Zimmermann, TillBauer, JanAschenbruck, NilsReinhardt, DelphineLangweg, HannoWitt, Bernhard C.Fischer, Mathias2020-02-042020-02-042020978-3-88579-695-4https://dl.gi.de/handle/20.500.12116/31791The Controller Area Network (CAN) bus is widely used in existing machinery. Facing more and more vertical integration with more complex devices and integration into public communication networks, its nature as a broadcast-only system without security measures poses serious risks to confidentiality of transmitted data. In this paper, we propose a Lightweight, Length Preserving and Robust Confidentiality Solution (LLPR-CS) to retrofit encryption in existing systems, while maintaining full interoperability with these systems. The overhead of our approach is negligible. Therefore, it can be used with existing hardware. By reinterpreting unused bits in the CAN frame format of the ISO 11898 standard, it is possible to build a fully transparent encrypted tunnel in non-confidential network parts, while keeping the ability to decrypt all traffic in an out-of-band-system without knowledge of specific cryptographic state details. By conducting a performance evaluation, we highlight the benefits of LLPR-CS and discuss its advantages compared to existing approaches.enISO 11783ISOBUSController Area NetworkSecurityPrivacyConfidentialitySmart FarmingText/Conference Paper10.18420/sicherheit2020_061617-5468