Security Mechanisms Design of Automotive Gateway Firewall 2019-01-0481
Automotive security has become one of important topics in recent years under new automotive Electronic and Electrical Architecture (EEA). With the development of Intelligent Connected Vehicle (ICV), it has become possible to hack an automotive through in-vehicle networks. The introduction of Information Communications Technology (ICT) brings more risk threats to automotive. Researchers have shown that an attacker can easily tamper with many automotive functions via On-Board Diagnostic II (OBD-II) or In-Vehicle Infotainment (IVI). In order to protect automotive against malicious attacks, automotive security risks were analyzed and then security mechanisms based on network firewall were designed in this paper. Automotive network firewall is a security system that monitors and controls incoming and outgoing network traffics of automotive based on predetermined security rules. The main functions of network firewall include packet filter, anti-DoS and access control. Because of deferent security requirements of in-vehicle networks, CAN/CAN FD, LIN and Ethernet were divided into three domains respectively. Packet filter mechanisms were designed to monitor CAN/CAN FD and LIN, in which security level and time delay were considered. Ethernet firewall mechanisms were designed based on Stateful Packet Inspection (SPI). Beside packet filter mechanisms, anti-DoS and access control mechanisms were also designed. Security Real Time Operating System (SRTOS) was introduced to ensure lower layer security. Considering the ECU constraint, Hardware Security Module (HSM) is chosen to implement cryptography function. At last, proposed automotive network firewall were implemented base on a multicore MCU with HSM. The system is evaluated in several aspects such as packet throughput, time delay, anti-attack and memory usage. The evaluation results show that the automotive network firewall is effective and efficient.