Automotive softwarization is progressing and future cars are expected to
operate a Service-Oriented Architecture on multipurpose compute units, which
are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture
foresees a universal middleware called SOME/IP that provides the service
primitives, interfaces, and application protocols on top of Ethernet and IP.
SOME/IP lacks a robust security architecture, even though security is an
essential in future Internet-connected vehicles. In this paper, we augment the
SOME/IP service discovery with an authentication and certificate management
scheme based on DNSSEC and DANE. We argue that the deployment of well-proven,
widely tested standard protocols should serve as an appropriate basis for a
robust and reliable security infrastructure in cars. Our solution enables
on-demand service authentication in offline scenarios, easy online updates, and
remains free of attestation collisions. We evaluate our extension of the common
vsomeip stack and find performance values that fully comply with car
operations