Patching potholes in CAN technology

cybersecurity for CAN bus

Patching potholes in CAN technology


Reading time
5-6 minutes

Securing the road ahead

The road toward realizing the full potential of connected vehicles must be paved by cybersecurity. For a connected vehicle to be functionally safe, it must also be secure, and vice versa. Accordingly, strict regulations are emerging within the automotive industry in the face of continually changing threat scenarios.

Innovations within mobility among an ecosystem of other necessary technologies increases convenience and safety for all involved. Yet, for all the benefits associated with these advancements, deepened interconnectivity exposes far more points of vulnerability and provides hackers further opportunities for exploitation. In this post we’ll see how cybersecurity is taking center stage, and how to complement existing regulations.

Detection and containment

While intrusion detection is nothing new for traditional IT systems, it’s now critically ubiquitous in vehicles around the world as they become more and more connected to everything including private user data, the environment outside the car, other vehicles, and much more.

Wide-ranging complexities in ECU development have broadened, and so too must security measures to keep drivers safe and secure. Intrusion detection systems (IDS) are now a major focus of automobile OEMs, suppliers, and end users alike.

In 2020, AUTOSAR put its Intrusion Detection Systems Management (IdsM) standards in place. This important step giving carmakers a tool for reporting ECU security events was deployed in 2020 with AUTOSAR Version R20-11, then updated in Version R21-11, in November 2021.


Keeping in-car communication secure

Safety-critical communication between ECUs is primarily networked through the Controller Area Network (CAN bus). However, CAN technology has some existing security shortcomings. Examples of these security gaps include researchers making changes to a vehicle’s safety-critical components through both brute force and remote access.

These controlled intrusions resulted in speedometer reading manipulations, overriding door locks, turning off the engine, among other threatening attacks. Additionally, flooding the vehicle’s CAN bus system with a large number of fake CAN packets may result in a number of ramifications affecting safety and security.

EB tresos 9 – the foundation for your ECU development is the latest version of industry-leading basic software enabling carmakers and suppliers to develop next-generation electronic control units (ECUs) based on the latest AUTOSAR standards.

Alignment with AUTOSAR standards helps streamline your development of software features that comply with the latest standards for security and safety including ISO/SAE 21434 for cybersecurity risk management which demonstrates involved parties have integrated cybersecurity measures into their products throughout the products’ design phase through the lifecycle of the product.


Collaboration is filling the gaps

Compliance with industry standards and regulations helps ensure the critical CAN bus traffic remains secure, Elektrobit and partner Argus have teamed up to tackle the gaps head on. Argus’ CAN IDPS is now fully integrated into Elektrobit’s release of EB tresos 9.

Three specific security aspects covered by Argus CAN IDPS integration into EB tresos 9 affect gateway ECUs, frame-timing analysis, and signal-timing analysis.

  • Gateway ECUs: Currently, most CAN traffic is routed without any processing. This means, if certain criteria are not met, a ‘security event’ for the IdsM may not be created. Also, blocking further propagation into other systems remains key. Detecting attacks at a gateway ECU enables dropping frames so the threat does not affect other ECUs.
  • Frame-timing analysis: Argus CAN IDPS integration into EB tresos 9 checks for anomalies based on the transmission time of CAN frames (Start of frame (SOF), arbitration, control, data, cyclical redundancy check (CRC), acknowledge (ACK) and end of frame (EOF)). This critical step is required by regulation but is currently not included in the standard AUTOSAR IdsM.
  • Signal-timing analysis: This aspect checks for anomalies based on a signal’s value along with how it changes over time. Currently, this approach is not feasible in the AUTOSAR IdsM architecture alone.


Enhancing cybersecurity together

Heightened coverage offered with Argus CAN IDPS is included in EB tresos 9 further enhances the security events standards of AUTOSAR IdsM. Implementation is highly configurable, and any combination of the 16-point Argus CAN IDPS anomaly detection can be updated during the vehicles lifetime to fit any necessary changes, all with no additional coding required.

Safety & security is an ever-changing field. We’ve seen some of the ways the automotive industry is meeting the challenges of greater connectivity and increased threat scenarios. We’ve also seen there are still gaps needing coverage, and Argus CAN IDPS integration into EB tresos 9 offers a solution to surpass even those standards set forth by AUTOSAR.


Related content:

Step forward – transitioning from EB tresos 8 to 9 – Webinar

If you want to learn the reasoning and methodology of upgrading your existing projects to EB tresos 9, view our free webinar hosted by Roman Iseler, Elektrobit’s Senior Product Manager for EB tresos.

Get the recording


Securing AUTOSAR-based ECUs from cyber risks to enable innovative mobility

Learn how to secure AUTOSAR-based ECUs to meet regulatory requirements using Intrusion Detection and Prevention Systems.

Get the recording


Try EB tresos for free

Your entry into the world of Classic AUTOSAR.



Abhay Barnard Britto
Product Marketing Manager