External, internal communication security and GATEWAY security
From this post, we will look at the technologies commonly used to strengthen automotive cybersecurity one by one. One of the essentials to achieve effective cybersecurity is the concept of ‘Defense-In-Depth’.
Defense-in-Depth
Defense-in-Depth (DiD) strategy is a comprehensive cybersecurity approach that protects an organization’s assets and networks through multiple layers of security measures. This strategy is designed so that each layer of security complements the other, and if the security of one layer is compromised, the other layers provide additional protection to keep the overall system secure. This is an essential strategy to effectively respond to increasingly complex and diverse cyber threats.
Key components of defense in depth
1. Physical Security:
- Restrict physical access through building access controls, surveillance cameras, security guards, etc.
2. Network Security:
- Monitor and manage network traffic using firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
- We use encryption technologies such as VPN to ensure the safety of data transmission.
3. Application Security:
- Regularly perform security patches and updates to applications.
- Minimize application vulnerabilities by applying coding techniques that consider security from the development stage.
4. Data Security:
- Protect sensitive data using data encryption, access control lists (ACLs), data classification, and data loss prevention (DLP) technologies.
5. Endpoint Security:
- Install anti-virus software and anti-malware solutions on each endpoint and update them regularly.
- Enhance device security with mobile device management (MDM).
6. Personal Security:
- Conduct security awareness training regularly to help employees prevent security incidents.
- Strengthen user authentication by applying strong password policies, multi-factor authentication (MFA), etc.
Benefits of Defense in Depth
- Scalability: Provides a security structure that can flexibly respond to various security threats and scenarios.
- Enhanced Resistance: Multiple security layers allow security vulnerabilities that may occur in one to be offset in another layer.
- Effective Risk Management: Detect and block threats at an early stage to minimize potential damage.
A defense-in-depth strategy is an essential approach to effectively respond to the complexity and evolution of cyber threats. This strategy plays an important role in systematically strengthening an organization’s security and protecting its critical assets from cyberattacks. Each layer must work independently of one another as well as complement one another, strengthening the security posture of the entire organization.
The above explanation is an example of defense in depth applied to IT systems. This is very useful in understanding the concept of defense in depth. When looking at defense-in-depth in automotive battlefield systems, it can be broadly divided into four major layers: Each layer provides different approaches and features to enhance the security of automotive systems. The following figure shows these layers schematically:
In this post, we will talk about vehicle external communication security, GATEWAY, and internal communication communication security technology.
1. Vehicle external communication security technology
- TLS, Transport Layer Security
2. GATEWAY
- Ethernet Firewall
- IDS (Intrusion Detection System)
- IPS (Intrusion Prevention System)
3. Vehicle internal communication security technology
- SecOC
TLS (Transport Layer Security)
Transport Layer Security (TLS) is a widely used protocol for securely transmitting data over the Internet. This protocol allows mobile devices, such as vehicles, to securely exchange data with cloud services or other external systems, ensuring the integrity and confidentiality of the data. Let’s explain the main features and implementation of TLS in more detail.
Key features of TLS
1. Data Encryption:
- TLS encrypts data, preventing it from being eavesdropped or tampered with as it is transmitted over a network. This is an important security element, especially when the vehicle communicates with external networks.
2. Authentication between communication entities:
- TLS uses certificates to verify the identity between the server and the client. This ensures that vehicles exchange data only with trusted servers and protects against counterfeit or malicious servers.
3. Crypto Algorithm Negotiation:
- When initiating communication, TLS negotiates which encryption algorithm to use and which key exchange method to use. This helps ensure optimal performance while maintaining an optimal level of security.
TLS implementation process
1. Use of the library:
- To implement the TLS protocol, developers use standard TLS libraries such as OpenSSL, WolfSSL, etc. These libraries help developers easily implement secure communications by abstracting away the complex implementation of TLS.
2. Need for secure storage:
- TLS certificates and secret keys must be stored in a secure storage. This prevents keys from being leaked and enhances the security of the system.
3. Balance with performance:
- TLS may generate additional computational load during the process of encrypting and decrypting data. Therefore, there must be a good balance between performance and security. This can be especially important for in-vehicle devices where resources are limited.
Importance of TLS
The use of TLS is becoming increasingly important in IoT devices such as vehicles. Keeping data safe and protecting systems from unauthorized access is directly related to the privacy and property protection of vehicle users. TLS is a key technology to meet these security needs and is becoming an essential element of vehicle communication systems.
Ethernet Firewall
Ethernet Firewall is one of the security features that plays a particularly important role in vehicle network systems. It is used to secure internal vehicle networks based on Ethernet or communications between the vehicle and the outside world. Ethernet Firewall enhances network security by blocking certain types of traffic and filtering out unwanted or dangerous data traffic.
Functions and features of Ethernet Firewall
1. Traffic Filtering:
- Ethernet Firewall monitors and manages inbound and outbound network traffic. Filter traffic based on allowed traffic types, source and destination addresses, port numbers used, etc. This prevents unnecessary or dangerous traffic from accessing your network.
2. Rule-based access control:
- Administrators can control network traffic by setting specific rules. For example, you can block all requests from a specific external IP address, or allow only certain types of packets to pass through your network. These rules can be customized according to the vehicle’s security requirements.
3. Healthy Checking Firewall Features:
- An Ethernet Firewall may include stateful firewall functionality, which tracks the state of a connection and filters traffic within the context of each network session. This feature gives you more precise control over sessions within your network.
4. Minimum impact on network performance:
- High-performance Ethernet Firewall strengthens network security while minimizing network performance degradation. Modern firewalls provide high-speed data processing and fast packet inspection capabilities to maintain the efficiency of vehicle networks.
5. Use Cases and Applications:
- In V2X (Vehicle-to-Everything) communication between vehicles and external infrastructure, and data exchange between various ECUs (Electronic Control Units) inside the vehicle, Ethernet Firewall is used to ensure data protection and network efficiency.
The Ethernet Firewall acts as an important security gateway for vehicle networks, allowing vehicles to exchange data more securely and protect themselves from external threats. With increasing networking and connectivity in the automotive industry, the importance of these security devices will continue to increase.
IPS (Intrusion Prevention System)
IDS, or Intrusion Detection System, is a security technology that detects abnormal activity or policy violations in a network or system. IDS primarily monitors and analyzes network traffic to identify known attack patterns, anomalous behavior, or threatening data flows. This system protects your organization as part of your security infrastructure by detecting cyber threats early and raising alerts when necessary.
Key features of IDS
1. Traffic Monitoring and Analysis:
- IDS continuously inspects data packets transmitted over the network. This data is compared to patterns, signatures, and previously documented attack profiles.
2. Alarm function:
- When suspicious activity or known threat patterns are detected, the IDS immediately triggers an alert. This gives IT security teams the ability to respond quickly and block potential security threats.
3. Log generation and reporting:
- IDS records all detected events and provides detailed reports to analyze them. These records may be used for future forensic analysis or security audits.
Main types of IDS
1. Network-based IDS (NIDS):
- Monitors the entire network and analyzes all traffic passing through the network. It can be deployed at key access points on the network to monitor a wide range of network activity.
2. Host-based IDS (HIDS):
- Runs on an individual host or device and monitors that system’s file system and system calls. HIDS is useful for closely monitoring activity inside a specific host.
3. Signature-based detection:
- This method detects attacks using signatures (characteristic patterns) of known attacks. Although effective, it may go undetected against new or modified attacks.
4. Anomaly Detection:
- Detect abnormal behavior compared to normal network activity. Although this approach can be effective against new types of attacks, it is prone to false alarms.
Applications of IDS
- Network safety can be strengthened by utilizing IDS in areas such as CAN networks or V2X communications inside vehicles.
IDS is a critical defensive tool in complex cybersecurity environments, essential for strengthening the security of networks and protecting an organization’s assets. However, IDS is most effective when used in conjunction with other security measures and should be integrated as part of a layered security strategy.
IPS (Intrusion Prevention System)
IPS, or Intrusion Prevention System, is an important tool for enhancing network security. It extends the capabilities of an intrusion detection system (IDS) to analyze network traffic in real time and automatically block known threats. IPS enhances network security through the ability to actively prevent cyber attacks and helps keep the system safe by blocking potential attacks in real time.
Key features of IPS
1. Traffic Monitoring and Analysis:
- IPS continuously monitors and analyzes all data packets passing through the network. This provides deep visibility into your network and prevents malicious traffic from infiltrating your systems.
2. Automatic Threat Protection:
- When malicious activity or attempted attack is detected, IPS immediately blocks traffic and disconnects the associated connection. This process is automatic and actively keeps your network secure.
3. Policy-based control:
- Administrators can set specific security policies on IPS. This policy is customized based on your organization’s security requirements, and the IPS controls network traffic based on this policy.
4. Real-time alerts and reporting:
- Whenever a threat is detected, IPS sends an alert to your security team. It also provides detailed reports on all security events, giving you the information you need for follow-up and analysis.
How IPS works
1. Signature-based detection:
- IPS detects traffic based on signatures (patterns) of known attacks. These signatures are stored in a database, and the IPS compares them with network traffic to find matching patterns.
2. Anomalous behavior detection:
- IPS learns the normal behavior patterns of the network and detects abnormal activity based on this. This method is also effective for new or unknown attack types.
3. Protocol Analysis:
- Detects abnormal use of network protocols and prevents attacks using protocols.
SecOC (Secure Onboard Communication)
SecOC is an important system that enhances the security of vehicle internal communications. It was developed as part of the AUTOSAR (AUTomotive Open System ARchitecture) standard and guarantees the authenticity, integrity, and freshness of data transmission between various controllers in the vehicle. This plays an essential role in vehicle safety and data protection. The following description explains in more detail the functions, operating principles, and implementation of SecOC.
Key features of SecOC
1. Authenticity:
- SecOC ensures that data originates from a trusted source. This is possible by generating a MAC through a shared key, which the recipient can verify to identify the source of the data.
2. Integrity:
- Ensuring data integrity means that data has been transmitted without alteration, corruption or manipulation. In SecOC, the MAC is transmitted along with the data, and the receiver recalculates the MAC to ensure that the original data has not been altered.
3. Freshness:
- Freshness of data ensures that the information is up-to-date and has not been subject to replay attacks. To achieve this, SecOC includes timestamps or counters in the data package, providing uniqueness and temporal context for each message.
How it works
1. MAC creation process:
- The controller calculates the MAC based on the shared secret key and data. This process is carried out using an encryption algorithm.
2. Message Assembly:
- The generated MAC is attached to the message as a tag, which is transmitted over the network along with the transmitted data.
3. Data reception and verification:
- The recipient independently calculates the MAC using the same encryption key and compares it to the received MAC. If there is a mismatch, the data is considered corrupted or tampered with.
Implementation and Considerations
- Using AUTOSAR tools:
- AUTOSAR compatible tools are used to implement SecOC. This tool helps developers effectively integrate SecOC capabilities.
- Computational load management:
- Cryptographic operations increase computational load. To respond, we allocate and optimize system resources and processing power appropriately.
- Secure storage required:
- Sensitive security information, such as shared keys, should be stored in secure storage. This is important to prevent unauthorized access and leakage of your keys.
SecOC is an important element responsible for the security of internal vehicle communications and plays an essential role in strengthening the vehicle’s cybersecurity system. This technology increases vehicle safety and helps protect users and vehicles from cyber threats.
If you are interested in other articles about Cyber Security Series, please refer to the links below!
[Cyber Security] 1. ISO/SAE 21434 Basic
[Cyber Security] 3. cyber security cryptography technology
[Cyber Security] 5. Security Controls : Diagnostic Security Features
[Cyber Security] 6. Access Control : Diagnostic Security Features
[Cyber Security] 7. Security Updates : Diagnostic Security Features
[Cyber Security] 8. Secure Boot, Secure Debug, Secure Storage