D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture...
Transcript of D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture...
![Page 1: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/1.jpg)
JapanAutomotiveSoftwarePlatformandArchitecture
CyberSecurityStudyforAutomotiveEthernetinJapanAutomotiveIndustry
ArchitectureTeamLeaderMikioKATAOKA
HitachiAutomotiveSystems,Ltd.
ArchitectureTeam,RequirementDefinitionSub-teamLeaderKeisukeTerada
Yazaki Corporation.
JASPARNextGenerationHigh-SpeedNetworkWG
7thIEEE-SAEthernet&IPAutomotiveTechnologyDay,SanJose,CA,USA,Nov.2017
![Page 2: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/2.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 2/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
![Page 3: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/3.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 3/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
![Page 4: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/4.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 4/26
1-1.WhatisJASPAR?
JASPAR:JapanAutomotiveSoftwarePlatformandArchitecture
JASPARwasestablishedtopursueincreasingdevelopmentefficiencyandensuringreliabilitybystandardizationandcommonuseof
electroniccontrolsystemandin-vehiclenetworkwhichareadvancingandcomplexing.
nMissionü Improvementsindevelopmentproductivityandsignificantlycontributetotheadvancementoftheworld’stechnologythroughstandardizationactivity.
ü Establishofthefairbasisforcompetitionofthewholeautomobileindustry.
n Achievementsü RepresentacollectivevoiceoftheJapanesecompaniesattheinternational
standardizationbodies.ü Contributetodevelopmentofglobalstandards.
![Page 5: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/5.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 5/26
OEM Tier1 Soft/Tool Semicon/Electronics Others
12 42 73 25 19BBoard memberHONDA R&DNissanTOYOTA
DENSO Toyota Tsusho
Regular memberISUZUMazdaSUBARUSUZUKI
ADVICSAISIN AWAISIN SEIKIAkebono BrakeAlpineALPSAutolivAutoliv Nissin BrakeBosch Calsonic KanseiClarionContinental AutomotiveFUJITSU TENFurukawa Electric Hitachi AMSJATCOJTEKT
KeihinMitsubishi ElectricNidec ElesysNIPPON SEIKINSKPanasonicPIONEERRicohSHOWASumitomo ElectricTOKAI RIKAToyoda GoseiTOYOTA INDUSTRIESYAZAKI
ADCAPRESIA APTJATSAUBASSCadenceCATSChange VisioneSOLETASFFRIFTLFUJI SOFTFUJITSUFUJITSU BSCHitachi ICSIBM Japan
KPITMentor GraphicsmicwareNECNihon SynopsysOMRONOTSLSCSKSTABILITY Sunny GikenToshiba Information Systems TOYOTrend MicroVector JapanWITZ
Harman InternationalHRSInfineonMegaChipsMicrochipMJKKMurata NXP SemiconductorsRenesasTDKTOSHIBATyco Electronics
DNP DTRSKDDISECOM TOPPANTOYOTA CRDL
1-2.JASPARmembersListasofSeptember,2017
Assciate memberDAIHATSUHinoHYUNDAIMitsubishi MotorUD Trucks
Delphi Automotive SystemsFujikuraKYBMagna International MITSUBANGK SPARK PLUGToyodensoTRANSTRONValeo JapanYamaha Motor
A&DA&W TechonologyACCEL JAPAN AICAISIN COMCRUISEANRITSUArgus Cyber
SecurityAXEAZAPABITSBrisonCanon ITSDigital ContentsDITdSPACEEager
EiwaElektrobitGAIOHI CORPHitachi High-TechIxiaLACMamezouMITO SOFTNEC Solution InnovatorsNetagentNTT DATA MSENTT DATA SBC PCI SolutionsSystenaTakasaki KyodoTata Consultancy
TOKYO ELECTRON DEVICETrilliumTTTechUbiquitousUSEWind RiverXilinxYokogawa
ADIARMCypress Innovates HI-LEXHitachi ULSI HosidenNTNROHMSanden Automotive ComponentsSanDisk ShindengenThineYOKOWO
Allion JapanBiz3HAGIWARAKyoei Sangyo MACNICANTT DOCOMOOECRENESAS EASTON RyodenRyosanSANSHINShinko Shoji
![Page 6: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/6.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 6/26
Executive BoardAuditor
Administrator
Board Members Steering Committee
FunctionalSafety
Working Groups
IntellectualProperty
AUTOSARStandardization
In-vehicleLAN
Dynamic Vehicle
Information Sharing
Cyber Security
Promotion
BluetoothConformance
MobileDevice
Interface
Next Generation High-Speed
NETwork
: Out of Action
: In actionCyber
Security Technical
OTATechnical
1-3.JASPAROrganization(asofSeptember2017)
![Page 7: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/7.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 7/26
NextGenerationHigh-SpeedNetworkWG
HardwareTeam
LeadersMeeting
1-4.NextGenerationHigh-SpeedNetworkWG
Architecture Team AUTOSAR Subcommittee OPEN Subcommittee
Definein-vehiclerequirementsforthenext-generationhigh-speednetworktechnology.Studycertification/authenticationmechanismstoensureconformanceandinteroperability,asrequired.Keepclosecooperationwithassociateddomestic/internationalorganizationsandcompaniestoaccomplishstatedgoals.
RequirementDefinitionSub-Team
SoftwareSwitchEvaluationSub-Team
![Page 8: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/8.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 8/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusofStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResult
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
![Page 9: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/9.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 9/26
2-1-1.CaseoftheCarHacking
Hackertrends
<Target>Uconnect implementedcar.<Attack>Controlthedisplay,steeringandtransmission.(Accidentscausedbyaremoteattackhasnotoccurred.)
<Target>FCAJeep<Attack>Sendthemaintenancecommandfromthediagnosisconnector.ImpersonatedaregularECUandcontrolthesteering.
‘13Hackinginthecar
‘15Hackingfromremote(Atlowspeed)
‘16Controlthecarusingmaintenancemode(Whendriving)
FCArecall1.4million units
Hackinglevelforcarshasincreasedyearbyyear
![Page 10: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/10.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 10/26
2-1-2.In-vehicleEthernetSecurity
Therearetheimportantissuesthatwediscussthesecuritymeasuresagainstcyberattacks.
AlsointheNextGenerationHigh-SpeedNetworkWG,thein-vehicleEthernetsecurityhasbeenstudiedfrom2015.
Maliciousattack
Protect
V2V
V2IV2P
![Page 11: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/11.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 11/26VLAN
2-2-1.JASPAR’sPresumedSecurityConfiguration
Tool OBD(DoIP)
TCU
IVI/NAVIGateway
ECU(Switch)
End-node
End-node
End-node
Server
ECU(Switch)
:
Dataencryption(TLS)
External Internal
• AccessControlList• Communicationmonitoring• Electroniccertification• VLANfiltering
• AccessControlList• Communicationmonitoring• Mutualauthentication• VLANfiltering
MutualauthenticationMessageauthentication
DMZ
• Spoofing countermeasure• Serverauthentication• Mutualauthentication
FW1
FW2
FW3
TCU:TelematicsControlUnitFW:Firewall
Thegateway separatesoutsideandinsideofvehicleasaattacksurfaceandfiltersillegaldataforintrusionprevention.Datacommunicatedwithoutsideofvehicleshouldbeencrypted.Messageauthenticationcodeisadaptedforcommunicationdataofin-vehicle.
![Page 12: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/12.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 12/26
EnumeratethesecuritytechnologiesrelatedtheEthernet.
2-2-2. EthernetSecurityTechnologies
![Page 13: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/13.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 13/26
Priorityconsiderationitemsareselectedforin-vehicleEthernetnetwork.Decidedbytheinterestsofparticipatingcompanies.
Thefollowing3itemsareselected.VLAN,Filtering,SSL/TLS.
2-2-3. Priority Consideration Items
Category Discussionitems
VLAN ・Usageofthe VLANas thenetworkconfiguration.・RoutingusingtheVLAN.(considerdomains)
Filtering ・Scopeoffilterapplicationasthe in-vehiclesystems.・Performanceof theautomotivemicrocomputer/switch.
Messageauthentication
・ThiscategoryisdiscussedbyotherWGinJASPAR.So,excludefromdiscusspointinthisWG.
SSL/TLS ・Investigatethespecification andthecompatibilitywiththein-vehiclesystems.・Performanceapplied toautomotivemicrocomputer.
DPI ・Investigate thetechnologies. (whatkindofattackcanbedetected)
MACSec, IPSec ・FeasibilitybasedonrequiredprocessingcapacityPerformance insoftware/hardware.
VLAN:VirtualLAN SSL:SecureSocketLayer TLS:TransportLayerSecurityDPI:DeepPacketInspection
![Page 14: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/14.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 14/26
Wediscussedtheimplementationpointsoffiltering.Asaresult,wepresumethefollowingpointsasimplementationpoints.Bymatchingbetweenthefilteringfunctionsetforeachpointandthereceivedpacket,itisselectedwhetherthepacketispassedordiscarded
2-3-1.ImplementationPointofFiltering
Tool OBD(DoIP)
TCU
IVI/NAVIECU(Switch)
End-node
End-node
End-node
Server
ECU(Switch)
:
External InternalDMZ
Gateway(switch)
Filterfunctionimplementationpoint
![Page 15: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/15.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 15/26
Selectthesecuritytechnologiesasaprerequisitetodiscussthefilteringfunction.Scope:Standardizedordiscussingtechnologiescreatedby
IEEE,IETF,etc.
2-3-2.SecurityTechnologiesAppliedtotheFiltering
SecuritytechnologiesPort-basedVLANTaggedVLANPrivateVLANSubnetworkbasedVLANMACfiltering,Portsecurity,IEEE802.1X,MACauthenticationbypassStaticMACTableDynamicARPInspectionIPSourceGuardIPfilteringVLANACLNAT(NetworkAddressTranslation)NAPT(NetworkAddressPortTranslation)DDoSOpenThreatSignaling(dots)OCSP(OnlineCertificateStatusProtocol)
![Page 16: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/16.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 16/26
2-3-3. FilteringFields andAppliedtoIn-vehicleNetworkEnumeratefilteringitemsforeachOSIlayers.
Implementationfunction.Appliedtoin-vehiclenetwork.Withorwithouthardwaresupport.
Enumeratedfilteringitems
![Page 17: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/17.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 17/26
WediscussedtheimplementationpointofTLS.Asaresult,wepresumethefollowingpointsasimplementationpoints.SincethereisapossibilitythattheinternalECUmaybecometheendpointofTLS,theimplementationpointofTLSistheentirenetworkincludinggateway,ECU,andendnode.
2-4-1.ImplementationPointofTLS
Tool OBD(DoIP)
TCU
IVI/NAVIECU(Switch)
End-node
End-node
End-node
Server
ECU(Switch)
:
External InternalDMZ
Gateway(switch)
TLSembeddedsoftware
![Page 18: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/18.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 18/26
DiscusstheTLSfunctionandtechnologyelements.Technologyoverviewandrecommendation.
2-4-2.TLS FunctionandTechnologiesRelatedTLS
Enumeratedtechnologyelements
![Page 19: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/19.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 19/26
PerformthethreatanalysisbytheCIA.ConsiderConfidentiality/Integrity/Availabilityandrelatedtechnicalelements.
2-4-3.ThreatAnalysisofTLS Requirements
CIA TLS Requirements
Confidentiality
Confidentialityofsessionkeys
Confidentiality ofmessages
Transport keys
Session information
Integrity
Serverauthentication
Client authentication
Message authentication
Availability
Connection times(Server)
Throughput
Connection times(Client)
Certificate renewal
![Page 20: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/20.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 20/26
DiscussionofVLANconfigurationbasedonJASPARnetworkconfiguration.=>Classifiedintotwotypes.
VLANconfigurationsbydomain.AssignVLANIDforeachnetworkdomain.VLANconfigurationsbyapplication.AssignVLANIDforeachapplication.
2-5-1.ExampleofVLANConfiguration
VLANconfigurationsbydomain VLANconfigurationsbyapplication
Ports ECUVLAN Membership
1 2 3 4 5
0 μC (Gateway) x x x x
1 Tool x
2 TCU x3 IVI/NAVI x x
4 ECU1 x
5 ECU2 x
6 Camera x
VLAN Application10 DoIP(Before auth.)10 DoIP(After auth.)20 xxxx12x xxxx230 xxxx33x xxxx4
Ports ECU
VLAN Membership
10(B
)
10(A
)
20 2x 30 3x
0 μC(Gateway) x x x1 Tool x x2 TCU x x3 IVI/NAVI x x x4 ECU1 x x x5 ECU2 x x x x
![Page 21: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/21.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 21/26
IncaseofapplyingafirewalltoVLANconfigurations.=>ConfiguretheFirewalltoforwardpacketsonlytotherequiredports.
2-5-2.ExampleofFirewallApplication
ExampleofthefirewallincaseofVLANconfigurationsbydomain
• WhitelistmethodChecktheVLANIDandtheL2,L3,L4headerspermittedforeachinput(physical)port,onlytransferthepermittedpackets
1.CommunicationwithinVLAN: End-node3⇔ End-node2Internal(betweenECU1andECU2)allowsfilteringtopass.
2.CommunicationbetweenVLANs:IVI/NAVI(VLAN3)⇔ End-node1(VLAN1)
ItispreferabletofilterbyMACaddress,IPaddress,portnumberatFW1andFW3ofGateway.
ExampleofthefirewallincaseofVLANconfigurationsbyapplication
VLAN Application10 FW2 internal comm.
(DoIP, before auth.)10 FW2 internal comm.
(DoIP, after auth.)20 FW1 internal comm.
(SOME/IP)2x FW1 external comm.
( application 1 )30 FW3 internal comm.
( IP Video)3x FW external comm.
( application 2 )
Ports ECUVLAN Membership
10(B
)
10(A
)
20 2x 30 3x
0 μC(Gateway) x x x1 Tool x x2 TCU x x3 IVI/NAVI x x x4 ECU1 x x x5 ECU2 x x x x
VLANID10:PortbasedVALNOthers:TaggedVLAN
![Page 22: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/22.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 22/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
![Page 23: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/23.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 23/26
TheseresultsaredescribedforJASPARguidelines.(within2017)JASPAR members can obtainthesedocuments.
3-1.Documentation
![Page 24: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/24.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 24/26
Wearediscussingthesecuritytechnologyverificationofin-vehicle.BycomparingICT(InformationCommunicationTechnology)securityandin-vehiclesecurity,clarifiesdifferentfactors.
3-2.FutureActivities
ConfigurationexampleinICT
Internet
FW1
L2Switch
TCU IVI/Navi
FW3
L3Switch(Router)SwitchingbetweenmultipleVLANs
Body
Chassis
ADASL2Switch
ECU
ECU
ECU
・・・
FW2
OBD(DoIP)Tool
StudyofTSNrequirementsStartedbyinvestigatingspecifications,underconsiderationofapplicationexamples.
![Page 25: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/25.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 25/26
DiscusstheEthernetsecuritytechnologiesappliedtoin-vehiclenetwork.EnumeratetheEthernetsecuritytechnologies.SelectFiltering,SSL/TLSandVLANforthepriorityconsiderationitems.
3-3.Conclusion
Discussed items Output
Filtering
- Enumeratethefilteringitems.L2:VLANID,TPID,VIDetc.L3:Protocolnumber,Controlflag(SYN)etc.
- Definetheimplementationsofhardwareorsoftware.
- Definetherequirements ofthefilteringitems.
SSL/TLS
- DiscomposedtheSSL/TLS technologiesintofunctionalelements.
Authenticationmethod,Encryption,ConnectiontimeandThroughputetc.
- TLStechnologiesguideline.- Clarifytheusecase,usedtechnologies.
VLAN
Definethe networkarchitecturewithVLAN.- VLANconfigurationsbydomain.Networkdesign(includingmulti-VLAN)
- VLANconfigurationsbyapplication.Networkdesign(DoIP,Imagetransmission,Mapdatadistributionetc.)
- VLAN designguideline.- VLANdesignarchitectureandrequired technologies.
![Page 26: D2-01 TERADA Security Study for Automotive …...Japan Automotive Software Platform and Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture](https://reader030.fdocuments.in/reader030/viewer/2022040818/5e62abb82654f971c27a5ceb/html5/thumbnails/26.jpg)
Japan Automotive Software Platform and Architecture2017/11/2 26/26
Thankyouforyourattention.