Secure Time-Sensitive Software-Defined Networking in Vehicles

TL;DR

This paper introduces a TSSDN architecture that integrates TSN and SDN for secure, real-time in-vehicle networks, enabling control, security, and attack surface reduction in automotive Ethernet systems.

Contribution

It presents a novel TSSDN architecture that combines TSN and SDN, demonstrating secure, real-time control and attack surface reduction in vehicle networks.

Findings

Control can operate without delay penalties for TSN traffic.

Visibility of control flows enables network isolation and access control.

TSSDN reduces attack surface and enhances security in connected cars.

Abstract

Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this paper, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables control of synchronous and asynchronous real-time and best-effort communication for all IVN traffic classes. Despite the central SDN controller, we can validate that control can operate without a delay penalty for TSN traffic, provided protocols are properly mapped. We demonstrate how TSSDN adaptably and reliably enhances network security for in-vehicle communication. A systematic investigation of the possible control flow integrations with switched Ether-networks reveals that these strategies allow for shaping the attack surface of a software-defined IVN. We discuss embeddings of control flow identifiers on different layers, covering the range from a fully exposed mapping to deep encapsulation. We experimentally evaluate these strategies in a production vehicle, which we map to a modern Ethernet topology. Our findings indicate that visibility of automotive control flows on lower network layers enables isolation and access control throughout the network infrastructure. Such a TSSDN backbone can establish and survey trust zones within the IVN and reduce the attack surface of connected cars in various attack scenarios.