CSS CANedge1 Manual Download Page 60

Page: 60 / 66

CANedge2 Docs, Release FW 01.04.02

Server identity authentication

HTTPS (TLS) is used to authenticate the server certificate. This ensures that devices only allow con-
nections to trusted servers.

Server certificate authentication sequence:

Installation requirements

Same as

Low Security Mode

. Additionally, devices are pre-loaded with the CA certificate used to issue

the server certificate - see the installation details further below.

High security mode

For details on this mode, see the online documentation.

0.7.4.2 TLS/HTTPS

The CANedge uses TLS v1.2 for secure communication

123

, providing the following mechanisms:

• Encryption of data transmissions

• Server identity authentication (using certificates)

• Device identity authentication (using certificates)

Supported

ciphers:

TLS_RSA_WITH_AES_128_CBC_SHA,

TLS_RSA_WITH_AES_128_CBC_SHA256,

TLS_DHE_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_RSA_WITH_AES_128_GCM_SHA256,

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The device is not compatible with servers that only support DSA certificates.

512, 1024, 2048 bit key sizers are supported. 2048 bit key size is recommended, see

https://knowledge.digicert.com/

generalinformation/INFO1684.html

CONTENTS

Summary of Contents for CANedge1

Page 1: ...CANedge2 Docs Release FW 01 04 02 Mar 31 2021...

Page 2: ......

Page 3: ...nnector 8 0 3 3 Enclosure 10 0 3 4 SD card 10 0 3 5 LED 12 0 3 6 Label 13 0 4 Configuration 14 0 4 1 General 14 0 4 2 Logging 16 0 4 3 Real Time Clock 19 0 4 4 Secondary port 20 0 4 5 CAN 21 0 4 6 LIN...

Page 4: ...ii...

Page 5: ...monitions Note Used to highlight supplementary information Warning Used if incorrect use may result in major loss of data and or time Danger Used if incorrect use may result in damage to the device pe...

Page 6: ...the device interacts with the system in which it is integrated 0 1 2 2 Terms conditions Please refer to our general terms conditions 0 1 2 3 Electromagnetic compatibility The CANedge has been tested...

Page 7: ...ransient emissions test on supply lines ISO 7637 2 2011 Transient immunity test on supply lines 0 1 2 5 Contact details For any questions regarding our products please contact us CSS Electronics EU VA...

Page 8: ...le transmit messages single shot or periodic up to 128 64 regular extended Support for Remote Transmission Request RTR frames Silent mode Restricted acknowledge only or monitoring transmission disable...

Page 9: ...e logging6 0 2 4 Real time clock RTC High precision real time clock retains date and time when device is off For WiFi enabled devices the real time clock can be synced with an NTP time server 0 2 5 El...

Page 10: ...ile transfer S3 transfer protocol1415 Device identification using globally unique device ID Automatic push of log files to remote or local server Automatic time synchronization Security Secure file tr...

Page 11: ...ithin range it is recommended to use a single point ground reference for all nodes connected to the CAN bus This may require the ground wire to be carried along with data wires If a secondary CAN bus...

Page 12: ...d to re orient disconnect re connect or tighten the antenna you should use the proper tight ening mechanism Specifically you should not directly turn the antenna as this may loosen the internal connec...

Page 13: ...The supply line must be protected against high energy voltage events exceeding device limits GND All GND ground pins are connected internally 5 V Supply Output The 5 V output can be used to power exte...

Page 14: ...o o o o o CAN 1 L pin 2 CANedge Node 1 Node N CANH CANL CANH CANL CANH CANL Supply GND Supply GND Supply GND o o o o SUPPLY pin 9 o o o o GND pin 3 0 3 3 Enclosure The CANedge uses a robust aluminium...

Page 15: ...pecial timing constraints to ensure safe shutdown when power is lost Warning The device cannot be guaranteed to work if the pre installed SD card is replaced Exchanging SD cards between devices The SD...

Page 16: ...Red Memory card activity WFI Blue WiFi connected PWR The Power LED is constantly on when the device is in normal operation An exception is when the firmware is being updated for more information go t...

Page 17: ...evice Examples of the labels are illustrated below Note The data matrix can be scanned to simplify installation of a new device The label holds the following information Device type CANedge2 Productio...

Page 18: ...mat Shall match the encryption used for all protected fields type string minLength 0 maxLength 100 Debug debug Debug functionality for use during installation and troubleshooting System log debug prop...

Page 19: ...shake The scheme allows the device and user to compute the same shared secret without exposing any secrets The shared secret is in turn used to generate a symmetric key which is used to encrypt decryp...

Page 20: ...hout updating the user public key and in turn all other protected fields Encryption tools Tools are provided with the CANedge for use in encrypting secure fields see the CANedge Intro Example Python c...

Page 21: ...hen the memory card becomes full allowing the logging to continue type integer default 1 options Disable 0 Enable 1 Compression compression Level compression properties level Window size used during o...

Page 22: ...the oldest split file from the oldest session if cyclic logging is enabled Compression Log files can be compressed on the device during logging using a variant of the LZSS algorithm based on heatshrin...

Page 23: ...when the device is off type integer default 0 options Retain current time 0 Manual update 1 Time zone UTC 12 to UTC 14 properties timezone Adjustment in full hours to the UTC time Includes daylight sa...

Page 24: ...if needed Automatic update The CANedge2 supports auto RTC synchronization via WiFi enabled by default In this mode the device retains the current time but periodically synchronizes the RTC against an...

Page 25: ...t power is scheduled to be on daily in the interval 00 00 04 00 and 12 00 16 00 Secodary port configuration secondaryport power_schedule from 00 00 to 04 00 from 12 00 to 16 00 The power out is turned...

Page 26: ...ith the bus In Normal mode the device can receive acknowledge and transmit frames In Restricted mode the device can receive and acknowledge but not transmit frames In Bus Monitoring mode the device ca...

Page 27: ...0 63 16 4 20k 25 80 63 16 4 33 333k 10 120 95 24 4 47 619k 8 105 83 21 4 50k 10 80 63 16 4 83 333k 4 120 95 24 4 95 238k 4 105 83 21 4 100k 5 80 63 16 4 125k 4 80 63 16 4 250k 2 80 63 16 4 500k 1 80 6...

Page 28: ...20 To obtain a sampling point of 75 SEG1 is calcualted as 1 100 1 75 20 100 14 Now SEG2 is calculated as 2 1 1 20 14 1 5 The equivalent bit timing settings using the 40 MHz input clock of the CANedge...

Page 29: ...roperties type Action on match accept or reject message type integer default 0 options Acceptance 0 Rejection 1 ID format properties id items properties id_format Filter ID format Filters apply to mes...

Page 30: ...filters are rejected as default Note that the default Configuration File has filters that accept all incoming CAN messages both standard extended CAN IDs Filter state The state of filter elements can...

Page 31: ...o Filter mask method With the Mask method the filter defines an ID and Mask which are compared to the message ID A message passes a mask filter if the following condition is true1 filter_id filter_mas...

Page 32: ...its represent the 3 bit priority the green bits the 18 bit PGN and the right red bits the 8 bit source address of the 29 bit CAN ID 000111111111111111111000000002 3FFFF0016 Message ID bits in position...

Page 33: ...message ID Prescaling is applied to the messages accepted by the associated filter The list of filters can be assigned a mixture of prescaler types Applying filters can dramatically reduce log file si...

Page 34: ...ed on the CAN bus at a high frequency5 Example A slowly changing temperature measurement broadcasted every 10 ms 100Hz Prescaled to a minimum time interval of 100ms prescaler value set to 100 Example...

Page 35: ...ond data byte binary 11 9 Triggers on changes to the first or fourth data byte binary 1001 FF Triggers on changes to any of the first 8 data bytes binary 11111111 100 Triggers on changes to the 9th da...

Page 36: ...10 00 BB 22 33 Reject 80010 AA BB 22 33 Reject 80010 AA BB 22 DD Accept 80010 AA BB 22 DD Reject Example Data prescaling applied to ID 80010 with mask 9 considering only changes to the 1st or 4th data...

Page 37: ...transmitted using a switched bit rate type integer default 0 Include in log items properties log Determines if the transmitted message is included in the log file type integer default 0 options Disabl...

Page 38: ...t is recommended to spread them in time by using delay It may not be possible to transmit all messages if they are to be transmitted simultaneously 0 4 5 5 Heartbeat This page documents the heartbeat...

Page 39: ...0xAA The Epoch time is time zone and offset adjusted Multi byte fields should be interpreted MSB Most SignificantByte first The State holds information on the current rx_state tx_state 0 RX disabled T...

Page 40: ...s control_tx_state Control CAN bus transmission state including logging type integer default 0 options Disable 0 Enable 1 Start signal properties start ref definitions control_signal Stop signal prope...

Page 41: ...ption effectively the logging and or the transmission effectively the processing of the transmit list The control signal can e g be used to start stop logging based on some application parameters such...

Page 42: ...trigger High 03410DFF0000000016 255 km h Low 03410D0A0000000016 10 km h Stop trigger High 03410D050000000016 5 km h Low 03410D000000000016 0 km h start id_format 0 id 7E8 id_mask 7FF data_mask FFFFFFF...

Page 43: ...off start id_format 1 id 00435354 id_mask 1FFFFFFF data_mask FF data_high 01 data_low 01 stop id_format 1 id 00435354 id_mask 1FFFFFFF data_mask FF data_high 00 data_low 00 Example Start stop on J1939...

Page 44: ...rmat 1 id CFEF100 id_mask 3FFFF00 data_mask 0000FF0000000000 data_high 0000010000000000 data_low 0000000000000000 0 4 6 LIN The configuration of LIN Channel 1 and LIN Channel 2 is identical The LIN co...

Page 45: ...Frame Table This page documents the frame table configuration Configuration file fields This section is autogenerated from the Rule Schema file Name name Optional frame name type string maxLength 16...

Page 46: ...cuments the transmit configuration Configuration file fields This section is autogenerated from the Rule Schema file Name name Optional transmit rule name type string maxLength 16 State state Disabled...

Page 47: ...node The number of bytes provided shall satisfy the frame table Warning If the transmit list contains multiple frames using the same ID then only the first entry is used 0 4 6 4 Topology The LIN maste...

Page 48: ...s additional information and examples Multiple WiFi access points The device supports multiple access points The device will attempt to connect to the access points in the prioritized order in which t...

Page 49: ...orts two different request styles path and virtual hosted The device supports both styles With the virtual hosted style the subdomain is specific to the bucket which makes it possible to use DNS to ma...

Page 50: ...E2E0A61BD2672C03CAA9473 F46B682C4D72E3394C22189AE16DD9A79AFFFD82 Additional content may be added to the device json in future firmware updates Fields explained id Device unique ID number type Device t...

Page 51: ...ption enabled File extension MF4 X MFC X MFE X X MFM With both compression and encryption enabled the data is first compressed then encrypted For details on compression and encryption see the Logging...

Page 52: ...eed up work with the files Note It may be necessary to finalize sort a log file before it is loaded into some MDF tools 2 Changes to the system time RTC caused by the WiFi RTC auto sync take effect on...

Page 53: ...ote server network topologies Warning Make sure that firewalls allow S3 e g port 9000 and NTP port 123 traffic Local network topology A local network topology is illustrated below With the local topol...

Page 54: ...he S3 compatible server can be installed on a dedicated server Typical use cases Devices connect to the server over an external network WAN It is preferred to store data on a company controlled server...

Page 55: ...uploaded it is deleted on the SD card Log files pushed to the server are named according to the following pattern BUCKET_NAME DEVICE_ID SESSION_NUMBER SPLIT_NUMBER EPOCH_TIME EXT EPOCH_TIME Epoch upl...

Page 56: ...g the new firmware The Rule Schema is placed in the device root path and named as below BUCKET_NAME DEVICE_ID schema 01 02 json Configuration File The device periodically checks the S3 Bucket for upda...

Page 57: ...d certs_server p7b BUCKET_NAME DEVICE_ID certs_server p7b If a valid Server Certificate Bundle file is added to this path the device downloads and stores it on the SD and reboots Refer to Prepare cert...

Page 58: ...ertificate Bundle certs_server p7b with only the new certificate s 7 Upload the Server Certificate Bundle to new S3 server 8 Wait for the device file to show that only the new bundle has been loaded 0...

Page 59: ...AccessKey and SecretKey pair is shared amongst all nodes in the network Warning Data transmissions between the device and server are in plain text Installation requirements Devices are pre configured...

Page 60: ...S The CANedge uses TLS v1 2 for secure communication123 providing the following mechanisms Encryption of data transmissions Server identity authentication using certificates Device identity authentica...

Page 61: ...for the CANedge to accept the connection The server certificate is trusted if the device is configured to trust one of the certificates above it in the trust chain Self signed certificates are used di...

Page 62: ...reating a PKCS 7 bundle containing all the certificates Generation of certificate bundles requires a tool such as the free OpenSSL library5 1 Acquire the trusted certificates e g root certificates in...

Page 63: ...s uploaded correctly via HTTPS Warning Make sure to update the endpoint to use https Remote installation of certificate s The certificate bundle can be installed on the device by placing it on S3 For...

Page 64: ...rmation refer to TLS HTTPS Support for single files certificates is removed in the next minor or major update It is recommended to migrate from single files certificates to certificate bundle while th...

Page 65: ...nitiated Note The device automatically removes any Firmware Files firmware bin or firmware_wifi bin when the upgrade has completed Firmware Files should never be manually deleted during the upgrade pr...

Page 66: ...and wait for the upgrade process to complete Note An incompatible firmware image is deleted and does not break the device Example Current firmware 01 01 01 new firmware 01 01 02 1 Download firmware 01...

Search results

Summary of Contents for CANedge1

Reviews:

Related manuals for CANedge1

Brands by name

Popular brands

CSS CANedge1, Manual

Search results

Summary of Contents for CANedge1

Reviews:

Related manuals for CANedge1

Brands by name

Popular brands