Securing J1939 Communications Using Strong Encryption with FIPS 140-2 2017-01-0020
Since 2001, all sensitive information of U.S. Federal Agencies has been protected by strong encryption mandated by the Federal Information Processing Standards (FIPS) 140-2 Security Requirements. The requirements specify a formal certification process. The process ensures that validated encryption modules have implemented the standard, and have passed a rigorous testing and review processes. Today, this same strong security protection has become possible for vehicle networks using modern, cost-effective encryption in hardware.
This paper introduces the motivation and context for the encryption diagnostics security in terms of all vehicles in general, not just trucks which use SAE J1939 communications. Several practical scenarios for using such encryption hardware and the advantages of using hardware compared to software private-key encryption and public-key encryption are described.
This paper describes strong FIPS 140-2 encryption for vehicle diagnostics communications, using as an example the J1939 protocol. The encrypted J1939 data and commands are tamper-proof, since they cannot be changed or altered -- accidentally or otherwise. The encrypted J1939 data and commands can also be stored and transported securely, giving no unauthorized read access.
The examples will show J1939 encryption, communicating over both wired and wireless networks. Two-factor authentication is achieved, since both the hardware and a password key are needed to decrypt. And, the same hardware can provide both private-key encryption (traditional symmetric encryption) and public-key encryption (asymmetric encryption and digital signatures).
The conclusion states results of successfully tested FIPS 140-2 cryptographic hardware implementation for embedded systems communication of J1939 diagnostic commands over wireless networks using both ZigBee and Wi-Fi.