Trust at the Gladhand: A Three-Tier Cryptographic Framework for Cross-Vendor Truck and Trailer

Heavy-duty road transport relies on a transient cross-organizational coupling between trucks and trailers built by different manufacturers. The ISO 11992 electrical interface (CAN at 125 to 250 kbit per second over the legacy ISO 7638 connector) carries no native cryptographic authentication. Coordinated disclosures by the National Motor Freight Traffic Association have documented practical exploits against deployed trailer brake controllers, including a brute-forceable 16-bit seed-key on more than 500,000 North American units (CVE-2024-12054). Existing secure-CAN proposals (AUTOSAR SecOC, draft SAE J1939-91C, CINNAMON, LeiA, MaCAN, CANAuth) all assume a single-OEM trust domain, an HSM-equipped ECU population and CAN-FD. None of these assumptions holds at the truck and trailer interface. This work presents the Tiered Profile Negotiation framework for Commercial Vehicles (TPN-CV), which establishes mutual authentication across an arbitrary truck and trailer pairing on the existing 250 kbit per second classic-CAN bus within the 10-millisecond brake-command latency budget of ISO 11992-2. The framework defines three interoperable profiles indexed by the weaker endpoint’s capability and instantiated on Infineon AURIX TC4D7 (CSRM), AURIX TC275 (SHE+ HSM) and STMicro STM32F407 (Cortex-M4 software-only). The deliverable comprises (i) a framework specification, (ii) an AUTOSAR-aligned reference architecture and (iii) an aftermarket retrofit gateway designed under ISO/SAE 21434 as a Cybersecurity Component out of Context. The gateway supports both security-capable and legacy end ECUs. Cryptographic trust is anchored in a per-OEM root certificate authority that delegates an intermediate authority to the vehicle’s logistics owner at sale, after which the owner provisions all end-entity certificates offline through OEM-supplied software. The framework is mapped to UN R155 Annex 5 threats T1 through T8 and to ISO/SAE 21434 risk treatment. It minimizes the scope of UN R13 re-homologation by leaving certified braking components unmodified.