1 research outputs found
Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security
Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs)
via domain busses. A gateway forwards messages between these domains.
Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs
that carries the various control flows within Ethernet frames. Recently,
Software-Defined-Networking (SDN) has been identified as a useful building
block of the vehicular domain, as it allows the differentiation of packets
based on all header fields and thus can isolate unrelated control flows. In
this work, we systematically explore the different strategies for integrating
automotive control flows in switched Ether-networks and analyze their security
impact for a software-defined IVN. We discuss how control flow identifiers can
be embedded on different layers resulting in a range of solutions from fully
exposed embedding to deep encapsulation. We evaluate these strategies in a
realistic IVN based on the communication matrix of a production grade vehicle,
which we map into a modern Ethernet topology. We find that visibility of
automotive control flows within packet headers is essential for the network
infrastructure to enable isolation and access control. With an exposed
embedding, the SDN backbone can establish and survey trust zones within the IVN
and largely reduce the attack surface of connected cars. An exposed embedding
strategy also minimizes communication expenses