MACsec-Based Security for Automotive Ethernet Backbones

Carnevale, Berardino; Fanucci, Luca; Bisase, Samson; Hunjan, Harman

doi:10.1142/s0218126618500822

Cited by 20 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It works just below the IEEE 802.1CB standard as they both provide functionality to the data link layer. There has been research on the specific application of this standard to automotive Ethernet backbones and their performance and reliability [18]. Although this solution does not explicitly describe the security improvements of IEEE 802.1CB, it does ensure the confidentiality, integrity and authenticity of data within Ethernet frames resulting in mitigation of most attack threats described above.…”

Section: Macsec -8021ae-2018mentioning

confidence: 99%

Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

Vos

Brighente

Conti

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

IEEE 802.1CB provides a standard for reliable packet delivery within Time-Sensitive Networking (TSN). As this standard is envisioned to be used in mission-critical networks in the near future, it has to be protected against security threats. The integrity of the network communication should be the biggest focus as guaranteed delivery is essential. However, IEEE 802.1CB does not come with security guarantees. Indeed, as we show in this paper, an attacker may be able to exploit different threat vectors to impair the correctness of communication, impacting on the safety of users. Due to TSN strict delay and reliability requirements, classical security solutions can not be easily applied without significant efforts. Therefore, researchers proposed multiple solutions to guarantee secure communication. However, the current state-of-the-art is not able to guarantee both security and timing guarantees.In this paper, we provide a detailed analysis of the security of IEEE 802.1CB exploiting the STRIDE methodology. Compared to the existing state-of-the art on the subject, we provide a deeper analysis of the possible threats and their effect. We then analyze available solutions for security in IEEE 802.1CB, and compare their performance in terms of time, reliability, and security guarantees. Based on our analysis, we show that, although there exist promising solutions trying to provide security to 802.1CB, there is still a gap to be filled both in terms of security and latency guarantees.

show abstract

Section: Macsec -8021ae-2018mentioning

confidence: 99%

Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

Vos

Brighente

Conti

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In terms of academic research, Sommer et al [18] have a detailed classification of automotive attacks, including 23 different categories, according to the description of the attack, a violation of the security attribute or the exploit of a vulnerability, and so on. Carnevale et al [19] provided a hardware accelerator architecture for key derivation and encryption required by IEEE 802.1X-2010 in automotive applications, and for further research, IEEE 802.1AE was also implemented by Carnevale [20,21]. e three researchers are all hardware support for automotive Ethernet security.…”

Section: Related Workmentioning

confidence: 99%

Security Analysis of the TSN Backbone Architecture and Anomaly Detection System Design Based on IEEE 802.1Qci

Luo

Wang

Fang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the development of intelligent and connected vehicles, onboard Ethernet will play an important role in the next generation of vehicle network architectures. It is well established that accurate timing and guaranteed data delivery are critical in the automotive environment. The time-sensitive network (TSN) protocol can precisely guarantee the time certainty of the key signals of automotive Ethernet. With the time-sensitive network based on automotive Ethernet being standardized by the TSN working group, the TSN has already entered the vision of the automotive network. However, the security mechanism of the TSN protocol is rarely discussed. First, the security of the TSN automotive Ethernet as a backbone E/E (electrical/electronic) architecture is analyzed in this paper through the Microsoft STRIDE threat model, and possible countermeasures for the security of automotive TSNs are listed, including the security protocol defined in the TSN, so that the TSN security protocol and the traditional protection technology can form a complete automotive Ethernet protection system. Then, the security mechanism per-stream filtering and policing (PSFP) defined in IEEE 802.1Qci is analyzed in detail, and an anomaly detection system based on PSFP is proposed in this paper. Finally, OMNeT++ is used to simulate a real TSN topology to evaluate the performance of the proposed anomaly detection system (ADS). As a result, the protection strategy based on 802.1Qci not only ensures the real-time performance of the TSN but can also isolate individuals with abnormal behavior and block DoS (denial of service) attacks, thus attaining the security protection of the TSN vehicle-based network.

show abstract

“…Encryption and authentication protocols should be employed so that passive attackers do not easily understand the internal communication process. For example, MACSec ensures the confidentiality and integrity of communication over automotive Ethernet [16]. 4.…”

Section: Remediation Strategiesmentioning

confidence: 99%

Convolutional Neural Network-based Intrusion Detection System for AVTP Streams in Automotive Ethernet-based Networks

Jeong¹,

Jeon

Chung

et al. 2021

Preprint

View full text Add to dashboard Cite

Connected and autonomous vehicles (CAVs) are an innovative form of traditional vehicles. Automotive Ethernet replaces the controller area network and FlexRay to support the large throughput required by high-definition applications. As CAVs have numerous functions, they exhibit a large attack surface and an increased vulnerability to attacks. However, no previous studies have focused on intrusion detection in automotive Ethernet-based networks. In this paper, we present an intrusion detection method for detecting audio-video transport protocol (AVTP) stream injection attacks in automotive Ethernet-based networks. To the best of our knowledge, this is the first such method developed for automotive Ethernet. The proposed intrusion detection model is based on feature generation and a convolutional neural network (CNN). To evaluate our intrusion detection system, we built a physical BroadR-Reach-based testbed and captured real AVTP packets. The experimental results show that the model exhibits outstanding performance: the F1-score and recall are greater than 0.9704 and 0.9949, respectively. In terms of the inference time per input and the generation intervals of AVTP traffic, our CNN model can readily be employed for real-time detection.

show abstract

MACsec-Based Security for Automotive Ethernet Backbones

Cited by 20 publications

References 7 publications

Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

Security Analysis of the TSN Backbone Architecture and Anomaly Detection System Design Based on IEEE 802.1Qci

Convolutional Neural Network-based Intrusion Detection System for AVTP Streams in Automotive Ethernet-based Networks

Contact Info

Product

Resources

About