CAN-SEC – CANsec Controller IP Core

CAN-SEC – CANsec Controller IP Core

© Fraunhofer IPMS
CANsec block diagram

The CiA 613-1 and -2 standards of CAN in Automation (CiA) extend the CAN XL protocol with security functions that protect the integrity, authenticity, and confidentiality of data in CAN-based networks.

The CAN-SEC IP core can be used directly between the host processor and a CAN XL controller core. It builds up the CANsec structure in the buffers of the CAN-XL core directly before transmission or directly after reception of the frame. The CAN-SEC IP core has internal registers that contain the information (identifier, key and mode) for the safe channels. The registers for up to 256 safe channels can be set by synthesis parameters. Therefore, the station equipped with the CAN-SEC IP-Core can participate in up to 256 safe channels. The CAN-SEC is compatible with the CAN XL Controller IP Core (CAN-CTRL) of Fraunhofer IPMS and can also be used independently or with other CAN XL solutions. 


Key Features

  • Supports CAN XL specification and CAN XL add-on services (CiA 610-1, CiA 613-1 and 2) 
  • Supports up to 256 bit key size
  • Supports NIST encryption Standards 
  • Advanced Encryption Standard (AES)
  • Cipher-based Message Authentication Code (CMAC) 
  • Galois Counter Mode (GCM)
  • One clock domain
  • Detailed error reporting 
  • Configurable number of supported secure channels up to 256 
  • Supports separate buffer for standalone operations