Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’m sure there are a lot of complexities, I think the general shape of the solution is the same. Another poster (perhaps you?) mentioned that luxury cars do sign CAN packets.

Anyways I’m not in this industry but work on SPIFFE and see similarities- you could have a centralized CA in the car that does attestation to remote workloads.



That can be a solution, but I usually push to simply scrap CAN everywhere possible and move to IP networking as mentioned by others in a sibling thread. That requires a ground-up system redesign, but it has a lot of benefits like not requiring a bunch of automotive programmers to implement a custom crypto architecture on constrained systems in C.

With CAN, you're pretty firmly in the land of tradeoffs because the safety-critical stuff you want to auth is also hard realtime and solutions that involve expensive coprocessors like HSMs are usually off the table for a number of reasons like cost, lack of vendors supplying high-integrity solutions, inability to do board spins, etc. Adding authentication also has the nasty problem of sometimes reducing your safety because it makes the channel less noise resistant, as demonstrated by Dariz et al [1]. Navigating these sorts of tradeoffs are why some manufacturers have gone with half-measures like only authenticating a small subset of messages.

[1] https://doi.org/10.1109/MTITS.2017.8005670




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: