International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
Effective CAN Controller Design for Highly Secured Applications * AVR Subramanyam1 , P. Bala Nagu2 PG Student (M. Tech) , 2 Associate Professor, Dept. of ECE, Chirala Engineering College, Chirala, A.P, India. 1
ABSRACT: Controller Area Network (CAN) was initially created by German automotive system supplier Robert Bosch in the mid-1980s for automotive applications as a method for enabling robust serial communication. In this pa-per, the main intention is to provide security mechanism which keeps the bus utilization as low as possible. The goal was to make automobiles more reliable, safe and fuel-efficient while decreasing wiring harness weight and complexity. The CAN protocol is a message-based protocol, not an address based protocol. This means that messages are not transmitted from one node to another node based on addresses. Embedded in the CAN message itself is the priority and the contents of the data being transmitted. All nodes in the system receive every message transmitted on the bus (and will acknowledge if the message was properly received). It is up to each node in the system to decide whether the message received should be immediately discarded or kept to be processed. A single message can be destined for one particular node to receive, or many nodes based on the way the network and system are designed.
data to be transferred.
1. INTRODUCTION The Controller Area Network (CAN) is a serial
communications
protocol
which
efficiently supports distributed real-time control with a very high level of security. Its domain of application ranges from high speed networks
to
low cost
multiplex
wiring. In automotive electronics, engine control units, sensors, anti-skid-systems, etc. are connected using CAN protocol. At the same time it is cost effective to build into vehicle body electronics, e.g. lamp clusters electric windows etc. to replace the
To achieve design transparency and implementation flexibility CAN has been subdivided into different layers. •
the (CAN-) object layer
•
the (CAN-) transfer layer
•
the physical layer The object layer and the transfer layer
comprise all services and functions of the data link layer defined by the ISO/OSI model. The
•
has
different
aspects
regarding
e.g.
electrical features and the interpretation of
ISSN: 2231-5381
finding
which
messages
are
to
be
transmitted •
deciding which messages received by the transfer layer are actually to be
achieve compatibility between any two CAN implementations. Compatibility, however,
object layer
includes
wiring harness otherwise required. The intention of this specification is to
scope of the
used, •
Providing an interface to the application layer related hardware.
http://www.ijettjournal.org
Page 39
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014 There is much freedom in defining
The CAN communication protocol is a
object handling. The scope of the transfer
CSMA/CD protocol. The CSMA stands for
layer mainly is the transfer protocol, i.e.
Carrier Sense Multiple Access. What this
controlling
performing
means is that every node on the network
arbitration, error checking, error signalling
must monitor the bus for a period of no
and fault confinement. Within the transfer
activity before trying to send a message on
layer it is decided whether the bus is free
the bus (Carrier Sense).
the
framing,
for starting a new transmission or whether
Also, once this period of no activity
a reception is just starting. Also some
occurs, every node on the bus has an equal
general features of the bit timing are
opportunity to transmit a message (Multiple
regarded as part of the transfer layer. It is
Access).
in the nature of the transfer layer that
Detection. If two nodes on the network start
there is no freedom for modifications.
transmitting at the same time, the nodes
The scope of the physical layer is the actual transfer of the bits between the
Within
one
network
CD
stands
for
Collision
will detect the ‘collision’ and take the appropriate action.
different nodes with respect to all electrical properties.
The
In
CAN
protocol,
a
nondestructive
the
bitwise arbitration method is utilized. This
physical layer, of course, has to be the
means that messages remain intact after
same for all nodes. There may be, however,
arbitration is completed even if collisions
much freedom in selecting a physical layer.
are detected. All of this arbitration takes place without corruption or delay of the
CAN properties
higher priority message.
•
prioritization of messages
•
guarantee of latency times
•
configuration flexibility
•
multicast
reception
2. CAN FRAME TYPES Message transfer is manifested and controlled by four different frame types: with
time
synchronization
A
DATA
FRAME carries
data from a
•
system wide data consistency
transmitter to the receivers.
•
multi master
•
error detection and signaling
A REMOTE FRAME is transmitted by a bus
•
automatic retransmission of corrupted
unit to request the transmission of the
messages as soon as the bus is idle
DATA FRAME with the same IDENTIFIER.
again •
distinction between temporary errors
An ERROR FRAME is transmitted by any
and permanent failures of nodes and
unit on detecting a bus error.
autonomous
switching off of defect
nodes
ISSN: 2231-5381
An OVERLOAD FRAME is used to provide
http://www.ijettjournal.org
Page 40
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014 for an extra delay between the preceding
’dominant’. Within a REMOTE FRAME the
and the succeeding DATA or REMOTE
RTR BIT has to be ’recessive’.
FRAMEs. CONTROL FIELD DATA FRAMEs and REMOTE FRAMEs are
The CONTROL FIELD consists of six bits. It
separated from preceding frames by an
includes the DATA LENGTH CODE and two
INTERFRAME SPACE.
bits reserved for future expansion. The reserved bits have to be sent ’dominant’.
DATA FRAME
Receivers accept ’dominant’ and ’recessive’
A DATA FRAME is composed of seven
bits in all combinations.
different bit fields: REMOTE FRAME START OF FRAME, ARBITRATION FIELD,
A station acting as a RECEIVER for certain
CONTROL
CRC
data can initiate the transmission of the
FIELD, ACK FIELD, END OF FRAME. The
respective data by its source node by sening
DATA FIELD can be of length zero.
a REMOTE FRAME.
START OF FRAME marks the beginning of
A REMOTE FRAME is composed of six
DATA FRAMES and REMOTE FRAMEs. It
different bit fields:
FIELD,
DATA
FIELD,
consists of a single ’dominant’ bit. START OF FRAME, ARBITRATION FIELD, A
station
is
only
allowed
to
start
transmission when the bus is idle (see BUS
CONTROL FIELD, CRC FIELD, ACK FIELD, END OF FRAME.
IDLE). All stations have to synchronize to
Contrary to DATA FRAMEs, the RTR
the leading edge caused by START OF
bit of REMOTE FRAMEs is ’recessive’. There
FRAME (see ’HARD SYNCHRONIZATION’) of
is no DATA FIELD, independent of the
the station starting transmission first.
values of the DATA LENGTH CODE which may
be
signed
any
value
within
the
IDENTIFIER
admissible range 0...8. The value is the
The IDENTIFIER’s length is 11 bits. These
DATA LENGTH CODE of the corresponding
bits are transmitted in the order from ID-10
DATA FRAME.
to ID-0. The least significant bit is ID-0. The 7 most significant bits (ID-10 - ID-4) must
ERROR FRAME
not be all ’recessive’.
The
ERROR
FRAME
consists
of
two
different fields. The first field is given by the Remote Transmission Request BIT
superposition of ERROR FLAGs contributed
In DATA FRAMEs the RTR BIT has to be
from
ISSN: 2231-5381
different
http://www.ijettjournal.org
stations.
The
following
Page 41
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014 second field is the ERROR DELIMITER.
These waveforms shows how the
OVERLOAD FRAME The
OVERLOAD
CAN controller is utilized the bus services
FRAME
contains
the
two bit fields OVERLOAD FLAG and
by using the bus_off_on signal. At the same time it shows how the transmitter and receiver
OVERLOAD DELIMITER. There
are
conditions,
two which
enables
after
successful
transmission and reception
kinds
of
both
OVERLOAD
lead
to
BIT TIME LOGIC MODULE
the
transmission of an OVERLOAD FLAG
3 SIMULATION RESULTS The
Simulation
results
for
the
undergone modules are presented in this section
Figure 3 Simulation Results Bit Time logic module
The above waveform shows how the signals
are
blocked
for
providing
the
security by maintaining the proper delay
BIT STREAM PROCESSOR Figure 1 Simulation Result-1 for CAN Module
Figure 2 Simulation Result-2 for CAN Module Figure 4 Simulation Result Bit Stream Processor module
ISSN: 2231-5381
http://www.ijettjournal.org
Page 42
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014 This
waveform
shows
how
the
Device utilization summary:
performance of controller in various modes. Figures 5 & 6 shows the RTL and Technology schematics of the simulated
Selected Device : 3s500efg320-5 Number of Slices: of 4656
CAN modules.
18%
Number of Slice Flip Flops: out of 9312
6% 1676
17%
Number used as logic:
Number used as RAMs:
1572 104
Number of IOs:
Number of bonded IOBs: out of
624
Number of 4 input LUTs: out of 9312
232
19 19
8%
Number of GCLKs: out of
Figure 5 RTL Schematic of CAN controller
871 out
24
1
4%
Conclusion The Complete Control Area Network Protocol is developed in the Verilog HDL which is wishbone compatible and supports Non-Destructive Broadcast
bit-wise
arbitration,
Communication,
Communication.
The
Broadcast
CAN
protocol
functionality is verified using the Modelsim Tool and Synthesized using Xilinx Tool.
References: 1.
C. Szilagyi and P. Koopman, “A flexible approach to embedded network multicast authentication,” in Workshop on Embedded Systems Se-curity, 2008.
2.
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson,
H.
Shacham,
Savage,“Experimental modern
Figure 6 Technology Schematic of CAN controller
security
automobile,” in
and analysis
S. of
IEEE Symposium
Security and Privacy, pp. 447–462, 2010. 3.
M. Wolf, A. Weimerskirch, and C. Paar, “Security in automotive
bus
systems,”
in
Workshop
Embedded Security in Cars, 2004.
ISSN: 2231-5381
a on
http://www.ijettjournal.org
Page 43
on
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014 4.
A. Perrig, R. Canetti, D. Song, and D. Tygar, “Efficient authentication and signing of multicast streams over lossy channels,” in IEEE Symposium on Security and Privacy, pp. 56–73, 2000.
5.
A. Perrig, R. Canetti, D. Song, and D. Tygar, “Efficient and secure source authentication for multicast,” in Network and Distributed System Security Symposium, pp. 35–46, 2001.
6.
M. D. Natale, H. Zeng, P. Giusto, and A. Ghosal, “Worst-case time analysis of can messages,” in Understanding and Using the Controller Area Network Communication Protocol. Springer, pp. 43–65, 2012.
Authors Profile: AVR Subramanyam is currently pursuing his post
graduation
Chirala
in
Engineering
College. He has over two years of experience in industries and three year teaching experience.
P.
Bala
working
Nagu as
is an
Associate Professor in the Electronics Engineering
& in
department
of
Communication Chirala
Engineering
College, Chirala. He has Nine years of teaching experience along with one year industrial experience.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 44