I have a controller based off of a particle electron. Basically this device has two CAN Bus interfaces that are used to communicate with different devices and nodes. I wanted to implement some sort of error/foul play checking. My idea was if there is a canbus id or packet that does not match any definition in precompiled list, it should try to figure out if there is an error somewhere or the bus is being fed third party data. From there, it needs to log this to a file.
My question is, what would be the best way to secure the definitions for the available can ids and the error log file so that I am able to see if they were tampered with? I don’t necesarily care to protect the data from being edited, I just want the system to know when the data has been edited. That being said, I would like the system itself to be able to change the data and add/remove CAN ID definitions on firmware updates/ota pushes. My thought was some sort of checksum for the files but I have never used any checksumming for security purposes and I am not sure where to start with this.
Hope this made sense, and thanks for any suggestions/help!
I’m not sure I’d recommend a checksum here, and I’ve seen even CRCs get trivially false positive.
Without too much investigation of your problem domain, I’d recommend a hash like SHA1 or SHA256, if your intent is detecting unintentional changes. If you have a situation where you’re trying to detect malicious changes you should probably move up to a cryptographic hash like HMAC.
On the bonus side, a number of these have hardware and library support on the P1 platform if that’s what you’re using.
I looked into what was already available for the particle platform and I stumbled across this library:
It was ported over from arduino and tested on the particle photon. I’m using an electron and an e series so I’m not sure how different the are from the photon but I’ll give it a test when I get the chance.
I see you are using the electron, but should anyone in the future come across this thread I have to retract my statement about the P1, as the STM32F205 chip the P1is built on does NOT have hardware encryption and hash support, I was mistaking it with the STM32F215. Bummer.