Low-cost experimental validation of cryptographic protocols for safety-critical automotive communication

Abstract

The automobile, previously seen as an isolated system, is now immersed in a connected environment where the data exchanged inside the car and with the outside world has little or no security measures against unwanted attackers. In this new scenario, automotive security must be one of the most important architectural attributes of any car. This fact raises some challenges for OEMs, since they must keep producing economically attractive cars, but with ever-increasing enticing functionalities. This trade-off has a direct impact on the possibilities for the hardware utilized to execute such functionalities, and hence its available processing power. Since security measures frequently involve the use of encryption methods, the required hardware performance tends to escalate; when safety-critical applications are concerned, the hardware requirements are even more severe due to maximum latency limitations. Advances in technology, especially in dedicated processing modules for specific tasks and the increase in raw processing power of processors, along with a redesigned architecture for the exchange of in-vehicle data communication, turn feasible the implementation of functionalities in cars that previously suffered from performance limitations. Ethernet arises as a high-bandwidth, scal- able and future-proof in-vehicle network technology and is the main component supporting this newly redesigned architecture. This work aims to investigate the performance implications introduced by the use of cryptographic protocols in the exchange of information among elec- tronic modules in safety-critical automotive systems. Confidentiality, authenticity, and integrity are explored over different secret key sizes, and different payload data sizes on the layer 2 of the network. Hardware encryption accelerator-enabled micro-controller units are utilized to ac- celerate cryptography-related calculations. The latency of the data exchange is compared with the case where only a Cyclic Redundancy Check (CRC32) is used, which has been the most commonly used method for integrity verification over the last years in the automotive domain, as well as with the case with no verification. Low-cost processing modules and an ordinary switch are utilized to experimentally demonstrate that the typical maximum latency values for safety-critical applications can be respected even after the application of cryptography to protect data communication among electronic modules.