Secure Onboard Communication provides a feature to verify the authenticity and freshness of PDUs. Only PDUs of type Secured are relevant for this feature.

NI-VCOM supports the generation of Authentication and Freshness Value, which is based on the AUTOSAR standards. NI-VCOM also supports an OEM-specific secured communication protocol. You must declare the OEM definition to make this feature work properly. Obtain the appropriate security information from the ECU manufacturer, and contact NI if you would like to define your own parameters. Refer to CAN Configuration for more information about how to configure this feature in NI-VCOM.

Supported Bus Interfaces

CAN and Automotive Ethernet support Secure Onboard Communication.

Signals Related to Secure Onboard Communication

For each Secured PDU, the following two signals are created:

  • AuthInfo—Provides the Message Authentication Code (MAC) for the respective Secured PDU.
  • Freshness—Provides the Freshness Value at the time of generation of the Authentication code. The Freshness Value is generated by timestamps or individual Freshness counters.

    • The local tick-count of an ECU determines the Freshness value. As a result, two specific messages are implemented to synchronize tick-count for every ECU in a cluster. Vehicle Security Master (VSM) sends the following messages to all other ECUs in a cluster, which all Automotive Ethernet and CAN instruments support through NI-VCOM:

  • Distributing the secured tick count—VSM sends this message upon its start with a cycle time of 100 ms for a duration of one second. After one second, the secured tick-count message sends with the cycle time. The NI-VCOM Configuration Tool (using SecTickCountCycleTime tag) provides the cycle time as long as NI-VCOM is running. If no value for SecTickCountCycleTime is set, the cycle time remains 100 ms.
  • Distributing the real-time offset—This contains the reference date and tick-count that ECUs use to calculate the current date and time. It is a cyclic message that VSM sends every 10 seconds.
  • Distributing the Vehicle Identification Number—VSM sends this every 1,000 ms to distribute the vehicle identification number (VIN). To specify a VIN in the NI-VCOM Configuration Tool, you must use the VehicleIdentificationNumber tag. The VIN is a string of 17 characters.
  • Distributing the authentication broadcast information—VSM sends this every 1,000 ms.