can-hg
CAN is a hugely successful fieldbus protocol that’s been around for more than three decades. It’s used today in hundreds of millions of devices including cars, trucks, buses, construction machines, ships, tractors, and spacecraft (there is even a CAN bus orbiting Mars). It has superb features that make it ideal for an embedded system, features that other protocols struggle to match, such as highly robust error handling, atomic broadcast, and short bounded latencies, properties that have supported design-for-correctness approaches.
To be fit for the modern era CAN needs to meet three new challenges:
- It needs to go faster (today it is so successful that higher bandwidth is obtained by partitioning the system into parallel buses, which is less than ideal)
- It needs to be secure (CAN was designed long before the Internet-of-Things and the idea of connecting a car to the internet was almost inconceivable)
- And most importantly, CAN must be faster and secure while remaining compatible with all existing CAN hardware
White paper: CAN-HG overview: Augmenting Classic CAN for Performance and Security (PDF) white paper is a description of how CAN-HG augments classic CAN for much higher performance with security (Version 04, issue date 2020-12-14, 12 pages).
Episode 93 of the Autonocast podcast is an interview with Canis Labs' CTO Dr. Ken Tindell on augmenting CAN to meet the modern challenges of bandwidth and security.
augmenting classic can with can-hg
CAN-HG addressed these challenges with inspiration from the movie industry.
full can compatibility
The picture above is of a film ‘cel’ (it’s a 1997 digital re-release of the Star Wars movie Return Of The Jedi).
Studios needed to add digital surround sound to movie film but in a way that the movie would still be showable on all existing film projectors. The image shows the way it was done: adding 2D bar codes between the film sprocket holes so that old projectors ignore the data and new projectors extract the digital sound data.
CAN-HG does the same thing for CAN: it exploits a feature of the CAN protocol to add new high-speed data after a sample point and before the next one. This data is invisible to existing hardware but cCAN-HG hardware can see it.
CAN-HG is also compatible with the existing CAN physical layer: it uses existing CAN transceivers and cabling by automatically re-calibrating at the start of each augmented CAN frame.
more bandwidth over can
The invisible data bits added by CAN-HG are at speed of 10Mbit/s. Full CAN-HG augmentation in a ‘carrier frame’ (a standard CAN frame with an 8-byte payload of all zeroes) carries 276 payload bytes (for a CAN speed of 250Kbit/s):
The image above (PDF) shows a logic analyzer trace of a CAN frame augmented by CAN-HG. The top signal line is the unaugmented classic CAN frame (an 8-byte carrier frame). The CAN-HG augmentation starts after CAN arbitration is finished, and the protocol decoder shows how the fast bits encode CAN-HG fields:
- 32-bit Header (includes an 8-bit hardware source address)
- 32-bit Timestamp for the transmitter’s clock at start-of-frame
- 32-bit Control field
- 26 x 32-bit Payload words (104 bytes)
- 32-bit CRC
The CAN-HG data has two CRCs, both with a Hamming Distance of 6, and the CAN-HG data is carried inside a classic CAN frame, ensuring CAN-HG is highly robust.
security on can
CAN-HG provides extra security features in hardware through its header: it is small enough that all CAN frames can be augmented with a CAN-HG header.
The CAN-HG header tags a frame with details of where it came from. An Intrusion Detection Prevention System (IDPS) uses this to instantly spot a spoofed frame. The IDPS raises a CAN error to stop the spoof, then broadcasts a short command (in the same format as a CANOpen NMT command) to instruct CAN-HG hardware to disconnect the attacker from CAN.
The fourth episode of the popular Defending CAN video series describes how CAN-HG augments the CAN protocol and provides both authentication and protection against denial-of-service attacks directly in hardware. There is a demonstration of this plus CAN-HG carrying a hundred byte payload hidden inside 8 byte classic CAN frame.
silicon ip
CAN-HG is implemented by Canis Labs as a Verilog module for the core engine and can be synthesised to an FPGA, ASIC or included in an SoC design. The IDPS100 module provides IDS and IPS functionality in Verilog with a memory interface (accessible from AXI bus or SPI). The Canis CAN-HG engine is included in the IDPS100.
CAN-HG is being evaluated by the United States Army Combat Capabilities Development Command (DEVCOM) Ground Vehicle Systems Center (GVSC) in a cooperative research and development agreement.
CAN-HG is used in the Tessent Embedded Analytics platform from Siemens in the SecureCAV project.
can hg engine
The CAN-HG engine is a Verilog hardware IP module that can transmit and receive CAN frames, both as pure CAN and as classic CAN frames augmented with a security header and an optional payload body (up to 276 bytes on a 250kbit/sec classic CAN bus). It is used inside the Canis Labs IDPS100 module.
It is being evaluated by the United States Army Combat Capabilities Development Command (DEVCOM) Ground Vehicle Systems Center (GVSC) in a cooperative research and development agreement.
idps100
The Canis IDPS100 is a Verilog hardware IP module for CAN bus intrusion detection and prevention (IDPS), used in the Siemens Secure-CAV Embedded Analytics platform. It supports the CAN-HG augmentation of the CAN 2.0 protocol and can read security headers for hardware anti-spoofing. It can destroy unauthorized or spoof frames before they are received and has support for sending classic CAN frames augmented with CAN-HG information, including large payloads (276 bytes inside a 250kbit/sec classic CAN 8 byte frame).
