This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Hardware/Software Co-Design of an Automotive Embedded Firewall
Technical Paper
2017-01-1659
ISSN: 0148-7191, e-ISSN: 2688-3627
This content contains downloadable datasets
Annotation ability available
Sector:
Language:
English
Abstract
The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls.
This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software. Based on the deployment of the firewall in the in-vehicle network, the corresponding adversary model and automotive requirements such as latency, jitter, CPU load and memory consumption are going to be discussed. Drivers behind these metrics are primarily safety concerns and cost and thus are relevant for both OEMs and hardware manufacturers. As a result, a reasonable implementation of an automotive firewall system has to be a trade-off between hardware and software in order to meet the above-named automotive requirements. We implemented the firewall on an Infineon AURIX TriCore and Altera Cyclone V FPGA to analyze these metrics. The paper shows the options and decision points to find an optimal partitioning between hardware and software for an automotive embedded firewall system.
Recommended Content
Authors
Citation
Pesé, M., Schmidt, K., and Zweck, H., "Hardware/Software Co-Design of an Automotive Embedded Firewall," SAE Technical Paper 2017-01-1659, 2017, https://doi.org/10.4271/2017-01-1659.Data Sets - Support Documents
Title | Description | Download |
---|---|---|
Unnamed Dataset 1 |
Also In
References
- Wittmack , K. Introducing Automotive Ethernet. A Project Manager’s Account 5 th IEEE Standards Association (IEEE-SA) Ethernet & IP @ Automotive Technology Day 2015
- Koscher , K. , Czeskis , A. , Roesner , F. , Patel , S. Experimental security analysis of a modern automobile Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP ’10 447 462 Washington, DC, USA 2010 IEEE Computer Society
- Checkoway , S. , Mccoy , D. , Kantor , B. , Anderson , D. Comprehensive experimental analyses of automotive attack surfaces USENIX SECURITY 2011
- Ziehensack M. Safe and Secure Communication with Automotive Ethernet IEEE-SA ETHERNET & IP @ AUTOMOTIVE TECHNOLOGY DAY 2015
- Schmidt , K. , Zweck , H. , and Dannebaum , U. Hardware and Software Constraints for Automotive Firewall Systems? SAE Technical Paper 2016-01-0063 2016 10.4271/2016-01-0063
- Gale , B. Ethernet Security in the Car Broadcom Corporation 2014
- Lee , Y. and Park , K. Meeting the real-time constraints with standard Ethernet in an in-vehicle network Intelligent Vehicles Symposium (IV), 2013 IEEE 1313 1318 June 2013
- Accardi , K. , Bock , T. , Hady , F. and Krueger , J. Network processor acceleration for a linux* netfilter firewall ANCS ’05: Proceedings of the 2005 Symposium on Architectures for Networking and Communication Systems 115 123 Oct 2005
- Fiessler , A. , Hager , S. , Scheuermann , B. , Moore , A. HyPaFilter – A Versatile Hybrid FPGA Packet Filter ANCS ’16 March 17 - 18, 2016 Santa Clara, CA, USA 10.1145/2881025.2881033
- The netfilter.org project www.netfilter.org 09 19 16
- Putnam , A. , Caulfield , A. , Chung , E. , Chiou , D. A reconfigurable fabric for accelerating large-scale datacenter services ISCA ’14: Proceedings of the 41st International Symposium on Computer Architecture 13 24 June 2014
- LwIP – A Lightweight TCP/IP stack http://savannah.nongnu.org/projects/lwip 09 20 16
- Demichelis , C. , Chimento , P. IP Packet Delay Variation Metric for IP Performance Metrics (IPPM) RFC 3393 November 2002
- Altera Cyclone V Device Overview, Version 2016.06.10
- Maarsen , B. Ethernet Switch on Configurable Logic http://opencores.org/project,esoc 10 01 16
- Renesas RH850 Family (Automotive only) https://www.renesas.com/en-us/products/microcontrollers-microprocessors/rh850.html 10 01 16
- Infineon Technologies AURIX TM Family – TC29xT http://www.infineon.com/cms/en/product/microcontroller/32-bit-tricore-tm-microcontroller/aurix-tm-family/aurix-tm-family-%E2%80%93-tc29xt/channel.html?channel=db3a304342c787030142dc92c9aa1674 10 01 16