In today's modern vehicles, connectivity is a key aspect that is revolutionizing the automotive industry. With the advent of autonomous driving, electric vehicles, and advanced driver-assistance systems, the need for reliable and secure communication within vehicles has become paramount. One technology that is playing a crucial role in this domain is automotive Ethernet. Automotive Ethernet provides high-speed, reliable, and cost-effective communication between various electronic systems within a vehicle.

As automotive Ethernet becomes more prevalent in vehicles, ensuring its security becomes a critical concern. The vast amount of data transmitted and exchanged within a vehicle presents a potential risk for unauthorized access, data breaches, and cyberattacks. Any compromise in the security of automotive Ethernet can have severe consequences, ranging from safety issues to privacy breaches. Therefore, it is essential to implement robust security measures to protect the integrity and confidentiality of the data transmitted over the automotive Ethernet bus.

Need for Automotive Ethernet Security

The automotive Ethernet bus serves as the backbone for communication between different electronic control units (ECUs) within a vehicle. With the increased complexity and interconnectedness of various ECUs, the Need for Automotive Ethernet Security is evident. As more sensitive data, such as vehicle telemetry, driver information, and entertainment content, is transmitted over the Ethernet, the risk of potential cyberattacks, and unauthorized access becomes a significant concern. Replay attacks, Man in the Middle attacks, Denial of Service Attacks are some of the common threats in conventional IT networks and same needs to be planned in automotive Ethernet too. Access to physical sensors, and the possibility to manipulate them can seriously compromise the safety of passengers. Therefore, implementing security measures to safeguard the automotive Ethernet bus is necessary to mitigate these risks effectively.

Security Architectures in Automotive Ethernet

To ensure the security of automotive Ethernet, various security architectures have been developed. These architectures aim to provide multi-level protection against different types of threats and vulnerabilities. Security can be implemented in one or more of different layers of the OSI model as captured below:

Let's explore the different levels of security architectures in automotive Ethernet:

Data Link Layer Security - MACSec

At the Data Link Layer 2, MACSec can be used to secure all the traffic going out of the node and coming into it. Defined as IEEE 802.1AE, MACsec stands for Media Access Control Security or MAC Security, is a point-to-point security protocol providing data confidentiality, integrity, and origin authenticity for traffic over Ethernet LANs. During transmission, MACsec adds MAC Security TAG (SecTAG) and ICV (Integrity Check Value) to packets. The MACsec engine at the receiver can identify, check integrity, provide replay protection and finally remove SecTAG/ICV. Unidentified and invalid frames are discarded and monitored. Payload can be optionally encrypted to achieve confidentiality. MACsec can prevent Layer 2 security threats, such as passive wiretapping, intrusion, man-in-the-middle and playback attacks.

Typically implemented at the PHY level, it has very little overhead, and it offers strong security by ensuring the integrity, confidentiality, and authenticity of the packets.

Network Layer Security - IPSec

At the network layer, IPSec can be used. IPsec (Internet Protocol Security) is a set of protocols that can secure network communication across Internet Protocol (IP) networks. It provides security services for IP network traffic such as encrypting sensitive data, authentication, protection against replay and data confidentiality and is widely used in VPN connections.IPsec uses the following protocols to secure the IP network traffic:

Authentication Header (AH)

To protect data within the IP packet from tampering by providing protection against replay attacks, spoofing, and tampering by digitally signing the contents of the packet.

Encapsulating Security Payload (ESP)

This protocol provides confidentiality by encrypting the payload of the data packet and provides authentication, replay proofing, and integrity checking.

Internet Key Exchange (IKE)

This enables nodes at both ends of a VPN tunnel to set up a security association (SA) using mutually agreed upon keys/certificate and method for encryption. The data can then be encrypted and decrypted in the agreed method.

Transport Layer Security - TLS

In the network layer of the OSI model, the TLS security protocol can be used to transfer the higher layer application packets securely. Transport Layer Security, or TLS, is already widely adopted that are used by numerous websites and applications to facilitate privacy and data security for Internet communication. It uses a client-server handshake mechanism to establish an encrypted and secure connection and to ensure the authenticity of the communication. During set up, the devices exchange encryption capabilities followed by authentication of either server or client or both (mutual) using digital certificates. Then a session key exchange process is done in which both the parties agree on a key to encrypt the data to be transferred over this session. It is possible to run other automotive protocols like SOME/IP or DoIP over this Transport Layer Security protocol and its UDP counterpart - DTLS.

Higher Layer Security - SecOC

In addition to the aforementioned security protocols, end applications can implement security measures of their own. One such protocol is the SecOC (Secure On-Board Communication) from the stables of AUTOSAR (Automotive Open System Architecture) SecOC ensures secure communication between different ECUs within the automotive Ethernet network. It provides functionality necessary to verify the authenticity and freshness of Protocol Data Unit (PDU)-based communication by converting the Authentic IPDU's to secured IPDU's using various cryptographic algorithms. It helps achieve end-to-end security by implementing secure authentication, secure message authentication codes, and secure communication channels.

Other Security measures

Apart from these Security Architectures in Automotive Ethernet, still a lot more can be done on top of them. For external communication, Firewalls can be installed to allow only the required communication ports. Even the internal network can be partitioned via VLAN tags so that the switch routes the traffic to only the relevant zones. Being a static network, the entire network configuration can be frozen post development phase and new access disallowed.

Data usage policies are implemented to regulate the access and usage of data within the automotive Ethernet network. This involves defining and enforcing policies regarding data sharing, data storage, and data processing. By implementing strict data usage policies, the risk of data breaches and unauthorized data manipulation can be mitigated effectively.

Threat Detection and Mitigation

As a part of security architecture in automotive Ethernet, it is essential to incorporate detection mechanisms. This involves implementing intrusion detection systems, anomaly detection algorithms, and real-time monitoring to identify and respond to potential security breaches promptly. Many Intrusion Detection Systems (IDS), Intrusion Preventions Systems (IPS) or the combination Intrusion Detection and Prevention Systems (IDPS) are available for deployment. By employing these advanced detection and defense mechanisms, any potential security threats can be detected and neutralized before they cause any harm to the automotive Ethernet network.

Conclusion: Securing the Future of Automotive Connectivity

As the automotive industry continues to embrace connectivity and autonomous technologies, the security of automotive Ethernet becomes imperative. By implementing robust security architectures and leveraging technologies such as MACSec, IPSec, AUTOSAR SecOC, Transport Layer Security, etc., the industry can ensure the integrity and confidentiality of data transmitted over the automotive Ethernet bus. With secure communication, the future of automotive connectivity can be safely embraced, enabling advancements in autonomous driving, electric vehicles, and advanced driver-assistance systems. It is crucial for the industry to prioritize automotive Ethernet security to build trust and confidence in the vehicles of the future.