MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication

Ju Ho Choi; Sung Gi Min; Youn Hee Han

doi:10.1109/ICUFN.2018.8436963

MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication

Ju Ho Choi, Sung Gi Min, Youn Hee Han

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

The automotive industry has recently introduced Advanced driver assistance systems (ADAS) for safety and better driving. Many Electronic Control Units (ECUs) have been installed in the vehicle to support ADAS, and massive data stream flows over the in-vehicle network. Therefore, the Ethernet backbone, which can guarantee the high bandwidth, has emerged as an in-vehicle communication technology. However, security on automotive Ethernet has not yet been proposed. The IEEE MACsec with IEEE 802.1X Authentication and Key Management (AKM) may be applied for the in-vehicle secure communication, but it has a constraint that its security scope is based on a point-to-point approach. Whenever a frame arrives at the switches in the transmission path, the decryption and re-encryption of the frame are repeated. It may adversely affect the performance of ADAS related to the driver's safety by increasing the end-to-end latency. We therefore propose a new MACsec extension over the Software-Defined Networks (SDN) for an in-vehicle secure communication, which is based on IEEE 802.1X authentication mechanism. The proposed scheme extends the security scope of MACsec from point-to-point to end-to-end by delegating AKM process of ECUs and switches to SDN controller. It could minimize the cryptographic processes of the ECUs and switches without any modification of the existing MACsec standard, and could protect an automotive system from any manipulation by unauthorized third parties. The experimental results show that the proposed scheme is applicable for an in-vehicle secure communication.

Original language	English
Title of host publication	ICUFN 2018 - 10th International Conference on Ubiquitous and Future Networks
Publisher	IEEE Computer Society
Pages	180-185
Number of pages	6
ISBN (Print)	9781538646465
DOIs	https://doi.org/10.1109/ICUFN.2018.8436963
Publication status	Published - 2018 Aug 14
Event	10th International Conference on Ubiquitous and Future Networks, ICUFN 2018 - Prague, Czech Republic Duration: 2018 Jul 3 → 2018 Jul 6

Publication series

Name	International Conference on Ubiquitous and Future Networks, ICUFN
Volume	2018-July
ISSN (Print)	2165-8528
ISSN (Electronic)	2165-8536

Other

Other	10th International Conference on Ubiquitous and Future Networks, ICUFN 2018
Country/Territory	Czech Republic
City	Prague
Period	18/7/3 → 18/7/6

Keywords

IEEE 802.1AE
In-vehicle secure communication
authentication and key management (AKM)
automotive Ethernet

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture

Access to Document

10.1109/ICUFN.2018.8436963

Cite this

Choi, J. H., Min, S. G., & Han, Y. H. (2018). MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication. In ICUFN 2018 - 10th International Conference on Ubiquitous and Future Networks (pp. 180-185). [8436963] (International Conference on Ubiquitous and Future Networks, ICUFN; Vol. 2018-July). IEEE Computer Society. https://doi.org/10.1109/ICUFN.2018.8436963

MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication. / Choi, Ju Ho; Min, Sung Gi; Han, Youn Hee.

ICUFN 2018 - 10th International Conference on Ubiquitous and Future Networks. IEEE Computer Society, 2018. p. 180-185 8436963 (International Conference on Ubiquitous and Future Networks, ICUFN; Vol. 2018-July).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Choi, JH, Min, SG & Han, YH 2018, MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication. in ICUFN 2018 - 10th International Conference on Ubiquitous and Future Networks., 8436963, International Conference on Ubiquitous and Future Networks, ICUFN, vol. 2018-July, IEEE Computer Society, pp. 180-185, 10th International Conference on Ubiquitous and Future Networks, ICUFN 2018, Prague, Czech Republic, 18/7/3. https://doi.org/10.1109/ICUFN.2018.8436963

@inproceedings{1a6f0010704641f69722ebe468e06fbd,

title = "MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication",

abstract = "The automotive industry has recently introduced Advanced driver assistance systems (ADAS) for safety and better driving. Many Electronic Control Units (ECUs) have been installed in the vehicle to support ADAS, and massive data stream flows over the in-vehicle network. Therefore, the Ethernet backbone, which can guarantee the high bandwidth, has emerged as an in-vehicle communication technology. However, security on automotive Ethernet has not yet been proposed. The IEEE MACsec with IEEE 802.1X Authentication and Key Management (AKM) may be applied for the in-vehicle secure communication, but it has a constraint that its security scope is based on a point-to-point approach. Whenever a frame arrives at the switches in the transmission path, the decryption and re-encryption of the frame are repeated. It may adversely affect the performance of ADAS related to the driver's safety by increasing the end-to-end latency. We therefore propose a new MACsec extension over the Software-Defined Networks (SDN) for an in-vehicle secure communication, which is based on IEEE 802.1X authentication mechanism. The proposed scheme extends the security scope of MACsec from point-to-point to end-to-end by delegating AKM process of ECUs and switches to SDN controller. It could minimize the cryptographic processes of the ECUs and switches without any modification of the existing MACsec standard, and could protect an automotive system from any manipulation by unauthorized third parties. The experimental results show that the proposed scheme is applicable for an in-vehicle secure communication.",

keywords = "IEEE 802.1AE, In-vehicle secure communication, authentication and key management (AKM), automotive Ethernet",

author = "Choi, {Ju Ho} and Min, {Sung Gi} and Han, {Youn Hee}",

note = "Funding Information: This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education(2017R1D1A1B03032303) and also supported by the MIST (Ministry of Science and ICT), Korea, under the National Program for Excellence in SW (2015-0-00936) supervised by the IITP (Institute for Information and Communications Technology Promotion). Publisher Copyright: {\textcopyright} 2018 IEEE.; 10th International Conference on Ubiquitous and Future Networks, ICUFN 2018 ; Conference date: 03-07-2018 Through 06-07-2018",

year = "2018",

month = aug,

day = "14",

doi = "10.1109/ICUFN.2018.8436963",

language = "English",

isbn = "9781538646465",

series = "International Conference on Ubiquitous and Future Networks, ICUFN",

publisher = "IEEE Computer Society",

pages = "180--185",

booktitle = "ICUFN 2018 - 10th International Conference on Ubiquitous and Future Networks",

}

TY - GEN

T1 - MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication

AU - Choi, Ju Ho

AU - Min, Sung Gi

AU - Han, Youn Hee

N1 - Funding Information: This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education(2017R1D1A1B03032303) and also supported by the MIST (Ministry of Science and ICT), Korea, under the National Program for Excellence in SW (2015-0-00936) supervised by the IITP (Institute for Information and Communications Technology Promotion). Publisher Copyright: © 2018 IEEE.

PY - 2018/8/14

Y1 - 2018/8/14

N2 - The automotive industry has recently introduced Advanced driver assistance systems (ADAS) for safety and better driving. Many Electronic Control Units (ECUs) have been installed in the vehicle to support ADAS, and massive data stream flows over the in-vehicle network. Therefore, the Ethernet backbone, which can guarantee the high bandwidth, has emerged as an in-vehicle communication technology. However, security on automotive Ethernet has not yet been proposed. The IEEE MACsec with IEEE 802.1X Authentication and Key Management (AKM) may be applied for the in-vehicle secure communication, but it has a constraint that its security scope is based on a point-to-point approach. Whenever a frame arrives at the switches in the transmission path, the decryption and re-encryption of the frame are repeated. It may adversely affect the performance of ADAS related to the driver's safety by increasing the end-to-end latency. We therefore propose a new MACsec extension over the Software-Defined Networks (SDN) for an in-vehicle secure communication, which is based on IEEE 802.1X authentication mechanism. The proposed scheme extends the security scope of MACsec from point-to-point to end-to-end by delegating AKM process of ECUs and switches to SDN controller. It could minimize the cryptographic processes of the ECUs and switches without any modification of the existing MACsec standard, and could protect an automotive system from any manipulation by unauthorized third parties. The experimental results show that the proposed scheme is applicable for an in-vehicle secure communication.

AB - The automotive industry has recently introduced Advanced driver assistance systems (ADAS) for safety and better driving. Many Electronic Control Units (ECUs) have been installed in the vehicle to support ADAS, and massive data stream flows over the in-vehicle network. Therefore, the Ethernet backbone, which can guarantee the high bandwidth, has emerged as an in-vehicle communication technology. However, security on automotive Ethernet has not yet been proposed. The IEEE MACsec with IEEE 802.1X Authentication and Key Management (AKM) may be applied for the in-vehicle secure communication, but it has a constraint that its security scope is based on a point-to-point approach. Whenever a frame arrives at the switches in the transmission path, the decryption and re-encryption of the frame are repeated. It may adversely affect the performance of ADAS related to the driver's safety by increasing the end-to-end latency. We therefore propose a new MACsec extension over the Software-Defined Networks (SDN) for an in-vehicle secure communication, which is based on IEEE 802.1X authentication mechanism. The proposed scheme extends the security scope of MACsec from point-to-point to end-to-end by delegating AKM process of ECUs and switches to SDN controller. It could minimize the cryptographic processes of the ECUs and switches without any modification of the existing MACsec standard, and could protect an automotive system from any manipulation by unauthorized third parties. The experimental results show that the proposed scheme is applicable for an in-vehicle secure communication.

KW - IEEE 802.1AE

KW - In-vehicle secure communication

KW - authentication and key management (AKM)

KW - automotive Ethernet

UR - http://www.scopus.com/inward/record.url?scp=85052543752&partnerID=8YFLogxK

U2 - 10.1109/ICUFN.2018.8436963

DO - 10.1109/ICUFN.2018.8436963

M3 - Conference contribution

AN - SCOPUS:85052543752

SN - 9781538646465

T3 - International Conference on Ubiquitous and Future Networks, ICUFN

SP - 180

EP - 185

BT - ICUFN 2018 - 10th International Conference on Ubiquitous and Future Networks

PB - IEEE Computer Society

T2 - 10th International Conference on Ubiquitous and Future Networks, ICUFN 2018

Y2 - 3 July 2018 through 6 July 2018

ER -

MACsec Extension over Software-Defined Networks for in-Vehicle Secure Communication

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this