Enabling the Security of Global Time in Software-Defined-Vehicles (SGTS, MACsec)

Pavithra Kumaraswamy, Andrei Rus
{"title":"Enabling the Security of Global Time in Software-Defined-Vehicles (SGTS, MACsec)","authors":"Pavithra Kumaraswamy, Andrei Rus","doi":"10.4271/2024-01-2978","DOIUrl":null,"url":null,"abstract":"The global time that is propagated and synchronized in the vehicle E/E architecture is used in safety-critical, security-critical, and time-critical applications (e.g., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384 [2]. These failures reduce the vehicle availability, robustness, and safety of the road user. IEEE 1588 [3] lists four mechanisms (integrated security mechanism, external security mechanism, architectural solution, and monitoring & management) to secure the global time. AUTOSAR defines the architecture and detailed specifications for the integrated security mechanism “Secured Global Time Synchronization (SGTS)” to secure the global time on automotive networks (CAN, FlexRay, Ethernet). However, there are also external security mechanisms such as MACsec which protect all communication frames (at layer 2) on an Ethernet network. The objective of this paper is to evaluate the need of SGTS in a vehicle E/E architecture. As part of the evaluation, this paper presents the experimental data to demonstrate the impact on the precision of global time with SGTS and MACsec. It describes the constraints that prevent applying the SGTS and/or MACsec on an Ethernet network. It emphasizes the tradeoff between security and precise global time when using SGTS and/or MACsec on an Ethernet network.","PeriodicalId":510086,"journal":{"name":"SAE Technical Paper Series","volume":"2 2","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SAE Technical Paper Series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4271/2024-01-2978","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The global time that is propagated and synchronized in the vehicle E/E architecture is used in safety-critical, security-critical, and time-critical applications (e.g., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384 [2]. These failures reduce the vehicle availability, robustness, and safety of the road user. IEEE 1588 [3] lists four mechanisms (integrated security mechanism, external security mechanism, architectural solution, and monitoring & management) to secure the global time. AUTOSAR defines the architecture and detailed specifications for the integrated security mechanism “Secured Global Time Synchronization (SGTS)” to secure the global time on automotive networks (CAN, FlexRay, Ethernet). However, there are also external security mechanisms such as MACsec which protect all communication frames (at layer 2) on an Ethernet network. The objective of this paper is to evaluate the need of SGTS in a vehicle E/E architecture. As part of the evaluation, this paper presents the experimental data to demonstrate the impact on the precision of global time with SGTS and MACsec. It describes the constraints that prevent applying the SGTS and/or MACsec on an Ethernet network. It emphasizes the tradeoff between security and precise global time when using SGTS and/or MACsec on an Ethernet network.
在软件定义汽车中实现全球时间安全(SGTS,MACsec)
在车辆 E/E 架构中传播和同步的全球时间用于安全关键型、安全关键型和时间关键型应用(如驾驶员辅助功能、入侵检测系统、车辆诊断、车辆诊断期间的外部设备验证、车辆到电网等)。如 IETF RFC 7384 [2] 所述,针对全球时间的网络安全攻击会导致错误时间、精度下降和拒绝服务。这些故障降低了车辆的可用性、鲁棒性和道路用户的安全性。IEEE 1588 [3] 列出了四种机制(集成安全机制、外部安全机制、架构解决方案以及监控和管理)来确保全球时间的安全。AUTOSAR 定义了集成安全机制 "安全全球时间同步 (SGTS) "的架构和详细规范,以确保汽车网络(CAN、FlexRay、以太网)上全球时间的安全。不过,也有一些外部安全机制,如 MACsec,可保护以太网网络上的所有通信帧(第 2 层)。本文旨在评估 SGTS 在汽车 E/E 架构中的必要性。作为评估的一部分,本文提供了实验数据,以证明 SGTS 和 MACsec 对全局时间精度的影响。本文介绍了妨碍在以太网网络中应用 SGTS 和/或 MACsec 的限制因素。它强调了在以太网网络上使用 SGTS 和/或 MACsec 时安全性与精确全局时间之间的权衡。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信