CAN data diode technology of vehicle security consortium based on TU design

Vehicle security consortium based on TU cyber technology

The University of Tulsa has partnered with a consortium of industry leaders in vehicle cyber security to develop a CAN data diode hardware device that prevents the hacking of heavy trucks. A group of faculty and students from TU’s Department of Mechanical Engineering have joined a consortium of organizations led by the nonprofit National Motor Freight Traffic Association, Inc. to increase protection of electronic logging devices, or ELDs.

The group’s CAN (Controller Area Network) Data Diode hardware device is based on technology developed by Associate Professor Jeremy Daily and mechanical engineering senior Hayden Allan. TU, the NMFTA and other industry experts are collaborating to identify and validate possible commercial applications such as securing ELDs. Daily specializes in heavy truck crash data recovery and vehicle forensics while regularly partnering with industry organizations to improve transportation cyber security. The CAN Data Diode hardware device prevents communication from the ELD to a commercial vehicle by virtually eliminating the connected logging device as a remote cyberattack target. This creates a hardware safeguard for connected vehicles. According to the Federal Motor Carrier Safety Administration, ELDs are mandatory for most freight carriers in the United States and will soon be required in Canada.

“The CAN Data Diode will help carriers comply with mandatory ELD regulations while also protecting onboard vehicle networks that could be compromised by a cracked ELD,” Daily said.

The technology is critical in protecting heavy trucks from the tampering and attacks of hackers who target weak entry points in connected vehicles. The consortium’s CAN Data Diode is designed specifically for ELD installation of hardware that often lacks basic cyber security safety measures. The technology eliminates all possible communication to the vehicle network from the ELD device and restricts data from the vehicle to only devices that meet the ELD mandate.

The CAN Data Diode project is a low-cost network isolation solution for commercial vehicle operators who cannot afford sophisticated fleet management applications to keep their vehicles secure from mandated ELDs. Daily anticipates licensure of the technology as it matures in future field testing.

“The work we do at TU with our industry partners should help reduce the risk of cyberattacks in heavy vehicles on today’s roads,” he said. “We look forward to working with our partners to continue development and real-world implementation for the CAN Data Diode.”