Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security

TL;DR

This paper explores various strategies for integrating control flows in software-defined in-vehicle networks, analyzing their security implications and effectiveness in isolating and protecting automotive control communications.

Contribution

It systematically evaluates different embedding strategies for control flows in Ethernet-based IVNs and assesses their security and cost impacts using realistic vehicle communication models.

Findings

Exposed embedding of control flows enhances security and reduces costs.

Visibility of control flows is crucial for effective isolation and access control.

Exposed embedding allows SDN to establish trust zones and minimize attack surfaces.

Abstract

Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined-Networking (SDN) has been identified as a useful building block of the vehicular domain, as it allows the differentiation of packets based on all header fields and thus can isolate unrelated control flows. In this work, we systematically explore the different strategies for integrating automotive control flows in switched Ether-networks and analyze their security impact for a software-defined IVN. We discuss how control flow identifiers can be embedded on different layers resulting in a range of solutions from fully exposed embedding to deep encapsulation. We evaluate these strategies in a realistic IVN based on the communication matrix of a production grade vehicle, which we map into a modern Ethernet topology. We find that visibility of automotive control flows within packet headers is essential for the network infrastructure to enable isolation and access control. With an exposed embedding, the SDN backbone can establish and survey trust zones within the IVN and largely reduce the attack surface of connected cars. An exposed embedding strategy also minimizes communication expenses.