A study of securing in-vehicle communication using IPSEC protocol

Jan Lastinec – Ladislav Hudec

   Current vehicles are increasingly dependent on Electronic Control Units (ECUs) that control virtually every system of the vehicle. To enable advanced features automotive embedded systems are opening to external world, which raises security concerns. At the same time these innovative systems require more complex software and higher bandwidth for information exchange. Thanks to its bandwidth, payload size, and openness, Ethernet is a candidate technology for future in-vehicle architectures. This paper deals with design of a novel approach to secure In-vehicle Systems by taking advantage of Ethernet/IP technology and proven security mechanisms from TCP/IP model. Main goal is to design an efficient solution that meets requirements for latency without requiring high amounts of processing power and provides secure exchange of control messages. The work is mainly focused on the widespread Controller Area Network (CAN). The presented solution is based on encapsulation of CAN frames into UDP datagrams with added authenticity, integrity, and (if required) confidentiality of communication using IPsec protocol in transport mode. This creates a ``secure tunnel’’ across backbone Ethernet network in a vehicle. Next part of the paper presents extensive tests in simulation that are based on our previous experiments on hardware, in order to evaluate the characteristics of the designed security extension. The results indicate that using IPsec is a viable solution for securing in-vehicle communications.

Keywords: controller area network, automotive ethernet, TCP/IP, communication security, IPsec

[full-paper]