Vulnerability Analysis of Time Synchronization in Automotive Ethernet

TL;DR

This paper analyzes the vulnerabilities in time synchronization protocols of automotive Ethernet, highlighting failure modes and demonstrating attack scenarios to ensure more robust in-vehicle communication systems.

Contribution

It provides the first detailed analysis of failure modes and security vulnerabilities in IEEE 802.1 AS within automotive Ethernet networks.

Findings

Normal operation can be disrupted by specific failure modes.

Failover mechanisms like hot-standby can be compromised.

Black hole attacks can significantly impair clock synchronization.

Abstract

The operation of many network communication protocols require accurate time synchronization between nodes. In the automotive space, IEEE 802.3bw (commonly referred to as automotive ethernet) is quickly becoming the most popular in-vehicle communication protocol between electronic control units (ECUs). The rapid advance of autonomous vehicles is predicated on a high throughput of multiple HD video streams, LIDAR readings, ML inferences, and vehicular control signals propagating on the same bus. To ensure reliability, security, and safety, for millions of passengers and bystanders, it is essential that the stack is robust at even the lowest level. The time synchronization protocol in this standard is IEEE 802.1 AS which was initially developed for virtual and virtual bridge local area networks (LANs). This paper presents an analysis of failure modes affecting the ability of in-vehicle automotive ethernet networks to synchronize clocks between ECUs. To demonstrate this, we use the OMNet++ discrete event simulator to showcase normal operation, failover to the hot-standby clock, and a black hole attack on one network switch.