Over development of the past three decades, control systems in automobiles have undergone a significant transformation, shifting from mechanical devices to a multitude of interconnected computers that oversee sensors, drivers, and passengers. In today's modern vehicles, 50-80 independent computers, commonly referred to as Electronic Control Units (ECUs), form complex in-vehicle networks to facilitate communication among themselves. A widely adopted communication protocol in modern in-vehicle networks is the Controller Area Network (CAN). Security wasn't considered when the CAN protocol was designed in the mid-1980s, leaving it susceptible to cyber-attacks. In 2015, Charlie Miller and Chris Valasek successfully demonstrated a remote attack against a Jeep Cherokee, compromising critical components such as the steering wheel and braking system. This event prompted significant concern about the security of CAN networks in both academic and industrial circles.


In reaction to these challenges, researchers have formulated a variety of attacks targeting the CAN bus, encompassing Denial-of-Service (DoS) attacks, spoofing attacks, and more. Furthermore, significant efforts have been directed towards enhancing the security of CAN networks. These endeavors encompass the design of security architectures and intrusion detection systems. NXP developed the TJA115x secure CAN transceiver family, which offers protection against various types of attacks for Classical CAN and CAN FD communication without resorting to cryptography. Nonetheless, all existing researches are directed towards the Classical CAN and CAN FD protocols, leaving a notable gap in the exploration of security aspects concerning the latest CAN XL network.

This thesis focuses on enhancing the design of the TJA115x secure transceiver to support CAN XL protocol. The research comprises two main aspects: flooding detection and flooding prevention. To achieve flooding detection, a leaky buckets tree is introduced, enabling differentiation between normal frames and flooding frames, along with dynamic traffic control for each frame type. Additionally, the leaky bucket parameters are derived in formulaic form. For flooding prevention, two distinct strategies are devised to prevent flooding frames from dominating the bus. These strategies are compared in terms of throughput, latency, and availability. Finally, the proposed secure CAN XL transceiver is validated through software simulations and hardware experiments. The results demonstrate the exceptional performance of the CAN XL secure transceiver in blocking flooding attacks and safeguarding communications. These accomplishments are achieved with minimal memory overhead, and notably, without introducing any additional latency or bandwidth demands.