image image

Protecting the CAN bus

Trainer: Ken Tindell

Date: 5th - 7th July 2021 (5hrs for 3days)

Time: 9:00am to 2:00pm PDT

Platform: Zoom + Discord


This hands-on course teaches how to protect a CAN bus from various types of attacks. It covers CAN at an advanced level, the types of attacks on CAN and various techniques for defending against those attacks and keeping the bus secure.

Within the three days you will:

  • Gain an advanced understanding of the CAN protocol
  • Learn about different attacks on the CAN bus
  • Gain an understanding of how to detect and mitigate attacks using different software and hardware techniques
  • Learn how to protect CAN payloads using encryption and Hardware Security Modules
  • Learn how to design a CAN security gateway
  • Gain an understanding of CAN Intrusion Detection Systems
  • Discover the latest techniques in CAN security hardware

The course begins with learning about advanced aspects of the CAN bus, starting with building a simple CAN network. The hands-on lab work uses the Raspberry Pi Pico with open source CANPico and CANHack hardware and a custom version of the open source MicroPython CAN SDK from Canis Automotive Labs, plus with a low-cost Sigrok-compatible logic analyzer with the open source can2 protocol decoder. After learning about CAN we move on to attacking CAN and try out some attacks for real on the hardware. Then we look at ways to defend against those attacks, from encryption to security hardware, focusing on the strengths and weaknesses of each technique.

The course is structured as follows:

Day 1
  • Hands-on learning about CAN bus, using the lab hardware to investigate the anatomy of a CAN frame and the protocol behavior
Day 2
  • Attacks on CAN bus: how attackers get on to a CAN bus and what they can do to the bus when they get there
Day 3
  • Defending the bus with encryption: using an HSM, key distribution, and CryptoCAN (an encryption scheme for CAN frames)
  • Defending the bus with intrusion detection systems, security gateways, and the latest hardware protocol defense techniques


  • Gaining a deep understanding of the CAN protocol
  • Recognition of the threats to a CAN bus
  • Obtaining a ‘kitbag’ of techniques to detect and mitigate attacks on CAN


  • Two Canis Labs CANPico boards and a Canis Labs CANHack board with Raspberry Pi Pico and MicroPython SDK firmware installed
  • A Sigrok-compatible logic analyzer and cables
  • CAN bus cable
  • A downloadable SD card image for a Raspberry Pi 4 for Raspbian with all the necessary tools installed and ready to run


  • Students will need a computer running a recent Linux that has the latest Sigrok PulseView, Thonny (with Raspberry Pi Pico support), Wireshark and a powered USB hub with at least four ports
  • Students should have some knowledge of CAN bus and experience with embedded systems


Dr. Ken Tindell obtained his PhD in real-time systems from the University of York and developed the first timing analysis for CAN bus (calculating worst-case latencies for CAN frames). He worked with Volvo on its new generation vehicle networking system (architecting the Volcano networking system for CAN) and designed a real-time embedded RTOS used in millions of vehicles. He co-founded LiveDevices (subsequently acquired by Bosch) and Volcano Communication Technologies (subsequently acquired by Mentor). His CAN priority buffer scheme has been widely adopted in microcontroller CAN controller silicon. He is the author of many academic papers in real-time systems design and has developed several open source projects including the MIN protocol and the CANHack toolkit. He is the CTO and co-founder of Canis Automotive Labs.