This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Secure Deterministic L2/L3 Ethernet Networking for Integrated Architectures
ISSN: 0148-7191, e-ISSN: 2688-3627
Published September 19, 2017 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
Cybersecurity attacks exploit vulnerabilities related to the increased complexity and connectivity of critical infrastructure systems. This paper investigates the context and use of key security technologies, processes, challenges and use cases for the design of advanced integrated architectures with security, safety, and real-time performance considerations. In such architectures, deterministic Ethernet standards are used as a baseline for system integration in closed embedded systems or open mixed criticality systems.
Security-informed safety development processes for integrated architectures are required to prevent catastrophic failures caused by environmental and cyber threats, due to expanding number of security vulnerabilities in complex and increasingly open systems. State-of-art safety/security processes for integrated systems in cross-industry environments are considered and similarities examined, for different types of integrated architectures.
In integrated systems and IMA which share common resources, multi-level secure systems and composable modular architectures such as MILS based on separation kernels and ARINC653 API are gaining importance for design of safe and secure distributed applications with real-time performance requirements. Network security is a core component of the overall cyber-security and defense-in-depth capability for distributed architectures. Protection mechanism for information, interface and system integrity, communication availability, and data confidentiality are required for design of safe and secure integrated embedded infrastructure. In deterministic Ethernet networks with Time-Triggered Ethernet (SAE AS6802) and ARINC664 services can actively support security measures for mixed-criticality applications.
The network partitioning, dataflow isolation, configuration protection, per-flow traffic policing, link and end-to-end encryptions or authentication, and internal network device partitioned architecture can be useful for design of open networked systems which can also accept previously unknown soft-time or bursty traffic, while hosting highly critical functions with temporal boundaries.
After an overview of security issues in networks within integrated architectures, this paper continues with discussion of MACsec and IPsec mechanisms, packet firewalls, secure shells and Denial-Of-Service (DoS) protection mechanisms for secure and deterministic L2/L3 networking.
|Journal Article||Cyberattacks and Countermeasures for Intelligent and Connected Vehicles|
|Technical Paper||The New Era of Infotainment Systems|
|Technical Paper||Cyber Security in the Automotive Domain – An Overview|
CitationHirschler, B. and Jakovljevic, M., "Secure Deterministic L2/L3 Ethernet Networking for Integrated Architectures," SAE Technical Paper 2017-01-2103, 2017, https://doi.org/10.4271/2017-01-2103.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
- Kopetz Hermann, Bauer Günther. „The time-triggered architecture.” Proceedings of the IEEE (Volume: 91, Issue: 1, Jan 2003). IEEE, 2003. 112-126.
- Benveniste A., Bouillard A. and Caspi P.. „A unifying view of Loosely Time-Triggered Architectures.” EMSOFT '10 Proceedings of the tenth ACM international conference on Embedded Software. Arizona, USA: ACM, 2010FAA AR-08-31 “Networked Local Area Networks in Aircraft: Safety, Security, and Certification Issues, and Initial Acceptance Criteria”, Report, (https://www.faa.gov/aircraft/air_cert/design_approvals/air_software/media/AR-08-31.pdf, DOT/FAA/AR-08/31)
- Fleischman Eric, Smith Randall E., and Multari Nick, FAA Report, DOT/FAA/AR-08/31, “Networked Local Area Networks in Aircraft: Safety, Security, and Certification Issues, and Initial Acceptance Criteria (Phases 1 and 2)”, Nov 2008
- Bloomfield Robin, Stroud Robert. Security-Informed Safety ”If it’s not secure, it’s not safe”. Marc-Olivier Killijian. Safecomp 2013, Sep 2013, Toulouse, France. pp.NC, 2013.
- SESAMO project, http://sesamo-project.eu/
- RTCA DO-326A Airworthiness Security Methods And Considerations, RTCA Standards, 2010 https://www.rtca.org/search/site/do-326a
- Shift2Rail, shift2rail.org
- RTCA DO-356A Airworthiness Security Methods And Considerations, RTCA Standards, 2014 https://www.rtca.org/search/site/do-356
- “Descriptions of Aircraft Domains”, AERONAUTICAL COMMUNICATIONS PANEL (ACP), 6th MAY WEBMEETING OF THE WORKING GROUP S (SURFACE)”, International Civil Aviation Organization, WORKING PAPER, ACP-WG S Web Meeting-5 / WP-02, 2/05/14
- ISO. „ISO/IEC 15408-1. Information technology - security techniques - evaluation criteria for it security - part 1: Introduction and general model.”
- DIN. „DIN VDE V 0831-104. Electric signaling systems for railways - part 104: It security guideline based on IEC 62443, draft. October, 2015.” 2015.
- IEC. „IEC TS 62443-1-1:2009. Industrial communication networks - network and system security - part 1-1: Terminology, concepts and models.” 2009.
- EN 50129
- EN 50159
- DIN. „DIN VDE V 0831-102. Electric signaling systems for railways - part 102: Protection profile for technical functions in railway signaling, draft. December, 2013.” 2013
- Puetzschler Uwe, “LTE and Car2x:Connected cars on the way to 5G”, Mobile Broadband SIG, 6 April 2016, Cambridge
- McAfee, Automotive Security, Best Practices, https://www.mcafee.com/it/resources/white-papers/wp-automotive-security.pdf]
- SAE International Surface Vehicle Recommended Practice, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems,” SAE Standard J3061™, Iss. Jan. 2016.
- EVITA Eu Project, https://www.evita-project.org/
- HEAVENS, https://www.sp.se/en/index/research/dependable_systems/heavens/Sidor/default.aspx
- Day John, “Protecting Automotive ECUs”, https://blogs.mentor.com/johnday/blog/tag/secure-hardware-extension-she/
- Netkachova Kateryna, Müller Kevin, Paulitsch Michael, Bloomfield Robin,“Security-informed safety case approach to Analysing MILS Systems”, International Workshop on MILS:Architecture and Assurance for Secure System, 20 January 2015, Amsterdam
- Shimko Spencer, Brindle Joshua, “Securing Inter-process Communications in SELinux”, SELinux Symposium, http://selinuxsymposium.org/2007/papers/11-SecureIPC.pdf.
- Separation Kernel Protection Profile (SKPP)
- Parkinson P., “Applying MILS to multicore avionics systems”, 2nd International Workshop on MILS: Architecture and Assurance for Secure Systems, HiPEAC 2016, Prague, Czech Republic
- Pitchford Mark. Applying MILS principles to design connected embedded devices supporting the cloud, multi-tenancy and App Stores. 8th European Congress on Embedded Real Time Software and Systems (ERTS 2016), Jan 2016, TOULOUSE, France. Proceedings of the 8th European Congress on Embedded Real Time Software and Systems (ERTS 2016)].
- River Wind, “Vxworks Mils Platform 3.0”, https://www.windriver.com/products/platforms/vxworks-mils/MILS-3_PN.pdf
- EU D-MILS Project, Distributed MILS, Proj.No. 318772, Report, D1.3 Requirements for distributed MILS technology, Aug 2013
- Adam D., Tverdyshev S., Rolfes C., Sandmann T., “Two Architecture Approaches for MILS Systems in Mobility Domains (Automotive, Railway, Avionics)”, MILS Workshop 2015, Amsterdam, The Netherlands, Jan 2015
- ARINC Inc., ARINC664-P5: AIRCRAFT DATA NETWORKS - “NETWORK INTERNCONNECTION DEVICES” PART 5,2003
- Automotive domain architectures …
- ARINC Inc., ARINC664-P7: AIRCRAFT DATA NETWORK - PART 7: “AVIONICS FULL-DUPLEX SWITCHED ETHERNET NETWORK”, 2009
- SAE International Aerospace Standard, "Time-Triggered Ethernet," SAE Standard AS6802™, Ref. Nov. 2016.
- IEEE TSN Working Group, http://www.ieee802.org/1/pages/tsn.html
- Jakovljevic M., Gatard J., “Heterogenous All-Ethernet Networking for Aircraft Systems”, Proceedings of Aircraft System Technologies AST Feb 2017, Hamburg
- Steiner W, “Candidate security solutions for TTEthernet”, Digital Avionics Systems Conference (DASC), 2013 IEEE/AIAA 32nd, Sept 2013, Syracuse, NY
- 802.1AE - Media Access Control (MAC) Security, http://www.ieee802.org/1/pages/802.1ae.html
- IETF RFC, https://www.ietf.org/rfc.html
- Treytl, A.; Hirschler, B.; Sauter, T.; (2010) Secure tunneling of high-precision clock synchronization protocols and other time-stamped data. In: IEEE, IEE World Conference on Factory Communication Systems (WFCS): S. 1-8, IEEE.
- Hirschler, B.; Sauter, T. (2016) Performance impact of IPsec in resource-limited smart grid communication. In: IEEE, IEEE World Conference on Factory Communication Systems (WFCS): S. 1-8, IEEE.
- Guardtime, “Use of a globally distributed blockchain to secure SDN”, Company Brochure, 2016 https://www.ciosummits.com/Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepaper_1602.pdf
- Greene Tim, “New protocol from Guardtime hopes to unseat RSA for authentication, digital signatures”, Network World, May 20, 2015