Secure Time-Sensitive Software-Defined Networking in Vehicles
share
Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this work, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables control of synchronous and asynchronous real-time and best-effort traffic for all IVN traffic classes using a central SDN controller. We validate that the control overhead of SDN can be added without a delay penalty for TSN traffic, provided protocols are properly mapped. Based on our TSSDN concept, we demonstrate adaptable and reliable network security mechanisms for in-vehicle communication. We systematically investigate different strategies for integrating in-vehicle control flows with switched Ether-networks and analyze their security implications for a software-defined IVN. We discuss embeddings of control flow identifiers on different layers, covering a range from a fully exposed mapping to deep encapsulations. We experimentally evaluate these strategies in a production vehicle which we map to a modern Ethernet topology. Our findings indicate that visibility of automotive control flows on lower network layers is essential for providing isolation and access control throughout the network infrastructure. Such a TSSDN backbone can establish and survey trust zones within the IVN and reduce the attack surface of connected cars in various attack scenarios.
READ FULL TEXT
