The TOUCAN protocol to secure the CAN bus against an active eavesdropper is presented. The protocol enjoys backward compatibility with existing standards and requires no hardware upgrade but solely a firmware update to implement TOUCAN. TOUCAN uses a fast hashing algorithm to provide authenticity and integrity of the payload of a frame, and AES-128 encryption for confidentiality.