Protection of Firewall Rules Using Secure Storage for the Infotainment System

A modern car is enhancing the driver’s in-vehicle experience through the infotainment system which is a combination of both information and entertainment. The Original Equipment Manufacturers (OEM) are being driven to provide this luxurious experience through the development and adaptation of new technology. In a luxurious car, an infotainment system consists of a high-resolution touchscreen display, smartphone pairing, support for multimedia, installed applications for entertainment, etc. The applications responsible for this experience will exchange the data from the Electronic Control Unit (ECU) to the server and vice versa. If all applications require a unique port for the exchange, then the number of ports will be more which means the number of entry points to exploit the system by an intruder will be increased. For the secure exchange of information, the ECU software consists of a firewall that monitors this exchange and allows only the safe transfer of data to avoid the compromise of the system. A firewall blocks unwanted traffic and data from unauthorized resources. Linux system establishes the firewall through the iptables which has rules to filter ipv4 and ipv6 packets. But these rules are in the root file system which can be accessed directly. If there is no monitoring system for these tables, an intruder can change the rules which leads to an entire system compromise. The proposal is to place the rules in secure storage which is difficult to access by an intruder. This concept makes use of ARM TrustZone technology and requires an implementation of a trusted application running in a secure world through which secure storage can be accessed. In this paper, a comparison of the time taken to enforce the rules between the default process and the proposed process is shown.