VehChain: Blockchain Cryptography Decentralized Distributed CAN Bus Security for Intra-Vehicle Control Systems
The U.S. Army GVSC and DoD ground systems continue utilizing Controller Area Network (CAN Bus) communication standards for embedded systems in the Army's manned, unmanned, electric, and autonomous vehicles (EVs, UGVs, UAVs). Due to inherited natures of CAN protocol limitations, these vehicles are vulnerable for cybersecurity attacks while they are connected to external networks. The existing CAN Bus enhanced security solutions require the hardware add-on, CAN Bus protocol modifications, or a centralized security control, which not only cause high cost but also result in backward-incompatibility and a single point of failure.
VehChain is a technology to improve the security of Army ground vehicle system. As a Blockchain reminiscent solution, VehChain implements reliable CAN Bus message encryption, verification, and error recovery for intra-vehicle communications to provide a means for CAN Bus security. To reduce communication overhead and latency, VehChain is designed based on the nature of CAN Bus, i.e., messages are broadcasted, nodes have no identifiers, and the frame identifier determines the specified node. Distributed message validation at each node secures the CAN bus through MAC, encryption, and key generation reminiscent of Blockchain technology. Each cryptographic key is tied to the CAN frame's identifier, hash (plain-text payload), and hash (previous key). To provide resiliency from corrupting message, a reboot-based recovery approach utilizes CAN's built-in error handling mechanism. Hence, it mitigates the effect of attack propagation bus for ensuring the operational safety, security, and continuity.
VehChain offer several critical design features for Army vehicle security and operations:
- Distributed and decentralized message confidentiality and validation for intra-vehicle communication networks. Avoid single point of failure.
- Easily integration into the CAN Bus through the firmware revisions.
- No additional CAN hardware or data frame alteration is needed. Compatible with legacy vehicle systems (CAN &MilCAN).
- Proactive threat resilience in CAN Bus through self-reboot recovery mechanism.
- Lessen the communication overhead and delay.
VehChain can be utilized for a great range of applications and some of them are Army Ground Vehicle System Center—GSVC, Army Combat Capabilities Development Command (CCDC), U.S. Army Engineering and Support Center (USACE), Mission Enabler Technologies Demonstrator (MET-D) Vehicles, Robotic Combat Vehicles (RCV), Manned Lead Vehicles, Unmanned Vehicles, Unmanned Aerial Vehicle, Unmanned Ground Vehicles, Air force & Navy and other DoD vehicles, and Commercial Vehicles and systems using CAN. For more information, please click here to find a copy of the VehChain capability statement.
- Secure and reliable data storage, access, and sharing platform
- An auditable blockchain design
- Preserving data integrity, confidentiality, security, and immutability
- Identity authentication and transaction validation
A Secure and Reliable FMCSA SAFEty Data Information Exchange and Sharing Platform Using Blockchain
Governmental agencies such as FMCSA and other public/private agencies rely on secure safety data sharing platform to prevent critical information from falling into the hands of malicious attackers. This information can be a motor carriers safety performance, SSN number, medical reports of drivers, etc.
The attackers can utilize this critical information to disrupt the secure and smooth operations of various critical FMCSA processes. However, the current data storage and exchange platforms are unable to securely meet the security requirements for both data-at-rest and data-in-transit. InfoBeyond advocates FMCSA-SAFE for secure, scalable, and efficient safety data exchange using blockchain. FMCSA-SAFE is a blockchain design to record the data information exchanged among various entities with integrity and immutability. For blockchain efficiency, clouds are utilized to store large volumes of data and the block only saves the data hash values. It employs a Proof-of-Vote consensus mechanism for transaction efficiency and scalability. Further, it implements Attribute/Role-based Access Control mechanism to ensure only the authorized parties can access the data resources when needed via the cloud. FMCSA-SAFE achieves data confidentiality, integrity, privacy, access control, and security through the following:
- End-to-end data security between FMCSA or other systems and the blockchain.
- Data feeding security in/out of the blockchain.
- Data integrity and immutability within the blockchain ecosystem.
An Auditable Blockchain for Smart Grid Data Integrity and Immutability
To maintain reliable grid operations, grid data integrity and immutability is of paramount importance to several governmental and private agencies. However, it is very challenging to achieve these goals due to the security issues that can result from various cyber-attacks. These attacks can cause data manipulation and aim at hampering the normal operations of the power grid. Although, several solutions have been proposed to detect and prevent cyber-attacks in power grids, however, the following issues still remain unaddressed:
- Efficient and scalable blockchain design.
- Smart contract security.
- Data feeding integrity and immutability.
- Action and decision auditability.
InfoBeyond advocates an auditable Blockchain (Gridchain) for Smart Grid data integrity and immutability to address the above-mentioned challenges. First, Gridchain supports reliable and immutable data feeding authentication from data endpoints to smart contracts. It also provides a means to securely feed external data (e.g., fee) into blockchain while authenticating the transaction. Next, Gridchain employs a two-layer Ethereum structure (e.g., Macro and Micro blocks) to achieve high throughput transactions in support of a large scale grid network. Finally, it also consists of an auditor that is an online auditing module to add additional security on top of the in-built blockchain design. It analyzes the contracts to detect blockchain misbehaviors from attackers.
Infobeyond conducted various research on the blockchain data integrity, confidentiality, security, blockchain efficiency, smart contract security, gas sustainability, blockchain auditability, and access control protocols.