The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Security of Ethernet in Automotive Electric/Electronic Architectures

차량 전자/전기 아키텍쳐에 이더넷 적용을 위한 보안 기술에 대한 연구

  • 이호용 (고려대학교 정보보호대학원) ;
  • 이동훈 (고려대학교 정보보호대학원)
  • Received : 2016.08.19
  • Accepted : 2016.10.07
  • Published : 2016.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

차량 네트워킹 아키텍처의 주요 트렌드 중 하나는 차량 이더넷의 도입이다. 이더넷은 이미 차량 어플리케이션에서 이용되고 있으며 (예를 들어, 비디오 카메라와 같은 고속 데이터 전송 소스의 연결), IEEE에서 진행중인 표준화(IEEE802.3bw - 100BASE-T1, IEEE P802.3bp - 1000BASE-T1)로 인해 나중에 훨씬 광범위하게 채택될 것으로 예상된다. 이러한 어플리케이션은 단순히 지점 간 연결에 한정되지 않지만, 전체적인 전기/전자 아키텍처에 영향을 미칠 수 있다. 이더넷을 통해 IP 기반의 트래픽은 추가적인 구성요소(차량용 방화벽 또는 IDS)와 함께 현재까지 잘 확립된 IP 보안 프로토콜(예를 들어, IPSec, TLS)을 통해 보안을 구현할 수 있을 것으로 보고있다. 리소스 제한이 있는 디바이스 상에서 안전 및 실시간 어플리케이션의 경우에, 복잡하고 높은 성능이 요구되는 TLS 또는 IPsec을 사용하는 IP 기반 통신은 선호하는 기술은 아니다. 예를 들어, 이 어플리케이션은 IEEE와 같이 현재 표준화되어[13] 있는 Layer 2 기반 통신 프로토콜로 사용될 수 있을 것이다. 본 논문은 보안에 대한 최신 통신 개념을 반영하고 향후 이더넷 스위치 기반 EE-아키텍처에 대한 구조적인 도전과 잠재적인 솔루션을 식별한다. 또한 차량 이더넷에 관한 지속적인 보안 관련 표준화 활동에 대한 개요와 통찰력을 제공한다. 또한, 예를 들어 IEEE 802.1AE MACsec 또는 802.1X 포트 기반 네트워크 액세스 제어와 같이 기존에 적용되지 않은 차량 이더넷 보안 메커니즘을 적용 가능성을 고려하고, 차량 어플리케이션에 대한 적합성을 평가한다.

Keywords

References

  1. S. Bayer, M. Lange, M. Wolf: Automotive Ethernet Security. In Hanser Automotive Networks Special, Carl HanserVerlag, Issue 2013, November 2013.
  2. B. Glas "Towards Harmonization of ECU Protection and Secure OnBoard Communication in AUTOSAR" ESCAR Asia 2014, Tokyo
  3. B. Glas et al "Towards Authentic In-Car Communication on Automotive Bus Systems", 29. VDI/VW Gemeinschaftstagung Automotive Security, Kassel, 2013
  4. NHTSA: Part 573 Safety Recall Report - Recall No. 15V-461. 2015-07-23 http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf
  5. K. Koscher, et al.: Experimental security analysis of a modern automobile. IEEE Symposiumon Securityand Privacy, Oakland, CA, May16-19, 2010.
  6. S. Checkoway, et al:Comprehensive Experimental Analyses of Automotive Attack Surfaces. USENIX Security, August 10-12, 2011
  7. M. Wolf, A. Weimerskirch and C. Paar: Security in automotive bus systems. In Proceedings of the Workshop on Embedded Security in Cars (escar)'04
  8. C. Miller and C. Valasek: Remote Exploitation of an Unaltered Passenger Vehicle. 2015-08-10 http://illmatics.com/Remote%20Car%20Hacking.pdf
  9. I. Foster, A. Prudhomme, K. Koscher and S. Savage: Fast and Vulnerable: A Story of Telematic Failures. 9zh USENIX Workshop on Offensive Technologies, Washington D.C., 2015-08-10 http://cseweb.ucsd.edu/-savage/papers/WOOT15.pdf
  10. C. Miller and C. Valasek: A Survey of Remote Automotive Attack Surfaces 2014-08-06 http://illmatics.com/remote%20attack%20surfaces.pdf
  11. Sean Convery (Cisco Systems): Hacking Layer 2: Fun with Ethernet Switches. 2002-08-01 http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
  12. IEEE: 802.1AETM-2006 Standard for Local and metropolitan area networks - Media Access Control (MAC) Security. 2006-08-18
  13. IEEE: P1722-rev1TM/D13 - Draft Standard for a Transport Protocol for Time-Sensitive Applications in Bridged Local Area Networks. April 2015
  14. IEEE: 802.1Q-2014Standard for Local and metropolitan area networks--Bridges and Bridged NetworksIEEE 802.1Q
  15. IEEE: P802.1Qci/D0.0 Draft Standard for Local and Metropolitan Area Networks - Bridges and Bridged Networks -Amendment: Per-Stream Filtering and Policing. 2015-05-18
  16. IEEE: 802.1X-2010 - IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control. 2010-02-05
  17. M. Lee: Design of In and Outdoor communication hub in Vehicular networks: The Journal of The Institute of Internet, Broadcasting and Communication (JIIBC), VOL.12 No.3, pp.187-194, June 2012 https://doi.org/10.7236/JIWIT.2012.12.3.187
  18. K. Cho and J. Chung: Development of Auto-Parking Algorithm for Driving in Urban: Journal of the Korea Academia-Industrial cooperation Society(JKAIS), Vol. 12, No. 5 pp. 2360-2366, 2011 https://doi.org/10.5762/KAIS.2011.12.5.2360