Automotive MACsec

What is MACsec?

Media Access Control Security (short MACsec) is the state-of-the-art security solution on Ethernet. It provides integrity protection, replay protection, and optional confidentiality protection for nearly all frames transported on Ethernet. In contrast to other available solutions, this includes Unicast, Multicast, and Broadcast messages as well as all protocols running over Layer 2.

MACsec can be easily offloaded since it was designed with very strong hardware support in mind. This leaves the resources of applications controllers to the applications, while making sure that MACsec runs with the highest speed possible – covering complete link speed and having a very limited latency.

Starting up MACsec for Automotive Ethernet
Dr. Lars Völker, Technica Engineering
Jun. 2021 / 7th International VDI Conference – Cyber Security for Vehicles, virtual / English.

  • Advantages:

  •       Enables secure transmission of unicast, multicast, and broadcast data.
  •      – Allows to protect all protocols virtually, including layer 2 protocols like AVB TP (IEEE 1722).
  •      – The smallest attack surface on Ethernet-based links for attacks with physical access to a medium.
  •      – HW implementations allow for best performance compared to alternatives, while having the smallest impact on the
  •        host system.
  •      – Several standardized authentication mechanisms are available to fulfill different requirements and use cases, if
  •        needed
  •      – Protection from the base of the network stack against common attacks:
  •           – Manipulation of data on Ethernet links.
  •           – Man-in-the-middle attacks.
  •           – Eavesdropping (when optional encryption is used).

How does this work for Automotive?

Industrial requirements specifications are very specific in the Automotive industry – they have a high impact on regular MACsec. Processes for assembly and repair as well as device startup need to be considered for MACsec deployment. This includes the key agreement and key provisioning process that need to be made automotive capable. 

 

Future Outlook

Security will be a crucial topic in the next years, especially with changing regulations. Strengthening and simplifying the security concept: Creating a strong security concept is of highest priority! MACsec enables the best foundation for the securest communication platform possible, whilst having a limited impact on the system. 

We envision future E/E architectures to use MACsec for creating a high performance, scalable, and trustworthy platform. On such a platform, you can deploy faster for future innovations since most security challenges are already solved.

macsec-example 01

Let us help you with the introduction of MACsec on your devices.

Examples include:

     – Technica offers MACsec capable products and tools for testing and prototyping

     – What about the automotive specific changes you need for MACsec? We have developed the first (to our knowledge) cross

        platform MKA SW Module for Automotive

     – Let us help you by simplifying the testing process

System Architecture and Concepts 

We develop new and highly efficient communication system architectures to manage existing and future requirements of OEMs. The development of new architectures includes proof of concepts, validation strategies, and implementation of prototypes. 

We are currently supporting various OEMs from several countries in the development of new zone-based architectures.