This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Hardware and Software Constraints for Automotive Firewall Systems?
Technical Paper
2016-01-0063
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
Introduction
The introduction of Ethernet and Gigabit Ethernet [2] as the main invehicle network infrastructure is the technical foundation for different new functionalities such as piloted driving, minimizing the CO2- footprint and others. The high data rate of such systems influences also the used microcontrollers due the fact that a big amount of data has to be transferred, encrypted, etc.
The usage of Ethernet as the in-vehicle-network enables the possibility that future road vehicles are going to be connected with other vehicles and information systems to improve system functionality. These previously closed automotive systems will be opened up for external access (see Figure 1). This can be Car2X connectivity or connection to personal devices. Allowing vehicle systems to communicate with other systems that are not within their physical boundaries impose a previously non-existing security problem. Any external communication with the vehicle system must be considered as a potential security threat, which may impact the system functionality or any of the safety properties.
This may result in new vulnerabilities that could be exploited by malicious attackers [1, 3]. Any external access to the system must be authorized and firewalled, so that only trustworthy users and services can make use of the functionality.
In order to achieve a high level of security a holistic security concept is highly essential. A holistic security concept is based on the following basic building block:
- Physical Security (tamper proof)
- Network Security
- Secure System Software (ECU Hardening)
- Application Hardening
In order to archive a high level of confidence for the internal secure network communication a firewall concept is required. A holistic firewall approach includes firewalls in different ECU with different firewall functionalities.
This paper addresses the hardware and software architecture patterns for building automotive firewall systems.
In the first chapter state-of-the-art firewall concepts will be shortly presented and afterwards special automotive requirements will be introduced.
In following chapters the basic requirements for a firewall system from the OEM point of view will be discussed. It is followed by having a closer look on the hardware aspects which come along with automotive requirements.
The paper finishes with some software aspects about realizing firewalls.
Recommended Content
Authors
Topic
Citation
Schmidt, K., Zweck, H., and Dannebaum, U., "Hardware and Software Constraints for Automotive Firewall Systems?," SAE Technical Paper 2016-01-0063, 2016, https://doi.org/10.4271/2016-01-0063.Also In
References
- Schmidt , K. , Tröger , P. , Kroll , H. , Bünger , T. et al. Adapted Development Process for Security in Networked Automotive Systems SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 7 2 516 526 2014 10.4271/2014-01-0334
- Schmidt , K. , Dannebaum , U. , and Zweck , H. GBit Ethernet -The Solution for Future In-Vehicle Network Requirements? SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 8 2 289 295 2015 10.4271/2015-01-0200
- Checkoway , S. , McCoy , D. et.al. Comprehensive Experimental Analyses of Automotive Attack Surfaces USENIX Security August 10 12 2011
- Avizienis , A. , Laprie , J.-C. , Randell , B. , Landwehr . C. Basic concepts and taxonomy of dependable and secure computing Dependable and Secure Computing, IEEE Transactions on 1 11 33 2004
- Weimerskirch , A. Do Vehicles Need Data Security? SAE Technical Paper 2011-01-0040 2011 10.4271/2011-01-0040
- Weimerskirch , A. , Wolf , M. , and Wollinger , T. Introduction to Vehicular Embedded Security SAE Technical Paper 2009-01-0916 2009 10.4271/2009-01-0916
- Czerny , B. System Security and System Safety Engineering: Differences and Similarities and a System Security Engineering Process Based on the ISO 26262 Process Framework SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 6 1 349 359 2013 10.4271/2013-01-1419
- Wolf , M. Scheibel , M. A Systematic Approach to a Quantified Security Risk Analysis for Vehicular IT Systems In automotive - Safety & Security 2012 210 195 210 GI November 2012
- https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Themen/InternetundlokaleNetze/SicherheitsGatewayFirewall/anforderungen.html