Authenticated and Secure Automotive Service Discovery with DNSSEC and DANE

2023 IEEE Vehicular Networking Conference (VNC) Pub Date : 2023-03-27 DOI:10.1109/VNC57357.2023.10136332

M. Mueller, Timo Häckel, Philipp Meyer, Franz Korf, T. Schmidt

{"title":"Authenticated and Secure Automotive Service Discovery with DNSSEC and DANE","authors":"M. Mueller, Timo Häckel, Philipp Meyer, Franz Korf, T. Schmidt","doi":"10.1109/VNC57357.2023.10136332","DOIUrl":null,"url":null,"abstract":"Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robust security architecture, even though security is an essential in future Internet-connected vehicles. In this paper, we augment the SOME/IP service discovery with an authentication and certificate management scheme based on DNSSEC and DANE. We argue that the deployment of well-proven, widely tested standard protocols should serve as an appropriate basis for a robust and reliable security infrastructure in cars. Our solution enables on-demand service authentication in offline scenarios, easy online updates, and remains free of attestation collisions. We evaluate our extension of the common vsomeip stack and find performance values that fully comply with car operations.","PeriodicalId":185840,"journal":{"name":"2023 IEEE Vehicular Networking Conference (VNC)","volume":"161 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Vehicular Networking Conference (VNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VNC57357.2023.10136332","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robust security architecture, even though security is an essential in future Internet-connected vehicles. In this paper, we augment the SOME/IP service discovery with an authentication and certificate management scheme based on DNSSEC and DANE. We argue that the deployment of well-proven, widely tested standard protocols should serve as an appropriate basis for a robust and reliable security infrastructure in cars. Our solution enables on-demand service authentication in offline scenarios, easy online updates, and remains free of attestation collisions. We evaluate our extension of the common vsomeip stack and find performance values that fully comply with car operations.

查看原文本刊更多论文

通过DNSSEC和DANE验证和安全的汽车服务发现

汽车软件化正在发展，未来的汽车预计将在多用途计算单元上运行面向服务的体系结构，这些计算单元通过高速以太网骨干相互连接。AUTOSAR体系结构预见了一种称为SOME/IP的通用中间件，它在以太网和IP之上提供服务原语、接口和应用协议。尽管安全性在未来的互联网连接车辆中是必不可少的，但SOME/IP缺乏强大的安全架构。在本文中，我们使用基于DNSSEC和DANE的认证和证书管理方案来增强SOME/IP服务发现。我们认为，部署经过充分验证、广泛测试的标准协议应该作为汽车中强大可靠的安全基础设施的适当基础。我们的解决方案支持离线场景下的按需服务认证，易于在线更新，并且不会发生认证冲突。我们评估了公共vsomeip堆栈的扩展，并找到了完全符合汽车操作的性能值。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE Vehicular Networking Conference (VNC)

自引率

0.00%

发文量