The references that anchor the rest of this site.

CAN Security Resources and Further Reading

A curated set of white papers, standards references, and a glossary supporting the rest of this reference. White paper PDFs are hosted on esacademy.com.

EmSA White Papers

EmSA-WP-105: Secure Object Fieldbus Access (SOFA)

Hosted at esacademy.com.

Specifies how compact secure protocols can be tunneled generically through fieldbus transports, the basis for the SOFA control described under Solutions. Covers authenticated access to selected object dictionary entries using AEAD.

Download PDF →

EmSA-WP-104: Key Provisioning for Minimal Fieldbus Systems

Hosted at esacademy.com.

Covers security key lifecycles and key handling for constrained fieldbus devices: how provisioning, update, and storage of keys are managed on nodes with very limited resources.

Download PDF →

EmSA-WP-103: CVSS for CAN

Hosted at esacademy.com.

A practical method for scoring CAN vulnerabilities under CVSS v4.0, with worked examples for an unprotected classical CAN node and the score reductions achieved by physical access limitation, system monitoring, and cryptographic measures. Establishes the 5.2 (Medium) baseline reused throughout this reference.

Download PDF →

EmSA-WP-102: Interface Driven Security Evaluation for Sensors

Hosted at esacademy.com.

An interface-driven method for evaluating the security of sensor interfaces, comparing the exposure of the memory bus, SPI, I2C, and CAN connections that bring sensor data into a system.

Download PDF →

EmSA-WP-101: Security Justification for Classical CAN

Hosted at esacademy.com.

Discusses when a documented security justification can serve in place of a full risk assessment for low-risk classical CAN systems with strong physical access controls, including the documentation auditors expect.

Download PDF →

Regulations

Standards and Guidelines

SPsec Specification Documents

The full SPsec specification set (documents 101 through 302) is published on esacademy.com.

SPsec specifications →

Frequently Asked Questions

Where can I download the EmSA white papers?

All EmSA security white papers are listed at esacademy.com/en/library/security-white-papers.html with PDF download links. Direct deep links may change as new revisions are published; the library page is the stable entry point.

Are the SPsec specifications publicly available?

Yes. The SPsec project page on esacademy.com hosts the specification documents (SPsec 101 through 302). They are intended for public review and implementation.