Browse Publications Technical Papers 2019-01-0481
2019-04-02

Security Mechanisms Design of Automotive Gateway Firewall 2019-01-0481

Automotive security has become one of important topics in recent years under new automotive Electronic and Electrical Architecture (EEA). With the development of Intelligent Connected Vehicle (ICV), it has become possible to hack an automotive through in-vehicle networks. The introduction of Information Communications Technology (ICT) brings more risk threats to automotive. Researchers have shown that an attacker can easily tamper with many automotive functions via On-Board Diagnostic II (OBD-II) or In-Vehicle Infotainment (IVI). In order to protect automotive against malicious attacks, automotive security risks were analyzed and then security mechanisms based on network firewall were designed in this paper. Automotive network firewall is a security system that monitors and controls incoming and outgoing network traffics of automotive based on predetermined security rules. The main functions of network firewall include packet filter, anti-DoS and access control. Because of deferent security requirements of in-vehicle networks, CAN/FD and Ethernet were divided into two domains respectively. Packet filter mechanisms were designed to monitor CAN/FD, in which security level and time delay were considered. Ethernet firewall mechanisms were designed based on Stateful Packet Filter (SPF) technology. Beside packet filter mechanisms, anti-DoS and access control mechanisms were also designed. Security Real Time Operating System (SRTOS) was introduced to ensure lower layer security. Considering the ECU constraint, Hardware Security Module (HSM) is chosen to implement cryptography function. At last, proposed automotive network firewall were implemented base on a multicore MCU with HSM. The system is evaluated in several aspects such as packet throughput, time delay, anti-attack and memory usage. The evaluation results show that the automotive network firewall is effective and efficient.

SAE MOBILUS

Subscribers can view annotate, and download all of SAE's content. Learn More »

Access SAE MOBILUS »

Members save up to 18% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:
STANDARD

Data Dictionary for Quantities Used in Cyber Physical Systems (Enhanced License)

AS6969_DA

View Details

TECHNICAL PAPER

Proposal of HILS-Based In-Vehicle Network Security Verification Environment

2018-01-0013

View Details

STANDARD

Dedicated Short Range Communications (DSRC) Message Set Dictionary

J2735_201603

View Details

X