International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
Effective CAN Controller Design for Highly
Secured Applications
* AVR Subramanyam1 , P. Bala Nagu2
PG Student (M. Tech) , 2 Associate Professor,
Dept. of ECE, Chirala Engineering College, Chirala, A.P, India.
1
ABSRACT: Controller Area Network (CAN) was initially created by German automotive system supplier
Robert Bosch in the mid-1980s for automotive applications as a method for enabling robust serial
communication. In this pa-per, the main intention is to provide security mechanism which keeps the bus
utilization as low as possible. The goal was to make automobiles more reliable, safe and fuel-efficient
while decreasing wiring harness weight and complexity. The CAN protocol is a message-based protocol,
not an address based protocol. This means that messages are not transmitted from one node to another
node based on addresses. Embedded in the CAN message itself is the priority and the contents of the data
being transmitted. All nodes in the system receive every message transmitted on the bus (and will
acknowledge if the message was properly received). It is up to each node in the system to decide whether
the message received should be immediately discarded or kept to be processed. A single message can be
destined for one particular node to receive, or many nodes based on the way the network and system are
designed.
data to be transferred.
1. INTRODUCTION
The Controller Area Network (CAN) is a
serial
communications
protocol
which
efficiently supports distributed real-time
control with a very high level of security. Its
domain of application ranges from high
speed networks
to
low cost
multiplex
wiring. In automotive electronics, engine
control units, sensors, anti-skid-systems,
etc. are connected using CAN protocol. At
the same time it is cost effective to build
into vehicle body electronics, e.g. lamp
clusters electric windows etc. to replace the
To achieve design transparency and
implementation flexibility CAN has been
subdivided into different layers.
•
the (CAN-) object layer
•
the (CAN-) transfer layer
•
the physical layer
The object layer and the transfer layer
comprise all services and functions of the
data link layer defined by the ISO/OSI
model. The
•
has
different
aspects
regarding
e.g.
electrical features and the interpretation of
ISSN: 2231-5381
finding
which
messages
are
to
be
transmitted
•
deciding which messages received by
the transfer layer are actually to be
achieve compatibility between any two CAN
implementations. Compatibility, however,
object layer
includes
wiring harness otherwise required.
The intention of this specification is to
scope of the
used,
•
Providing an interface to the application
layer related hardware.
http://www.ijettjournal.org
Page 39
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
There is much freedom in defining
The CAN communication protocol is a
object handling. The scope of the transfer
CSMA/CD protocol. The CSMA stands for
layer mainly is the transfer protocol, i.e.
Carrier Sense Multiple Access. What this
controlling
performing
means is that every node on the network
arbitration, error checking, error signalling
must monitor the bus for a period of no
and fault confinement. Within the transfer
activity before trying to send a message on
layer it is decided whether the bus is free
the bus (Carrier Sense).
the
framing,
for starting a new transmission or whether
Also, once this period of no activity
a reception is just starting. Also some
occurs, every node on the bus has an equal
general features of the bit timing are
opportunity to transmit a message (Multiple
regarded as part of the transfer layer. It is
Access).
in the nature of the transfer layer that
Detection. If two nodes on the network start
there is no freedom for modifications.
transmitting at the same time, the nodes
The scope of the physical layer is the
actual transfer of the bits between the
Within
one
network
CD
stands
for
Collision
will detect the ‘collision’ and take the
appropriate action.
different nodes with respect to all electrical
properties.
The
In
CAN
protocol,
a
nondestructive
the
bitwise arbitration method is utilized. This
physical layer, of course, has to be the
means that messages remain intact after
same for all nodes. There may be, however,
arbitration is completed even if collisions
much freedom in selecting a physical layer.
are detected. All of this arbitration takes
place without corruption or delay of the
CAN properties
higher priority message.
•
prioritization of messages
•
guarantee of latency times
•
configuration flexibility
•
multicast
reception
2. CAN FRAME TYPES
Message transfer is manifested and
controlled by four different frame types:
with
time
synchronization
A
DATA
FRAME carries
data from a
•
system wide data consistency
transmitter to the receivers.
•
multi master
•
error detection and signaling
A REMOTE FRAME is transmitted by a bus
•
automatic retransmission of corrupted
unit to request the transmission of the
messages as soon as the bus is idle
DATA FRAME with the same IDENTIFIER.
again
•
distinction between temporary errors
An ERROR FRAME is transmitted by any
and permanent failures of nodes and
unit on detecting a bus error.
autonomous
switching off of defect
nodes
ISSN: 2231-5381
An OVERLOAD FRAME is used to provide
http://www.ijettjournal.org
Page 40
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
for an extra delay between the preceding
’dominant’. Within a REMOTE FRAME the
and the succeeding DATA or REMOTE
RTR BIT has to be ’recessive’.
FRAMEs.
CONTROL FIELD
DATA FRAMEs and REMOTE FRAMEs are
The CONTROL FIELD consists of six bits. It
separated from preceding frames by an
includes the DATA LENGTH CODE and two
INTERFRAME SPACE.
bits reserved for future expansion. The
reserved bits have to be sent ’dominant’.
DATA FRAME
Receivers accept ’dominant’ and ’recessive’
A DATA FRAME is composed of seven
bits in all combinations.
different bit fields:
REMOTE FRAME
START OF FRAME, ARBITRATION FIELD,
A station acting as a RECEIVER for certain
CONTROL
CRC
data can initiate the transmission of the
FIELD, ACK FIELD, END OF FRAME. The
respective data by its source node by sening
DATA FIELD can be of length zero.
a REMOTE FRAME.
START OF FRAME marks the beginning of
A REMOTE FRAME is composed of six
DATA FRAMES and REMOTE FRAMEs. It
different bit fields:
FIELD,
DATA
FIELD,
consists of a single ’dominant’ bit.
START OF FRAME, ARBITRATION FIELD,
A
station
is
only
allowed
to
start
transmission when the bus is idle (see BUS
CONTROL FIELD, CRC FIELD, ACK FIELD,
END OF FRAME.
IDLE). All stations have to synchronize to
Contrary to DATA FRAMEs, the RTR
the leading edge caused by START OF
bit of REMOTE FRAMEs is ’recessive’. There
FRAME (see ’HARD SYNCHRONIZATION’) of
is no DATA FIELD, independent of the
the station starting transmission first.
values of the DATA LENGTH CODE which
may
be
signed
any
value
within
the
IDENTIFIER
admissible range 0...8. The value is the
The IDENTIFIER’s length is 11 bits. These
DATA LENGTH CODE of the corresponding
bits are transmitted in the order from ID-10
DATA FRAME.
to ID-0. The least significant bit is ID-0. The
7 most significant bits (ID-10 - ID-4) must
ERROR FRAME
not be all ’recessive’.
The
ERROR
FRAME
consists
of
two
different fields. The first field is given by the
Remote Transmission Request BIT
superposition of ERROR FLAGs contributed
In DATA FRAMEs the RTR BIT has to be
from
ISSN: 2231-5381
different
http://www.ijettjournal.org
stations.
The
following
Page 41
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
second field is the ERROR DELIMITER.
These waveforms shows how the
OVERLOAD FRAME
The
OVERLOAD
CAN controller is utilized the bus services
FRAME
contains
the
two bit fields OVERLOAD FLAG and
by using the bus_off_on signal. At the same
time it shows how the transmitter and
receiver
OVERLOAD DELIMITER.
There
are
conditions,
two
which
enables
after
successful
transmission and reception
kinds
of
both
OVERLOAD
lead
to
BIT TIME LOGIC MODULE
the
transmission of an OVERLOAD FLAG
3 SIMULATION RESULTS
The
Simulation
results
for
the
undergone modules are presented in this
section
Figure 3 Simulation Results Bit Time logic module
The above waveform shows how the
signals
are
blocked
for
providing
the
security by maintaining the proper delay
BIT STREAM PROCESSOR
Figure 1 Simulation Result-1 for CAN Module
Figure 2 Simulation Result-2 for CAN Module
Figure 4 Simulation Result Bit Stream Processor module
ISSN: 2231-5381
http://www.ijettjournal.org
Page 42
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
This
waveform
shows
how
the
Device utilization summary:
performance of controller in various modes.
Figures 5 & 6 shows the RTL and
Technology schematics of the simulated


Selected Device : 3s500efg320-5
Number of Slices:
of 4656
CAN modules.

18%
Number of Slice Flip Flops:
out of 9312

6%
1676
17%

Number used as logic:

Number used as RAMs:
1572
104

Number of IOs:

Number of bonded IOBs:
out of

624
Number of 4 input LUTs:
out of 9312
232
19
19
8%
Number of GCLKs:
out of
Figure 5 RTL Schematic of CAN controller
871 out
24
1
4%
Conclusion
The Complete Control Area Network
Protocol is developed in the Verilog HDL
which is wishbone compatible and supports
Non-Destructive
Broadcast
bit-wise
arbitration,
Communication,
Communication.
The
Broadcast
CAN
protocol
functionality is verified using the Modelsim
Tool and Synthesized using Xilinx Tool.
References:
1.
C. Szilagyi and P. Koopman, “A flexible approach to
embedded network multicast authentication,” in
Workshop on Embedded Systems Se-curity, 2008.
2.
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T.
Kohno, S. Checkoway, D. McCoy, B. Kantor, D.
Anderson,
H.
Shacham,
Savage,“Experimental
modern
Figure 6 Technology Schematic of CAN controller
security
automobile,” in
and
analysis
S.
of
IEEE Symposium
Security and Privacy, pp. 447–462, 2010.
3.
M. Wolf, A. Weimerskirch, and C. Paar, “Security in
automotive
bus
systems,”
in
Workshop
Embedded Security in Cars, 2004.
ISSN: 2231-5381
a
on
http://www.ijettjournal.org
Page 43
on
International Journal of Engineering Trends and Technology (IJETT) – Volume 12 Number 1 - Jun 2014
4.
A. Perrig, R. Canetti, D. Song, and D. Tygar,
“Efficient authentication and signing of multicast
streams over lossy channels,” in IEEE Symposium
on Security and Privacy, pp. 56–73, 2000.
5.
A. Perrig, R. Canetti, D. Song, and D. Tygar,
“Efficient and secure source authentication for
multicast,” in Network and Distributed System
Security Symposium, pp. 35–46, 2001.
6.
M. D. Natale, H. Zeng, P. Giusto, and A. Ghosal,
“Worst-case time analysis of can messages,” in
Understanding and Using the Controller Area
Network Communication Protocol. Springer, pp.
43–65, 2012.
Authors Profile:
AVR Subramanyam is
currently pursuing his
post
graduation
Chirala
in
Engineering
College. He has over
two years of experience in industries
and three year teaching experience.
P.
Bala
working
Nagu
as
is
an
Associate Professor in
the
Electronics
Engineering
&
in
department
of
Communication
Chirala
Engineering
College, Chirala. He has Nine years of
teaching experience along with one year
industrial experience.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 44