Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How Ethernet Can Secure The Connected Car: Page 2 of 2

Other areas where new features are helping to further secure the Ethernet infrastructure and in turn, connected cars, include:

Rate limiting and bandwidth awareness
By default, Ethernet does not impose limits on how much bandwidth an end-point can use. That means one badly behaved end-point can disrupt or deny service to others. Existing methods to address this issue include storm control, which rate limits on broadcast/multicast/unknown unicast traffic per port and ingress/egress metering for limiting overall port traffic. Flow-based policing, which can precisely define and enforce bandwidth rules on a per-flow level, is another powerful option, as is using the many standard counters for software-based monitoring.

Device authentication/authorization
While each Ethernet packet contains a source MAC address, MAC addresses can be spoofed. So how exactly does one authenticate a device as valid prior to letting it onto the vehicle’s Ethernet network? The widely implemented 802.1x standard is one option. 802.1x defines a standardized means of passing Extensible Authentication Protocol (EAP) frames over a wired or wireless LAN. The framework allows for the exchange and validation of security credentials prior to granting access to the network. EAP supports many authentication methods (e.g., EAP-PSK and EAP-TLS), each one with its own set of authentication keys and credentials for device verification.

The strength of the authentication is determined by the different methods and credentials used, and this can all be pre-configured in the private environment of the manufacturing or service facility

The IEEE 802.1AR secure device identifier standard, widely used in point-of-sale devices today, may also prove helpful for securing the connected car for highly sensitive devices, such as a secure gateway.  It defines device identity and cryptographic binding to the device, as well as operation with EAP-TLS/802.1x.

Data encryption
Encryption ensures that encoded data is accessible only to authorized parties. Encryption can be performed at many layers in the communication stack, including the Ethernet layer; the 802.11AE MAC Security (MACSec) standard offers MAC-level encryption and message authentication for Ethernet using 802.1x for secure key exchange. However, it does require hardware support, which brings added cost and power demands, so it's not typically supported in mainstream devices.

There are many other standard methods for performing data encryption and authentication for Ethernet transport, including IEEE 1722a, IP SEC, and HDCP.

While Ethernet has long been used as an IT network technology, its application in the connected car is an undeniably growing trend. Ethernet offers a variety of mature, standard and widely supported and deployed options to protect the car from malicious attacks, and to secure the network infrastructure. These features will ensure Ethernet is well primed to play a critical role in securing the connected car for years to come.