Controller area network (CAN)

What is a controller area network (CAN)?

A controller area network (CAN), also known as a CAN bus, is a communication system that enables electronic control units (ECUs) to exchange data over a shared network. Developed in the mid-1980s and introduced in 1986, CAN is standardized under the International Organization for Standardization (ISO) 11898 series and was designed to reduce complex, heavy wiring harnesses in vehicles.

CANs are also used in industrial systems and other settings where components need to be connected without a central host computer.

How does a CAN work?

Most automotive CAN networks use a two-wire differential bus architecture to transmit messages between devices. Each node can send and receive data over the shared bus. With no central host, each ECU can send messages independently.

Communication typically follows these steps:

Message broadcast: An ECU sends a message to the network, which all other nodes can receive.
Arbitration: A non-destructive, bitwise arbitration process prioritizes messages with lower numerical identifiers when multiple ECUs attempt to send data simultaneously.
Message filtering: Each node reads the message and determines whether it's relevant and should be processed.
Error detection: Each node checks for transmission errors using built-in mechanisms such as the cyclic redundancy check (CRC), bit monitoring, and frame checks. When an error is detected, nodes signal the error, discard the faulty frame, and retransmit the message.

Why is a CAN important?

By allowing multiple devices to share the same network, CAN reduces the need for separate point-to-point wiring between components. This is especially useful in vehicles, one of the earliest and most important use cases for CAN.

In systems such as cars, trucks, and industrial equipment, separate wiring for every component can add weight, cost, and complexity. A shared bus helps simplify communication between ECUs, sensors, and other devices. The design is also generally efficient and lightweight in terms of resource use.

Where are CANs used?

CANs are used in systems where multiple electronic components must communicate with each other. This can include:

Passenger vehicles: Connects systems such as engines, braking, and infotainment so components can communicate within the vehicle.
Commercial trucks and buses: Supports coordination among larger, more complex vehicle systems, including diagnostics and fleet management.
Industrial automation systems: Enables communication between controllers, sensors, and machinery in manufacturing and production environments.
Medical and embedded devices: Connects components in some specialized systems, including medical equipment, embedded controllers, and monitoring devices.
Marine and agricultural equipment: Links systems in boats, agricultural machinery, and other off-road equipment.

Risks and privacy concerns of CANs

Classic CAN was designed for reliable, efficient communication, not built-in cybersecurity. As such, it can expose systems to various risks. Downsides of the design include:

No built-in encryption: Messages are not encrypted, so anyone with access to the network may be able to read the data.
No native authentication: CAN doesn't verify which node sent a message, potentially allowing message spoofing or unauthorized commands.
Common attack vectors: CAN systems can be vulnerable to message injection, replay, spoofing, and denial-of-service (DoS) attacks. In connected vehicles, external interfaces may create remote pathways into internal vehicle networks if not properly secured.
Physical access increases risk: People with direct access to the network may be able to read, inject, or interfere with traffic.
Compromised ECUs can affect other systems: A compromised node may send malicious or misleading messages on the bus, so a single vulnerable component can have a wider impact if the network is not properly segmented.

FAQ

What does controller area network mean?

A controller area network (CAN) is a communication system that lets electronic control units (ECUs) exchange data over a shared network without a central host. It’s commonly used in vehicles and embedded systems to connect components efficiently.

Is the controller area network (CAN) secure?

CAN doesn’t include built-in security features such as encryption or authentication, which is one of the risks of CAN systems. Systems can add additional protections, but without them, CAN may allow unauthorized devices to read or send messages on the network.

What is the difference between controller area network (CAN) and CAN FD?

CAN flexible data-rate (FD) extends classical CAN by supporting larger data payloads and faster data transmission during the data phase. It lets systems send more data in a single message and improves communication efficiency compared to standard CAN.

Where is the controller area network (CAN) used?

CAN architecture is used in passenger vehicles, commercial transport, and industrial systems. It's also used in some medical devices, marine equipment, agricultural machinery, and embedded systems where components need reliable communication.

Can hackers exploit a controller area network (CAN)?

If attackers gain access to a CAN network, they can interact with it physically or through a connected system. CAN doesn’t include built-in encryption or authentication, so they might be able to read, spoof, or send messages within the network.