Arbeitsgruppe Verteilte Systeme

deutsch english

Adaptable Privacy for ISOBUS Controller Area Networks

Architecture of CAN't

Various components of modern agricultural machinery generate, transmit, and aggregate precise information about the environment. That data may contain sensitive information about a field's fertility, crop yields, and precise position information. This might be considered as unproblematic in traditional scenarios with a single farmer and farm-internal machinery. However, in todays agriculture, particularly in collaborative scenarios where multiple actors are involved in the value-added chain, it raises a variety of privacy issues.

CAN't is a multithreaded proxy server software for ISOBUS Controller Area Networks. By acting as man-in-the-middle between Electronic Control Units, it enables selective, on-the-fly perturbation and filtering of privacy sensitive information transmitted via the in-vehicular network. When the proxy is injected between a data-logging component and the rest of the network, it can be used to enforce privacy guidelines and laws to protect contractors, staff members, and customers from excessive data aggregation.
The proxy can be configured using an HTML5-based webinterface and is easily extendable by custom data filters and manipulators. Due to its lightweight memory- and CPU-footprint, it can run on cheap off-the-shelf hardware (e.g., the Raspberry Pi 3), as long as the corresponding CAN-Controller is supported by SocketCan. Further information can be found under Publications.

CAN't was developed as part of a security architecture in the project ODiL and is available as open source software under the 3-Clause BSD License. The database can be seeded using the exported ISOBUS Parameters provided by the VDMA in CSV format. For download links, see below.

Questions, suggestions and bug reports may be sent to



Disclaimer: This software is provided as it is and without any guarantee or liability. Use at your own risk.