The Controller Area Network (CAN) has been a trusted standard in automotive, industrial, and marine applications for decades. Its robustness, real-time capabilities, and low-cost implementation have made it a favorite among embedded engineers. However, as vehicles and machinery become increasingly connected, the CAN bus has emerged as a prime target for cyberattacks. This shift has driven the development of ISO/SAE 21434, a comprehensive standard for cybersecurity engineering in road vehicles.

For embedded system designers, understanding and applying ISO/SAE 21434 principles is now as important as meeting functional performance targets. This post outlines how you can integrate CAN bus security into your embedded systems in line with ISO/SAE 21434 guidelines.

Why CAN Bus Security Matters

Historically, CAN networks were isolated systems with no direct exposure to the internet. Today, modern vehicles and equipment integrate telematics, infotainment, over-the-air updates, and remote diagnostics. These connectivity features open potential entry points for malicious actors.

Security breaches in CAN networks can result in:

• Unauthorized control of actuators and safety systems.

• Disruption of operational performance.

• Manipulation of diagnostic or telemetry data.

• Long-term brand and financial damage for manufacturers.

The key lesson is clear: securing CAN networks is no longer optional—it’s a core design requirement.

Overview of ISO/SAE 21434

ISO/SAE 21434 provides a structured framework for managing cybersecurity risks throughout the entire product lifecycle—from concept and development to production, operation, and decommissioning.

Key areas addressed include:

1. Risk Assessment & Threat Analysis – Identifying vulnerabilities, potential attackers, and associated risks.

2. Security-by-Design – Embedding security measures at the architecture level, rather than as an afterthought.

3. Verification & Validation – Testing security measures under realistic attack scenarios.

4. Incident Response & Monitoring – Preparing procedures for detecting and responding to breaches.

5. Lifecycle Management – Ensuring security remains effective through updates and changes.

Implementing ISO/SAE 21434 in Embedded CAN Systems

While ISO/SAE 21434 is broad, the following practical steps will help you align your CAN-based design with the standard.

1. Conduct Threat Analysis and Risk Assessment (TARA)

Before designing your system, perform a structured TARA:

• Map out all entry points into the CAN network (USB ports, diagnostics, telematics modules, wireless gateways).

• Identify possible threat actors (e.g., hackers, insiders, competing entities).

• Assess potential attack scenarios and their likelihood.

• Prioritize risks to address based on safety and operational impact.

2. Design with Security in Mind

Integrate security features at the hardware and firmware level:

• Message Authentication – Use cryptographic message authentication codes (MAC) to prevent spoofing.

• Encryption for Sensitive Data – Protect confidential or safety-critical data using lightweight encryption suitable for embedded devices.

• Access Control – Implement secure gateways that limit external access to the CAN network.

• Segmentation – Separate critical control systems from non-critical networks (e.g., infotainment).

3. Implement Secure Boot and Firmware Updates

Secure boot ensures only trusted firmware is executed on your hardware. Combine this with:

• Digitally signed firmware updates.

• Secure over-the-air (OTA) mechanisms that verify authenticity before installation.

• Fail-safe rollback procedures in case of update failure.

4. Validate Security Measures

Testing should simulate realistic attack vectors:

• Replay attacks.

• Message injection.

• Denial-of-service scenarios on the CAN network.

• Fuzz testing to detect protocol handling weaknesses.

5. Maintain Security Over the Product Lifecycle

Cybersecurity is not a one-time activity. Establish:

• Continuous vulnerability monitoring.

• Incident reporting and response protocols.

• Timely deployment of security patches.

• Ongoing TARA updates when new threats emerge.

Practical Example: Applying Security to an Embedded Gateway

Suppose you are developing an ESP32-based CAN-to-Ethernet gateway. Applying ISO/SAE 21434 principles could involve:

• Running TARA to identify vulnerabilities in both CAN and Ethernet interfaces.

• Adding hardware security modules (HSM) to manage keys and encryption.

• Implementing role-based access control for configuration changes.

• Using secure boot to prevent tampering with gateway firmware.

• Establishing an OTA update process with digital signatures and verification.

Benefits of Implementing ISO/SAE 21434

Adopting ISO/SAE 21434 not only enhances safety but also:

• Protects brand reputation.

• Increases market competitiveness by demonstrating compliance.

• Prepares products for future regulations.

• Reduces long-term maintenance costs by preventing security breaches before they happen.

Final Thoughts

The transition from isolated CAN networks to connected, intelligent systems has brought tremendous functionality—and new vulnerabilities. By following ISO/SAE 21434, engineers can integrate security into every stage of development, ensuring their embedded CAN systems remain robust and trustworthy in an evolving threat landscape.

References

1. ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering, International Organization for Standardization & SAE International
2. SAE J1939 Standards Collection, SAE International
3. Controller Area Network (CAN) Specification, Bosch GmbH
4. Automotive Cybersecurity Best Practices, National Highway Traffic Safety Administration (NHTSA)
5. Practical Security for Embedded Systems, Embedded Systems Conference Proceedings

Automotive Cybersecurity: An Introduction to ISO/SAE 21434

Industries, regulators, and consumers alike recognize that cybersecurity is an ongoing challenge in today’s interconnected world. Protecting and defending digital assets against malicious attacks has become part of daily life. From personal devices to online banking to sensitive healthcare records, cybercrime can impact anyone.

As technology becomes increasingly integrated into modern vehicles, safeguarding the global automotive infrastructure from cybercriminals is a top priority. Attackers may seek to steal data, disrupt operations, or even take control of automated systems for malicious purposes. In this environment, systems and components critical to safety must be shielded from harmful attacks, unauthorized access, damage, or any interference that could compromise their intended functions.

Automotive Cybersecurity: An Introduction to ISO/SAE 21434 offers a clear, accessible overview of the industry standard developed to help manufacturers stay ahead of evolving technologies and attack methods. ISO/SAE 21434 provides a comprehensive framework for addressing cybersecurity challenges on a global scale. Industry experts David Ward and Paul Wooderson distill the complexities of the standard into practical, need-to-know guidance—complete with a dedicated chapter addressing frequently asked questions. More information...