Can Crypto Chip to Secure Data Transmitted Through CAN FD Bus by Using AES-128 & SHA-1 with a Symmetric Key

摘要

Robert Robert Bosch GmBH proposed in 2012 a new version of communication protocol named as Controller Area Network with Flexible Data-Rate (CANFD), that supports data frames up to 64 bytes compared to 8 bytes of CAN. With limited data frame size of CAN message, and it is impossible to encrypt and secure. With this new feature of CAN FD, I propose a hardware design---CAN crypto FPGA chip to secure data transmitted through CAN FD bus by using AES-128 and SHA-1 algorithms with a symmetric key. Hardware will protect confidentiality of cryptographic keys better than software. AES-128 algorithm provides confidentiality of CAN message and SHA-1 algorithm with a symmetric key (HMAC) provides integrity and authenticity of CAN message. The design has been modeled and verified by using Verilog HDL---a hardware description language, and implemented successfully into Xilinx and Altera FPGA chips by using simulation tool ISE (Xilinx) and Quartus (Altera). Verification are done by applying direct test bench with National Institute of Standards and Technology (NIST) test vectors for AES-128, SHA-1, CAN crypto encryption and decryption cores. The performance of the design implemented into Xilinx FPGA chip (Virtex5 XC5VLX50T) were 187 MHz maximum clock frequency & 203 Mbps throughput for the encryption core, and 182 MHz maximum clock frequency & 198 Mbps throughput for the decryption core. The performance of the design implemented into Altera FPGA Chip (EP4CE115F29C7) were 90.09 MHz maximum clock frequency & 98 Mbps throughput for the encryption core, and 89.13 MHz maximum clock frequency & 97 Mbps throughput for the decryption core. In addition, an ASIC chip of the design has been built successfully by using Synopsys tools, and its performance was 100 MHz maximum clock frequency for both the encryption and decryption core. In conclusion, the performance of CAN crypto encryption and decryption cores in both FPGA chips and ASIC chip show that CAN Crypto design is suitable to be embedded into ECUs for securing data transmitted through CAN FD bus.;I have enhanced CAN Crypto design by adding 64 bits anti-replay counter to prevent Replay attacks, and using dynamic Cipher Key and Symmetric Key to strengthen robustness of secret of those keys. Moreover, the proposed design is also applicable to secure CAN bus; this makes it more promising to secure hybrid network-an integration of CANFD and CAN buses. The design of enhanced CAN Crypto has been modeled and verified successfully by using Verilog HDL, and implemented successfully into Altera FPGA chip by using Altera Quartus simulation tool. The performance of the enhanced design implemented into Altera FPGA Chip (EP4CE115F29C7) were 87.83 MHz maximum clock frequency & 95 Mbps throughput for the encryption core, and 86.84 MHz maximum clock frequency & 94 Mbps throughput for the decryption core. The performance of enhanced CAN Crypto encryption and decryption cores shows that enhanced CAN Crypto design is suitable to be embedded into ECUs for securing data transmitted through CAN FD bus in-vehicle networks.;In conclusion, by implementing the CAN Crypto design inside each ECU, we are not only providing authenticity of CAN message but also integrity and confidentiality of the message. This solution will secure CAN networks better than current academic and industrial solutions, which are only providing authenticity of CAN message.