useful, such as interlocks to allow certain CAN frames being passed through only if a human is there to close a switch. And there are nice-to-have features like zeroing out signals on a need-to-know basis to prevent commercially-sensitive information being scooped up and exfiltrated.
Episode 4 of this series will cover the fourth defensive technique: CAN-HG. This is a new augmentation of the CAN protocol to add security information, used to provide automatic authentication in hardware and to stop denial-of-service attacks.