Cybersecurity in Automotive: How to Secure the Network at Lower Layers of the ISO/OSI Model?

Securing Layer 2: MACsec

What is MACsec?

IEEE 802.1AE MACsec (Media Access Control Security) is a technology dedicated to the second layer of the ISO/OSI model, where the protocol data unit (PDU) is a frame. MACsec provides secure communication at the Ethernet link level, delivering essential security mechanisms such as:

• authentication,
• encryption,
• integrity verification of transmitted data.

With MACsec, it is possible to ensure data integrity and confidentiality at layer 2, forming the foundation of a secure network infrastructure.

Securing Layer 3: IPsec

How does IPsec work?

IPsec (Internet Protocol Security) is a set of protocols dedicated to the network layer (layer 3) of the ISO/OSI model, where the protocol data unit (PDU) is a packet. Its purpose is to secure IP communication by providing:

• authentication,
• encryption,
• data integrity verification.

IPsec works with both IPv4 and IPv6, making it a universal solution for local networks and the Internet.

IPsec Operating Modes

IPsec offers two main modes of operation:

• Tunnel Mode – The entire IP packet is encrypted and encapsulated in a new IP packet. This mode is mainly used in VPN tunnels, ensuring protection of all traffic between two network points.
• Transport Mode – Only the IP packet payload (data) is encrypted, while the IP header remains unchanged. This mode is used for end-to-end communication, such as between a client and a server within the same network.

IPsec is an effective solution for securing communication, but in the context of the automotive industry, the SecOC protocol provides a more comprehensive level of protection.

SecOC – Securing Communication in the Automotive Industry

What is SecOC?

SecOC is a key protocol for protecting communication systems in vehicles. Its primary goal is to secure transmission between Electronic Control Units (ECUs), protecting them from cyber threats. The protocol’s specifications are provided by AUTOSAR.

Key Functions of SecOC

1. Data Authentication
   SecOC ensures the authenticity and integrity of data exchanged between ECUs in a vehicle network. It uses cryptographic techniques such as digital signatures to authenticate the origin of messages and verify that they have not been modified or tampered with during transmission.
2. Data Integrity
   Data integrity is ensured through the SecOC module and cryptographic modules (CSM/HSM). This integrity is protected by adding cryptographic checksums or Message Authentication Codes (MAC) to messages. These checksums enable receiving ECUs to detect any unauthorized modifications or data breaches caused by electromagnetic interference.
3. Confidentiality
   In addition to authentication and integrity protection, SecOC can support encryption to ensure the confidentiality of sensitive data transmitted over the vehicle network. Encryption ensures that data remains confidential and cannot be intercepted or decrypted by unauthorized parties. To implement these cybersecurity functions, a cryptographic key management module is also required.
4. Cryptographic Key Management
   SecOC relies on robust and reliable key management mechanisms for the secure distribution and handling of cryptographic keys used for authentication, encryption, and decryption. Proper cryptographic key management is essential for maintaining the security of the communication channel and preventing key-related attacks.
5. Secure Configuration
   SecOC allows for the configuration of security parameters and policies to meet specific automotive system security requirements. It involves defining security levels, selecting cryptographic algorithms, and setting up secure communication channels between ECUs. This protocol can help address challenging aspects of the ISO/SAE 21434 standard, such as the Cybersecurity Interface Agreement (CIA).
6. Attack Resistance
   SecOC is designed to withstand various security threats and attacks, including replay attacks (using Freshness Value). This mechanism generates a number/value based on timestamps or dedicated independent counters to detect and block replay attempts. This mitigates man-in-the-middle attacks or data manipulation attempts. It utilizes strong cryptographic algorithms and security measures to reduce the risk of security breaches in automotive systems.
7. Compliance with Industry Standards
   SecOC implementations typically comply with industry standards, such as the AUTOSAR standard, which defines specifications and requirements for secure communication protocols in automotive systems. Following AUTOSAR guidelines facilitates compliance with mandatory requirements from UN R155 and UN R156 regulations.

Summary

Securing a network at the lower layers of the ISO/OSI model requires the implementation of appropriate technologies. MACsec effectively protects layer 2, IPsec provides comprehensive security for layer 3, and SecOC offers an advanced solution for in-vehicle communication.

---

To Be Continued

In the next article, we will discuss security mechanisms for the higher layers of the ISO/OSI model and additional protective measures for automotive ecosystems.

---