The U.S. Army Ground System Vehicle System Center (GVSC) and DoD ground systems utilize Controller Area Network (CAN) Bus protocol for providing inter-vehicle ECU (Electronic Control Unit) communications, such as in the Army's Joint Light Tactical Vehicle (JLTV), Medium Tactical Vehicles (FMTV), Heavy Equipment Transported (HET), Armored Multi-Purpose Vehicle (AMPV), Ground Combat Infantry Fighting Vehicle (GCV), Small Multipurpose Equipment Transport (SMET) ground robots, Aircrafts, unmanned, electric, and autonomous vehicles. Due to the inherited nature of the CAN Bus protocol limitations, these vehicles are vulnerable to cybersecurity attacks when they are connected to the global Ethernet. In addition to cyber-attacks, a variety of embedded threats (e.g., buggies, malwares) through supply chain are recently identified while these vulnerabilities are left unprotected. Without CAN security, mission operations through the vehicles could be endangered and it has become especially important to secure real-time safety-critical intra-vehicle communications for mission operational accomplishment in a secure way.
A blockchain-reminiscent cryptographic solution for effective in-vehicle communication security
VehChain Enhances Intra-Vehicle Cyber Security
VehChain is a state-of-the-art software solution for CAN Bus security to secure ECU communications against potential CAN Bus cyber attacks and vulnerabilities.
What is CAN Bus Security and VehChain?
What are VehChain Features?
VehChain Key Features
VehChain: A Blockchain-reminiscent Intra-Vehicle Communication Security for SAE J1939 and CAN 2.0
As a Blockchain reminiscent cybersecurity solution, VehChain implements firmware-based hash-chain cryptographic technique in aspects of payload encryption, message authentication, node integrity veriﬁcation, and cyber resilient recovery for the real-time safety-critical CAN Bus to provide a means for intra-vehicle communication cybersecurity. It effectively protects vehicle computers, networks, programs, and data from unintended or unauthorized access, change, or destruction.
VehChain Technical Specs
To reduce communication overhead and latency, VehChain is designed based on the nature of CAN Bus, i.e., messages are broadcasted, nodes have no identifiers, and the frame identifier determines the specified node. Distributed message validation at each node secures the CAN bus through MAC, encryption, and key generation reminiscent of Blockchain technology. Each cryptographic key is tied to the CAN frame’s identifier, hash (plain-text payload), and hash (previous key). To provide resiliency from corrupting messages, a reboot-based recovery approach utilizes CAN's built-in error handling mechanism. Hence, it mitigates the effect of attack propagation bus for ensuring the operational safety, security, and continuity.
- Pluggable software solution installed/updated with Firmware
- CAN Bus data frame confidentiality, integrity, hash keys, traceability, recoverability, and synchronization
- No modification of CAN BUS protocol (e.g., CAN 2.0, J1939)
- Fully distributed and no single point of failure against cyber attacks
VehChain: Secure CAN Bus Vehicle Communication Demo
VehChain Case Studies
VehChain is collaborating with the U.S. Army Combat Capabilities Development Command, known as DEVCOM, to research and develop Army GSVC’s intra-vehicle cybersecurity programs for validating communications between trusted and entrusted vehicle control systems. Our proposed VehChain system effectively secures, authenticates, and responds to threats in a distributed way that ensures Army mission continuity with a form of incorruptible data and advanced resiliency capabilities. Once the technology is matured, researched, and developed, VehChain can be transitioned to integrate in the:
- U.S. Army's Program Executive Office Ground Combat Systems (PEO GCS)
- U.S. Army's Program Executive Office, Combat Support & Combat Service Support (PEO CS&CSS)
- U.S. Army Engineering and Support Center (USACE)
- Mission Enabler Technologies Demonstrator (MET-D) Vehicles
- Robotic Combat Vehicles (RCV), Manned Lead Vehicles, Unmanned Vehicles, Unmanned Aerial Vehicle, Unmanned Ground Vehicles, Air force & Navy and other DoD vehicles
- Commercial and Electric Vehicles
- Aviation Industry
- Energy and Power Grid
U.S. Army’s Program Executive Office Ground Combat Systems/U.S. Army's Program Executive Office, Combat Support & Combat Service Support
With support of DEVCOM/GVSC, VehChain will be transitioned to commercialization and integration through the PEO GCS and/or PEO CS & CSS. The Program Executive Office Ground Combat Systems (PEO GCS) oversees the product management offices responsible for total life cycle management of Army's finest ground systems including Self-Propelled Howitzer System (SPHS), Mounted Armored Vehicles (MAV), Main Battle Tank Systems (MBTS), Stryker Brigade Combat Team (SBCT), Future Battle Platforms (FBT), Maneuver Combat Systems (MCS), and Capability Transition and Product Integration (CTPI). The US Army’s Program Executive Office, Combat Support & Combat Service Support (PEO CS & CSS) designs, develops, and delivers essential, affordable capabilities America’s Soldiers need for the 21st Century's diverse mission challenges. Main priorities of PEO CS & CSS include tailoring and streamlining, human capital, and fleet management.
U.S. Army Engineering and Support Center (USACE)
The USACE’s main goal is to strengthen national security by building and maintaining America’s infrastructure and providing military facilities where servicemembers train, work and live. Another goal is researching and developing technology for the nation’s war fighters while protecting America's interests abroad by using engineering expertise to promote stability and improve quality of life. When carrying out these missions, USACE uses connected vehicles and other equipment on CAN bus protocols that may be at risk for cyber attacks. VehChain mitigates this risk in a cost efficient manner using a blockchain reminiscent technology to ensure safety and security of USACE projects at home and abroad.
Mission Enabler Technologies Demonstrator (MET-D) Vehicles and Robotic Combat Vehicles (RCV)
The MET-D is an experimental system of vehicles designed to help Army leaders determine how best to integrate unmanned vehicles called RCVs into ground combat formations. The MET-D leverages the latest technology in sensors, data display, graphical user interface, drive-by-wire capability, unmanned aerial vehicle-provided video, and advanced communications to operate unmanned platforms which can make contact with the enemy before the soldiers do. VehChain can ensure MET-D and RCVs are performing effectively and securely through its blockchain reminiscent software add on for CAN bus protocols.
Air Force, Navy, and other DoD vehicles
VehChain is not limited to integrating with just Army intra-vehicle control systems. It also can serve as a security mechanism for Air Force, Navy, and other DoD missions. For example, VehChain can protect naval aviation aircrafts, manned/unmanned aerial vehicles and weapons, and sea/ground missile defense systems.
Commercial and Electric Vehicles
Modern commercial vehicles also rely on CAN Bus protocols to keep everything running and communicating properly internally in the car. Therefore, they are susceptible to cyber-attacks similar to military vehicles. For example, a hacker can get access to a commercial vehicle CAN Network by simply tapping into the headlight wires and injecting malicious commands into the network that allows them to take control of the vehicle by falsifying the presence of a key and driving off. These attacks have become increasingly more common in today’s world, especially with the growing presence of fully electric vehicles (EVs).
For this reason, InfoBeyond Technology has tested and implemented VehChain using the S32 microcontroller for the automotive market. S32 series from NXP includes S32K Automotive General-Purpose Microcontrollers that deliver quality, reliability and safety for challenging environments found in industrial, automation, communications, transportation, medical and A&D applications. It also includes S32E Real-Time Processors which are ideal for EV control and smart actuation. We have successfully enabled the VehChain algorithm in the S32K144, allowing it to effectively encrypt and decrypt data during communication through CAN 2.0 protocol with the PIC32 microcontroller.
The aviation industry, commercial and defense, also relies on CAN Bus protocols to interconnect the engine, navigations, flight controls, control surface actuations, radar, and other avionic units. As ground vehicles, the cybersecurity in avionic CAN-Bus communications can be originated from external cyber-attacks or inherited from internal vulnerabilities (e.g., embedded malicious code). In 2016, a cybersecurity researcher shows the hack into a commercial aircraft and gain access to the avionics to disrupt the control. In 2019, it was reported that Boeing had discovered a cybersecurity vulnerability in its 787 Dreamliner aircraft that could potentially allow a hacker to access the aircraft’s critical systems.
In 2019, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have warned of insecure CAN bus network implementations affecting aircraft where engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. These falsified readings could cause the pilot to lose control of the aircraft. VehChain can be adapted to encrypt CAN messages on aircraft to mitigate an attack of this nature from taking place.
Energy and Power Grid
Modern power grids rely on SCADA CAN Bus systems (e.g. Power lines, transformers) to maximize efficiency. These grids’ CAN Network can be compromised causing devastation to the national economy. VehChain can protect safety-critical CAN-Bus controls implemented in energy producing plants by means of CAN validation and resiliency against potential attacks.
Do you want to build a live testbed or demo on your Vehicle or CAN Bus System? We are happy to partner with manufacturers and/or OEM (i.e., Original Equipment Manufacturer) vendors and transition the VehChain security to your customers through your products. If interested, please contact us.