The Controller Area Network (CAN) protocol (ISO 11898) is flexible and easy to deploy in distributed embedded systems. It has been widely used in various industries. For example, the CAN protocol is a de facto network standard for automotive applications. Since initial deployments in the late 1980s the simple low-cost bus topology and inherent flexibility of CAN have enabled it to capture the majority of low- to medium-speed networking traffic. Today most automotive engine control units (ECU) have some form of connection to a CAN network, and most automotive-centric semiconductors have at least one integrated CAN controller.
Integrity and availability are two attributes of dependable communication systems. Availability is the “readiness for correct service.” Integrity is the “absence of improper system state alterations.” Conventional solutions are concerned about medium availability—stemming from, for example, babbling devices or shorted or broken media (partitioning of physical media)—and persistent message integrity errors stemming from bit flips and stuck-at-node faults.
However, node-induced addressing faults due to faulty hardware or software resulting in masquerading faults have not been considered in detail by conventional approaches. For example, some conventional approaches only protect the physical layer and will not cover faulty software or chips or memory affected by bit flips. Masquerading faults are particularly important for protocols that are influenced by software, since any software failure can result in persistent masquerade errors and incorrect accusation of the nodes, i.e. the wrong node is assumed to be faulty. Since these failures result in messages that are syntactically well-formed, they are especially hard to detect by diagnosis equipment monitoring a shared medium such as a bus using conventional approaches. Another failure which should be prevented is the case of a node sending an allowed frame at the wrong rate. As more safety-relevant applications emerge, the importance of covering both physical and software failure, such as masquerade faults, will increase due to the development of software-based architecture approaches.