Blog
What is J1939-91C? A Guide to Secure Communication in SAE J1939 Networks
March 27, 2026
Modern heavy-duty vehicles rely on the SAE J1939 communication protocol to allow Electronic Control Units (ECUs) to exchange data across the vehicle network. As vehicles become more connected, security becomes critical. This is where SAE J193991C comes into play.
J1939-91C is a security standard designed to add authentication, message integrity, and optional encryption to J1939 communication. It ensures that only trusted ECUs can join the network and that messages exchanged between devices are protected from tampering, spoofing, or replay attacks.
This article explains how J1939-91C secures communication through network formation, rekeying, secure messaging, and provisioning.
The security architecture of J1939-91C operates in several phases:
Each phase ensures that ECUs in the network remain authenticated and that communication remains secure throughout the system’s lifecycle.
When an ECU joins a secured J1939 network, it must first prove its identity. J1939-91C uses certificate-based authentication to verify that devices are trusted participants.
The process begins when the ECU receives the leader’s X.509 digital certificate. This certificate contains the leader’s public key and identity information.
Digital certificates allow devices to confirm that they are communicating with legitimate participants in the network.
The ECU then verifies the received certificate against a trusted Root Certificate Authority (CA) stored locally.
If the certificate chain is valid, the ECU confirms that the leader is a trusted device.
After verifying the leader, the ECU sends its own X.509 certificate to the network leader.
This allows the leader to perform the same verification process and confirm the identity of the joining ECU.
Once certificates are exchanged, the leader sends a challenge message to the ECU.
This challenge is a random value used to ensure the ECU actually possesses the private key associated with its certificate.
The ECU signs the challenge using its private key and sends the signed response back to the leader.
Because only the legitimate ECU should possess this private key, this proves the ECU’s authenticity.
Both devices verify each other's responses using the corresponding public keys from their certificates.
If the verification succeeds, the devices confirm that they are communicating with legitimate and trusted participants.
After successful authentication, the devices generate a shared session key using a key agreement method such as Elliptic Curve Diffie-Hellman (ECDH).
This session key is then used to secure future communication between ECUs.
Before joining the network, devices prove their identity to each other and agree on a shared secret key for secure communication.
To maintain long-term security, J1939-91C periodically updates session keys.
To maintain long-term security, J1939-91C periodically updates session keys.
Regular key updates reduce the risk of compromised keys and maintain the security of the network over time.
Once authentication and key establishment are complete, ECUs can exchange secure messages.
Each outgoing message includes a cryptographic message authentication code (CMAC) generated using AES-128.
This ensures that the message was created by a trusted ECU and has not been modified.
J1939-91C includes freshness counters in each message.
These counters prevent attackers from replaying previously captured messages to manipulate system behavior.
For certain Parameter Group Numbers (PGNs), payload data may also be encrypted using AES-128 encryption.
This provides confidentiality in addition to authentication and integrity.
Security in J1939-91C begins during the manufacturing or provisioning phase.
Each ECU is prepared with several critical security elements:
This provisioning ensures that only authorized devices can participate in the secured network.
As vehicles become increasingly connected, protecting in-vehicle networks from cyber threats becomes essential. J1939-91C provides several key benefits:
By introducing modern cryptographic techniques into the J1939 ecosystem, J1939-91C helps ensure that heavy-duty vehicle networks remain secure and trustworthy.
J1939-91C is a critical advancement in securing SAE J1939 networks for modern vehicles. By introducing mutual authentication, session key management, secure messaging, and provisioning, it ensures that only trusted ECUs can join the network and that all communications remain protected from tampering, spoofing, or replay attacks.
With features like periodic rekeying, AES-128 CMAC authentication, optional encryption, and freshness counters, J1939-91C provides both integrity and confidentiality for vehicle communications. Implementing this standard not only strengthens the security of in-vehicle networks but also builds trust in connected vehicle systems, paving the way for safer and more reliable operations.
In simple terms: J1939-91C ensures that every device in a vehicle network is verified, messages are secure, and communication cannot be faked or replayed—making modern vehicle networks safer than ever.