Security Mechanisms Design for In-Vehicle Network Gateway
Published April 3, 2018 by SAE International in United States
Downloadable datasets for this paper availableAnnotation of this paper is available
In the automotive network architecture, the basic functions of gateway include routing, diagnostic, network management and so on. With the rapid development of connected vehicles, the cybersecurity has become an important topic in the automotive network. A spoof ECU can be used to hack the automotive network. In order to prevent the in-vehicle networks from attacking, the automotive gateway is an important part of the security architecture. A secure gateway should be able to authenticate the connected ECU and control the access to the critical network domain. The data and signals transferred between gateway and ECUs should be protected to against wiretap attacking. The purpose of this paper is to design a secure gateway for in-vehicle networks. In this paper, the designing process of the automotive secure gateway is presented. Based on the threat analysis, security requirements for automotive gateway are defined. Secure communication, key master, and firewall are proposed as the security mechanisms to protect the automotive gateway. Secure communication mechanisms contain the message authentication and data encryption. Key master is a gateway function to distribute and update the keys for the secure communication of connected ECUs. Firewall based on message filter is designed to isolate the untrusted network domain and trusted network domain. The security functions of the automotive gateway are validated in a simulated attacking environment. A microcontroller with HSM is used to implement the secure gateway. Considering the influences of security mechanisms, the network latency is tested and the results have proved the secure gateway is effective and efficient.
CitationLuo, F. and Hu, Q., "Security Mechanisms Design for In-Vehicle Network Gateway," SAE Technical Paper 2018-01-0018, 2018, https://doi.org/10.4271/2018-01-0018.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
- Koscher, K., Czeskis, A., Roesner, F., and Patel, S., "Experimental Security Analysis of a Modern Automobile," Proceedings of the Symposium on Security and Privacy, May 2010.
- Weyl, B., " D3.2: Secure On-board Architecture Specification", EVITA Project, 2011.
- Specification of Crypto Service Manager, AUTOSAR Release 4.3.0.
- Vehicle Cybersecurity Systems Engineering Committee, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems," SAE Standard J3061, 2016.
- Seifert, S., Roman O., "Secure Automotive Gateway-Secure Communication for Future Cars," Proceedings of 2014 12th IEEE International Conference on Industrial Informatics (INDIN). IEEE, 2014.
- Kurachi, R., Takada, H., Mizutani, T., and Ueda, H., "SecGW - Secure Gateway for In-Vehicle Networks," Embedded Security in Cars Conference, 2015.
- Ruddle, A., "D2.3: Security requirements for automotive on-board networks based on dark-side scenarios", EVITA Project, 2009.
- Samuel, W., “A Practical Security Architecture for In-Vehicle CAN-FD,” IEEE Transactions on Intelligent Transportation Systems 17(8):2248-2261, Aug. 2016.
- Escherich, R., Ledendecker, I., Schmal, C., and Kuhls, B., "SHE-Secure Hardware Extension Functional Specification," Hersteller Initiative Software (HIS) AK Security, Version 1.1(rev439), 2009
- Dolev, D. and Yao, A., “On the Security of Public Key Protocols,” IEEE Transactions on Information Theory 29:198-208, 1983.