Security Mechanisms Design for In-Vehicle Network Gateway 2018-01-0018

In the automotive network architecture, the basic functions of gateway include routing, diagnostic, network management and so on. With the rapid development of connected vehicles, the cybersecurity has become an important topic in the automotive network. A spoof ECU can be used to hack the automotive network. In order to prevent the in-vehicle networks from attacking, the automotive gateway is an important part of the security architecture. A secure gateway should be able to authenticate the connected ECU and control the access to the critical network domain. The data and signals transferred between gateway and ECUs should be protected to against wiretap attacking. The purpose of this paper is to design a secure gateway for in-vehicle networks. In this paper, the designing process of the automotive secure gateway is presented. Based on the threat analysis, security requirements for automotive gateway are defined. Secure communication, key master, and firewall are proposed as the security mechanisms to protect the automotive gateway. Secure communication mechanisms contain the message authentication and data encryption. Key master is a gateway function to distribute and update the keys for the secure communication of connected ECUs. Firewall based on message filter is designed to isolate the untrusted network domain and trusted network domain. The security functions of the automotive gateway are validated in a simulated attacking environment. A microcontroller with HSM is used to implement the secure gateway. Considering the influences of security mechanisms, the network latency is tested and the results have proved the secure gateway is effective and efficient.