Zero Trust in Autonomous Vehicle Networks Utilizing Automotive Ethernet
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2022
Författare
Blåberg Kristoffersson, John
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
If fully autonomous vehicles are going to become a reality, there has to be a significant investment in proper security measures. One of the measures that should be taken is to move the internal network security model away from perimeter security to a zero trust model. With a perimeter security model, if a malicious actor were able to connect to the in-vehicle network, they would be able to send arbitrary data to the different ECUs. The zero trust model requires continuous authentication of all devices, removing any chance for a malicious third party to connect to the network. This has not been possible due to the low bandwidth of legacy bus protocols, but with the introduction of automotive Ethernet, the bandwidth is no longer a limitation.
This thesis evaluates the viability of a zero trust network architecture in the internal network of an autonomous vehicle. This includes evaluating the performance impact of two different security protocols for guaranteeing message integrity, IPsec and MACsec, and the performance impact of retrofitting security protocol support with “Bump-in-the-Wire” devices. Lastly, a design for implementing key distribution and authentication is presented. The work found that adding message integrity did not substantially increase latency but did take up many CPU cycles. Thus, cryptographic hardware acceleration might be necessary to make a zero trust environment viable in a production setting.
Beskrivning
Ämne/nyckelord
automotive security , MACsec , IPsec , automotive ethernet , zero trust