Abstract
Mehmet Mueller, Timo Häckel, Philipp Meyer, Franz Korf, Thomas C. Schmidt,
Authenticated and Secure Automotive Service Discovery with DNSSEC and DANE,
In: Proc. of the 14th IEEE Vehicular Networking Conference (VNC), p. 231–238, IEEE, April 2023.
[html][pdf][BibTeX][Abstract]
Abstract: Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robust security architecture, even though security is an essential in future Internet-connected vehicles. In this paper, we augment the SOME/IP service discovery with an authentication and certificate management scheme based on DNSSEC and DANE. We argue that the deployment of well-proven, widely tested standard protocols should serve as an appropriate basis for a robust and reliable security infrastructure in cars. Our solution enables on-demand service authentication in offline scenarios, easy online updates, and remains free of attestation collisions. We evaluate our extension of the common vsomeip stack and find performance values that fully comply with car operations.
Themes: Time-Sensitive Networking , Network Security
This page generated by bibTOhtml on Sun 22 Dec 2024 12:05:05 AM UTC