Automotive MACsec

What is MACsec?

 

Media Access Control Security (short MACsec) is the state-of-the-art security solution on Ethernet. It provides integrity protection, replay protection, and optional confidentiality protection for nearly all frames transported on Ethernet. In contrast to other available solutions, this includes Unicast, Multicast, and Broadcast messages as well as all protocols running over Layer 2.

Starting up MACsec for Automotive Ethernet
Dr. Lars Völker, Technica Engineering
Jun. 2021 / 7th International VDI Conference – Cyber Security for Vehicles, virtual / English.

  • Advantages:
  •  
  •     – Enables secure transmission of unicast, multicast, and broadcast data.
  •     Allows to protect all protocols virtually, including layer 2 protocols like AVB TP (IEEE 1722).
  •     The smallest attack surface on Ethernet-based links for attacks with physical access to a medium.
  •     HW implementations allow for best performance compared to alternatives, while having the smallest impact on the
  •        host system.
  •     Several standardized authentication mechanisms are available to fulfill different requirements and use cases, if
  •        needed
  •     Protection from the base of the network stack against common attacks:
  •           Manipulation of data on Ethernet links.
  •           Man-in-the-middle attacks.
  •           Eavesdropping (when optional encryption is used).

How does this work for Automotive?

Specific requirements (e.g., on performance, car assembly, and service) are very common in the Automotive Industry – they have a high impact on regular MACsec too. Processes for assemby and repair as well as device startup need to be considered for MACsec deployment. This includes the key agreement and key provisioning process that need to be made automotive capable.

Future Outlook

Security will be a crucial topic in the next years, especially with changing regulations. Strengthening and simplifying the security concept: Creating a strong security concept is of highest priority! MACsec enables the best foundation for the securest communication platform possible, whilst having a limited impact on the system. 

We envision future E/E architectures to use MACsec for creating a high performance, scalable, and trustworthy platform. On such a platform, you can deploy faster for future innovations since most security challenges are already solved.

macsec-example 01

Let us help you with the introduction of MACsec on your devices.

Examples include:

     Considering integrating MACsec in your next architecture? Our team can help you with that as we have done this for 

       others before.

     Do you nee to validate your MACsec concepts or requirements? We can help with consulting, products, and prototyping

       platforms for MACsec.

     Do you need testing and integration support for MACsec? Speed-up your testing and validation with our MACsec test sui

       and hardware tools.

     Need more in-depth know-how?

Contact us for MACsec trainings.

System Architecture and Concepts 

We develop new and highly efficient communication system architectures to manage existing and future requirements of OEMs. The development of new architectures includes proof of concepts, validation strategies, and implementation of prototypes. 

We are currently supporting various OEMs from several countries in the development of new zone-based architectures.