Evaluating Lightweight Block Cipher Payload Encryption for Real-Time CAN Traffic

TL;DR

This paper assesses lightweight block cipher encryption on CAN traffic using a microcontroller, demonstrating it can obscure signal patterns with minimal timing impact, thus enhancing security against reverse engineering.

Contribution

It provides an empirical evaluation of lightweight encryption's effectiveness in hiding CAN signal semantics on resource-limited embedded hardware.

Findings

Encryption masks constant and predictable signal patterns.

Maintains 100 Hz transmission schedule despite encryption.

Reduces passive inference of CAN signals from observation.

Abstract

This study evaluates the feasibility of integrating lightweight block cipher payload encryption into a real-time embedded controller area network (CAN) node using a QT PY ESP32-S2 microcontroller. This work seeks to determine whether the use of a block cipher can prevent semantic taxonomy-based reverse engineering, which infers signal meaning from unencrypted CAN traffic using observation and statistical analysis. CAN payloads are encrypted using a lightweight block cipher and evaluated through experiments that measure timing impact, payload pattern observability, and correlation-based inference. Results indicate that encryption masks constant values and predictable signal patterns while preserving a 100 Hz transmission schedule. These findings suggest that lightweight payload encryption can reduce passive, observation based inference of CAN signal semantics on resource-constrained hardware with limited timing overhead impact.