Browse Publications Technical Papers 2019-01-0481

Security Mechanisms Design of Automotive Gateway Firewall 2019-01-0481

Automotive security has become one of important topics in recent years under new automotive Electronic and Electrical Architecture (EEA). With the development of Intelligent Connected Vehicle (ICV), it has become possible to hack an automotive through in-vehicle networks. The introduction of Information Communications Technology (ICT) brings more risk threats to automotive. Researchers have shown that an attacker can easily tamper with many automotive functions via On-Board Diagnostic II (OBD-II) or In-Vehicle Infotainment (IVI). In order to protect automotive against malicious attacks, automotive security risks were analyzed and then security mechanisms based on network firewall were designed in this paper. Automotive network firewall is a security system that monitors and controls incoming and outgoing network traffics of automotive based on predetermined security rules. The main functions of network firewall include packet filter, anti-DoS and access control. Because of deferent security requirements of in-vehicle networks, CAN/FD and Ethernet were divided into two domains respectively. Packet filter mechanisms were designed to monitor CAN/FD, in which security level and time delay were considered. Ethernet firewall mechanisms were designed based on Stateful Packet Filter (SPF) technology. Beside packet filter mechanisms, anti-DoS and access control mechanisms were also designed. Security Real Time Operating System (SRTOS) was introduced to ensure lower layer security. Considering the ECU constraint, Hardware Security Module (HSM) is chosen to implement cryptography function. At last, proposed automotive network firewall were implemented base on a multicore MCU with HSM. The system is evaluated in several aspects such as packet throughput, time delay, anti-attack and memory usage. The evaluation results show that the automotive network firewall is effective and efficient.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 16% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:

Cyberattacks and Countermeasures for Intelligent and Connected Vehicles


View Details


Security Threat Analysis of In-vehicle Network Using STRIDE-Based Attack Tree and Fuzzy Analytic Hierarchy Process


View Details


Selftrust - A Practical Approach for Trust Establishment


View Details