State-of-the-art survey of in-vehicle protocols and automotive Ethernet security and vulnerabilities

Abstract

<abstract> <p>With the help of advanced technology, the automotive industry is in continuous evolution. Modern vehicles are not only comprised of mechanical components but also contain highly complex electronic devices and connections to the outside world. Today's vehicle usually has between 30 and 70 ECUs (Electronic Control Units), which communicate with each other over standard communication protocols. There are different types of in-vehicle network protocols and bus systems, including the Controlled Area Network (CAN), Local Interconnected Network (LIN), FlexRay, Media Oriented System Transport (MOST), and Automotive Ethernet (AE). Modern cars are also able to communicate with other devices through wired or wireless interfaces such as USB, Bluetooth, Wi-Fi or even 5G. Such interfaces may expose the internal network to the outside world and can be seen as entry points for cyber-attacks. In this paper, the main interest is in the AE network protocol. AE is a special Ethernet design that provides the bandwidth needed for today's applications, and the potential for even greater performance in the future. However, AE is a "best effort" protocol, which cannot be considered reliable. This implies that it is not trustworthy in terms of reliability and timely deliveries. The focus of this paper is to present a state-of-the-art survey of security threats and protection mechanisms relating to AE. After introducing and comparing the different protocols being used in the embedded networks of current vehicles, we analyze the potential threats targeting the AE network and describe how attackers' opportunities can be enhanced by the new communication abilities of modern cars. Finally, we present and compare the AE security solutions currently being devised to address these problems and propose some recommendations and challenges to deal with security issue in AE protocol.</p> </abstract>