Search Results

The software installed in Electronic Control Units (ECUs) has witnessed a significant scale expansion as the functionality of Intelligent Connected Vehicles (ICVs) has become more sophisticated. To seek convenient long-term functional maintenance, stakeholders want to access ECUs data or update software from anywhere via diagnostic. Accordingly, as one of the external interfaces, Diagnostics over Internet Protocol (DoIP) is inevitably prone to malicious attacks. It is essential to note that cybersecurity threats not only arise from inherent protocol defects but also consider software implementation vulnerabilities. When implementing a specification, developers have considerable freedom to decide how to proceed. Differences between protocol specifications and implementations are often unavoidable, which can result in security vulnerabilities and potential attacks exploiting them.

Automotive security has become one of important topics in recent years under new automotive Electronic and Electrical Architecture (EEA). With the development of Intelligent Connected Vehicle (ICV), it has become possible to hack an automotive through in-vehicle networks. The introduction of Information Communications Technology (ICT) brings more risk threats to automotive. Researchers have shown that an attacker can easily tamper with many automotive functions via On-Board Diagnostic II (OBD-II) or In-Vehicle Infotainment (IVI). In order to protect automotive against malicious attacks, automotive security risks were analyzed and then security mechanisms based on network firewall were designed in this paper. Automotive network firewall is a security system that monitors and controls incoming and outgoing network traffics of automotive based on predetermined security rules. The main functions of network firewall include packet filter, anti-DoS and access control.

In the automotive network architecture, the basic functions of gateway include routing, diagnostic, network management and so on. With the rapid development of connected vehicles, the cybersecurity has become an important topic in the automotive network. A spoof ECU can be used to hack the automotive network. In order to prevent the in-vehicle networks from attacking, the automotive gateway is an important part of the security architecture. A secure gateway should be able to authenticate the connected ECU and control the access to the critical network domain. The data and signals transferred between gateway and ECUs should be protected to against wiretap attacking. The purpose of this paper is to design a secure gateway for in-vehicle networks. In this paper, the designing process of the automotive secure gateway is presented. Based on the threat analysis, security requirements for automotive gateway are defined.