Software-Defined Networks Supporting Time-Sensitive In-Vehicular Communication

Future in-vehicular networks will be based on Ethernet. The IEEE Time-Sensitive Networking (TSN) is a promising candidate to satisfy real-time requirements in future car communication. Software-Defined Networking (SDN) extends the Ethernet control plane with a programming option that can add much value to the resilience, security, and adaptivity of the automotive environment. In this work, we derive a first concept for combining Software-Defined Networking with Time-Sensitive Networking along with an initial evaluation. Our measurements are performed via a simulation that investigates whether an SDN architecture is suitable for time-critical applications in the car. Our findings indicate that the control overhead of SDN can be added without a delay penalty for the TSN traffic when protocols are mapped properly.Comment: To be published at IEEE VTC2019-Sprin

DoS Protection through Credit Based Metering -- Simulation-Based Evaluation for Time-Sensitive Networking in Cars

Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the attack surface for many components. In this paper proposes an IEEE 802.1Qci based algorithm that on the one hand, protects against DoS attacks by metering incoming Ethernet frames. On the other hand, it adapts to the behavior of the Credit Based Shaping algorithm, which was standardized for Audio/Video Bridging, the predecessor of Time-Sensitive Networking. A simulation of this proposed Credit Based Metering algorithm evaluates the concept.Comment: If you cite this paper, please use the original reference: P. Meyer, T. H\"ackel, F. Korf, and T. C. Schmidt. DoS Protection through Credit Based Metering - Simulation Based Evaluation for Time-Sensitive Networking in Cars. In: \emph{Proceedings of the 6th International OMNeT++ Community Summit}. September, 2019, Easychai

SDN4CoRE: A Simulation Model for Software-Defined Networking for Communication over Real-Time Ethernet

Ethernet has become the next standard for automotive and industrial automation networks. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software-Defined Networking functions promises additional benefits: A programming option for TSN devices can add much value to the resilience, security, and adaptivity of the environment. Network simulation allows to model highly complex networks before assembly and is an essential process for the design and validation of future networks. Still, a simulation environment that supports programmable real-time networks is missing. This paper fills the gap by sharing our simulation model for Software-Defined Networking for Communication over Real-Time Ethernet (SDN4CoRE) and present initial results in modeling programmable real-time networks. In a case study, we show that SDN4CoRE can simulate complex programmable real-time networks and allows for testing and verifying the programming of real-time devices.Comment: If you cite this paper, please use the original reference: T. H\"ackel, P. Meyer, F. Korf, and T. C. Schmidt. SDN4CoRE: A Simulation Model for Software-Defined Networking for Communication over Real-Time Ethernet. In: Proceedings of the 6th International OMNeT++ Community Summit. September, 2019, Easychai

Authenticated and Secure Automotive Service Discovery with DNSSEC and DANE

Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robust security architecture, even though security is an essential in future Internet-connected vehicles. In this paper, we augment the SOME/IP service discovery with an authentication and certificate management scheme based on DNSSEC and DANE. We argue that the deployment of well-proven, widely tested standard protocols should serve as an appropriate basis for a robust and reliable security infrastructure in cars. Our solution enables on-demand service authentication in offline scenarios, easy online updates, and remains free of attestation collisions. We evaluate our extension of the common vsomeip stack and find performance values that fully comply with car operations

A QoS Aware Approach to Service-Oriented Communication in Future Automotive Networks

Service-Oriented Architecture (SOA) is about to enter automotive networks based on the SOME/IP middleware and an Ethernet high-bandwidth communication layer. It promises to meet the growing demands on connectivity and flexibility for software components in modern cars. Largely heterogeneous service requirements and time-sensitive network functions make Quality-of-Service (QoS) agreements a vital building block within future automobiles. Existing middleware solutions, however, do not allow for a dynamic selection of QoS. This paper presents a service-oriented middleware for QoS aware communication in future cars. We contribute a protocol for dynamic QoS negotiation along with a multi-protocol stack, which supports the different communication classes as derived from a thorough requirements analysis. We validate the feasibility of our approach in a case study and evaluate its performance in a simulation model of a realistic in-car network. Our findings indicate that QoS aware communication can indeed meet the requirements, while the impact of the service negotiations and setup times of the network remain acceptable provided the cross-traffic during negotiations stays below 70% of the available bandwidth

Automotive Communication Architectures Supporting Quality-of-Service Agreements

Die Einführung neuer Funktionen im Auto, von Fahrassistenzsystemen über Connected Cars bis hin zum autonomen Fahren bringt Herausforderungen für die Kommunikationsarchitektur im Auto mit sich. Dazu gehören steigender Bandbreitenbedarf, größere Vernetzung von Komponenten und die Öffnung des Autonetzes zum Internet of Things. Diese können durch die Einführung einer neuen zentralisierten dienstorientierten Kommunikationsarchitektur gelöst werden. Da im Kommunikationsnetz des Autos Dienste mit verschiedensten Anforderungen an die Kommunikationsarchitekturen existieren, ist die Vereinbarung von Dienstgüte ein zentraler Aspekt. In dieser Arbeit werden die verschiedenen Aspekte einer Kommunikationsarchitektur zur Unterstützung von Dienstgüte analysiert. Auf dieser Basis wird ein Konzept für eine Middleware zur dienstorientierten Kommunikation im Auto entworfen und in der Simulation mit Beispielszenarien evaluiert.The introduction of new features like Driver Assistance, Connected Cars and Autonomous Driving pose many challenges such as increasing demand in bandwidth, increasing interconnectivity of components and opening the vehicular network to the Internet of Things. To overcome them, a novel centralised service-oriented communication architecture is introduced. As services in the vehicular network have different requirements, Quality-of-Service agreements are a central aspect in the communication of services. This thesis aims to examine the various aspects of automotive communication architectures supporting quality of service agreements. Furthermore, a concept for a service-oriented communication architecture will be designed and evaluated with example scenarios in a simulationenvironment

DoS Protection through Credit Based Metering - Simulation Based Evaluation for Time-Sensitive Networking in Cars

Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the attack surface for many components. In this paper proposes an IEEE 802.1Qci based algorithm that on the one hand, protects against DoS attacks by metering incoming Ethernet frames. On the other hand, it adapts to the behavior of the Credit Based Shaping algorithm, which was standardized for Audio/Video Bridging, the predecessor of Time-Sensitive Networking. A simulation of this proposed Credit Based Metering algorithm evaluates the concept

SDN4CoRE: A Simulation Model for Software-Defined Networking for Communication over Real-Time Ethernet

Ethernet has become the next standard for automotive and industrial automation networks. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software- Defined Networking functions promises additional benefits: A programming option for TSN devices can add much value to the resilience, security, and adaptivity of the environment. Network simulation allows to model highly complex networks before assembly and is an essential process for the design and validation of future networks. Still, a simulation environment that supports programmable real-time networks is missing. This paper fills the gap by sharing our simulation model for Software-Defined Networking for Communication over Real-Time Ethernet (SDN4CoRE) and present initial results in modeling programmable real-time networks. In a case study, we show that SDN4CoRE can simulate complex programmable real-time networks and allows for testing and verifying the programming of real-time devices

Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control

Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives