Network Security<br>Modern vehicles use multiple internal communication networks (e.g., CAN, FlexRay, Ethernet) to connect ECUs and sensors.<br>Network security involves securing these communication protocols to prevent unauthorized access or data manipulation.<br>
Can Security
Message Authentication<br>Problem: CAN allows any node on the bus to send messages without authentication, <br>enabling potential spoofing or injection of malicious messages.<br>
Use Message Authentication Codes (MACs) to verify the authenticity of messages sent over the CAN bus. A MAC appends a cryptographic signature to each message, allowing ECUs to verify the source of the message
HMAC (Hashed Message Authentication Code) can be implemented to ensure data integrity and authentication between ECUs
Use CANcrypt: A lightweight protocol that provides authentication and encryption for CAN communication.
Data Encryption<br>Problem: CAN messages are transmitted in plaintext, which means sensitive data can be intercepted.<br>
Encrypt CAN messages to protect data confidentiality. Although traditional CAN buses have limited bandwidth, lightweight encryption algorithms like AES-128 can be implemented with minimal overhead. The challenge here is that encryption adds latency and computational overhead, so only critical messages should be encrypted.
CAN Gateway<br>Problem: The open nature of the CAN bus makes it easy for attackers to<br> access it once they physically connect to the vehicle’s network.<br>
Implement a secure CAN gateway that acts as a firewall between different parts of the in-vehicle network. The gateway can filter messages, block unauthorized traffic, and enforce access control policies.
It isolates sensitive CAN buses (e.g., powertrain) from less critical buses (e.g., infotainment) to prevent attacks from spreading across the network.<br>
Intrusion Detection Systems (IDS)<br>Problem: CAN does not have built-in mechanisms to detect abnormal traffic or malicious activity.<br>
Implement an Intrusion Detection System (IDS) that monitors the CAN bus for anomalous traffic patterns, such as unusually high message frequency or unauthorized messages. The IDS can trigger alerts if abnormal activity is detected.
CAN IDS can be signature-based (detecting known attacks) or anomaly-based (identifying deviations from normal traffic behavior).
Rate Limiting and Message Filtering<br>Problem: Flooding the CAN bus with messages can cause a Denial of Service (DoS) attack, disrupting communication between critical ECUs.<br>
Use rate limiting to prevent any node from flooding the bus with messages.<br>
Implement message filtering at the ECU level or in the CAN gateway to drop suspicious or irrelevant messages before they reach the critical components.
Ethernet Security<br>Automotive Ethernet is used for high-bandwidth applications like ADAS (Advanced Driver Assistance Systems) and infotainment. It supports faster communication but needs strong security mechanisms, especially as more vehicles become connected.<br>
Encryption (TLS, MACsec)<br>Problem: Ethernet traffic can be intercepted, modified, or replayed.<br>
Use Transport Layer Security (TLS) for secure communication between components over Ethernet. TLS provides encryption, integrity, and authentication, protecting data in transit from eavesdropping or tampering.
Implement MACsec (Media Access Control Security) at the data link layer for encryption and authentication of Ethernet frames. MACsec secures point-to-point Ethernet connections and is highly efficient for in-vehicle networks.
VLANs (Virtual LANs)<br>Problem: Ethernet networks are open to multiple devices, which can lead to lateral movement by attackers across the network.<br>
Use VLAN segmentation to isolate different types of traffic (e.g., infotainment, ADAS, diagnostics) into separate virtual networks. This segmentation limits the spread of an attack if one network segment is compromised.
Critical systems (e.g., powertrain or safety systems) can be separated from less critical systems (e.g., infotainment) using VLANs and secured gateways.
Secure Boot and Firmware Updates<br>Problem: Ethernet communication involves many ECUs and devices that are prone to tampering, especially during software updates.<br>
Implement secure boot to ensure that the ECUs only load trusted, authenticated firmware.
Use Secure Over-the-Air (SOTA) or Firmware Over-the-Air (FOTA) updates with encryption and digital signatures to protect against tampering during software updates.
Firewalls and Gateway Protection<br>Problem: Ethernet networks can be vulnerable to external attacks, especially through externally exposed interfaces (e.g., telematics units, V2X modules).<br>
Deploy firewalls at the gateway level to filter unauthorized or malicious traffic. The firewall can enforce access control lists (ACLs) that only allow legitimate traffic to pass through.
Gateways can monitor network traffic, blocking suspicious packets based on predefined security rules.
Intrusion Detection and Prevention Systems (IDS/IPS)<br>Problem: Like any other network, Ethernet can be targeted by various attacks, including sniffing, man-in-the-middle (MITM), or packet injection.<br>
Implement an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) that can analyze Ethernet traffic and detect suspicious behavior. This system can alert you to potential breaches and even take preventive actions (in the case of IPS) by dropping malicious packets or blocking unauthorized devices.
Network Access Control (NAC)<br>Problem: Unauthorized devices can connect to the Ethernet network, posing security risks.<br>
Use Network Access Control (NAC) mechanisms to authenticate and authorize devices before allowing them access to the Ethernet network. NAC ensures that only trusted ECUs or external devices (such as diagnostics tools) can connect to the vehicle’s Ethernet network.
Standards and Guidelines
ISO/SAE 21434: This automotive cybersecurity standard focuses on risk management and cybersecurity across the entire lifecycle of the vehicle, including communication security for CAN and Ethernet.
AUTOSAR: The AUTOSAR standard provides guidelines for developing secure automotive software architectures, including secure communication frameworks.
IEEE 802.1X and MACsec: These standards help secure Ethernet-based communication in vehicles through authentication and encryption.
