More Than Frame Security for CAN FD

The Standards Gap CANcrypt V2 Fills

The EU Cyber Resilience Act and standards such as IEC 62443 require that data in motion is authenticated and encrypted with strong, current cryptography. The CAN FD and CANopen FD standards have no published security specification of their own. CANcrypt V2 closes that gap. It applies the SPsec security sublayer to CAN FD, so machine builders can meet modern regulatory expectations without inventing security at the application layer.

A Complete Security Infrastructure

CANcrypt V2 does protect all frames: once a node enters the secure state, every CAN FD frame (in SPsec addressed data unit) it sends is authenticated and, when configured for full confidentiality, encrypted. The same mechanism covers process data, configuration access and the heartbeat that proves a node is still on the bus. CANcrypt V2 is also the security infrastructure around those frames, not frame protection alone. It defines a hierarchy of keys, from a manufacturer provisioning key down to the working keys that protect traffic, each with a defined trust level and a defined way to install it, so an integrator can take a device into service and assign its keys over a secured session.

The cryptography itself is a choice: each network selects one AEAD construction, AES-GCM, ChaCha20-Poly1305 or ASCON-128, to match its devices. Working keys then refresh themselves. They are re-derived from the seed key on a fixed timer while the network keeps running, so a fresh key rolls in during full operation with no handshake, no slowdown and no added delay.
See how SPsec works →

What Is Inside SPsec

SPsec brings together a mixture of building blocks rather than a single technique:

• AEAD
• Cryptographic method configurable
• Replay protection
• Per-frame integrity
• Configurable tag size
• Authenticated configuration
• Authenticated time sync
• Open-source specification
• Network-independent sublayer
• Multi-Participant Grouping
• Per-message authentication
• Secure Heartbeat
• SPsec Session (TLS-PSK style)
• Parameter Authentication
• Automatic key rotation, no handshake
• Key hierarchy
• EU CRA aligned
• Synced time as uniqueness
• Key provisioning methods included

The Origins of SPsec

SPsec began as a two-year research project announced in December 2023 by Embedded Systems Academy together with the Institute of Reliable Embedded Systems and Communication Electronics (ivESK) at Offenburg University, supported by a grant from the German Federal Ministry for Economic Affairs and Climate Action. The work carried the title Inter-Layer Multi-Participant Security for Small-Packet Networks, and its goal was a single security framework for resource-constrained networks such as CAN, CANopen, I2C and RS-485, where the frame is too short to carry the security overhead that internet protocols take for granted. The approach was presented for the first time at the embedded world Conference in Nuremberg in April 2024.

By August 2024 the project had published a white paper titled Cybersecurity Primitives for Small-Packet Networks and a proof of concept that routes unprotected traffic through an SPsec sublayer on its way to a secured CAN FD interface. The results are written to be reused by the Safety and Security Special Interest Group of CAN in Automation (CiA), so SPsec can become a shared, openly published specification rather than one vendor's product. CANcrypt V2 is the first product built on that specification.

Frequently Asked Questions

What does CANcrypt V2 secure?

Once a node enters the secure state, every addressed data unit it sends is authenticated and, when configured for full confidentiality, encrypted. The same mechanism covers process data, configuration access and the heartbeat.

Is CANcrypt V2 compatible with CANopen FD?

Yes. CANcrypt V2 applies the SPsec sublayer beneath the existing higher-layer protocol, so CANopen FD stacks keep working. They only respect the reduced payload budget and route control-plane traffic on the SPsec-marked CAN IDs.