Automation and connectivity are driving the automotive industry forward, and in answer to the growing need for bandwidth, flexibility, and cost-effectiveness, in-car networks are evolving. Ethernet is emerging as a preferred choice. So, what is it and do we need it? Will it have an effect on network architecture, and how will it impact automotive cybersecurity?
What is Automotive Ethernet?
Although Ethernet hasn’t been widely used in the automotive industry until recent years, it’s a mature technology with over 30 years of use in the wider networking market. Developed in the 1970s, it has become the standard for general computer networking around the world. A host of networking protocols and security methodologies have been developed in that time, lending themselves well to the challenges of automotive networking and cybersecurity.
Ethernet should be familiar to most of us. You might find yourself using it to connect your home computer to your router or modem, and if not, you will certainly be aware of Ethernet’s cable-free counterpart, Wi-Fi. Automotive Ethernet is slightly different; a flavor of regular Ethernet, it’s optimized for vehicular use.
Until now, it’s been used primarily for diagnostics, in-vehicle-infotainment (IVI) systems, and connecting remote sensors. Data-heavy, these systems require greater bandwidth to transmit data at the speeds necessary to maintain driver safety—speeds that networks such as CAN and FlexRay are unable to provide. When you consider the growing interest in autonomous vehicles and the connectivity they will require, you begin to see the benefits automotive Ethernet can offer.
Automotive Ethernet offers protection for various in-vehicle systems. (Courtesy of NNG)
What are the benefits?
Autonomous vehicles (AVs) will require a host of connectivity features to function effectively, such as cameras, LiDAR, and traffic-sign recognition. These sensors, which enable vehicle-to-everything (V2X) connectivity, are vital to their success. Thus, the demand for greater bandwidth is set to skyrocket.
Designed to accommodate this demand and offering speeds of up to 100 Mb/s in its current form, Ethernet is soon to reach faster speeds. The IEEE802.3 working group, responsible for automotive Ethernet, is working on a much faster multi-gig standard for the future. Contrast this to the kilobit-per-second and low megabit-per-second speeds offered by CAN and LIN, and you see its appeal.
It has a rival in Media Oriented Systems Transport (MOST), a network that has been primarily used for infotainment and media systems. MOST offers 100- to 150-Mb/s speeds; however, proprietary licensing, restricted access to hardware, and reliance on heavy coax cables, or easily damaged optical fiber, have limited its market.
Ethernet offers greater future potential. It’s built for bandwidth, is available from a wealth of potential providers, and with switch networking, offers greater scalability. It’s also a lightweight and cost-effective solution, using single unshielded twisted-pair (UTP) cabling. Broadcom, the company responsible for introducing the current automotive standard, BroadR-Reach, estimate they can reduce connectivity costs by 80% and cable weight by 30%.
When you consider the cost benefits, alongside the obvious compatibility advantages when connecting vehicles to smart infrastructure, it makes sense that Ethernet would lead the charge in future V2X connectivity. However, increased compatibility with existing infrastructure and networking methods creates new challenges in cybersecurity.
CAN-based cybersecurity offerings focus on protecting the bus from compromised electronic control units (ECUs). While these will still be the core threat to consider with Ethernet networks, the physical switch network architecture and virtual segmentation it utilizes will stir up new issues.
Automotive Ethernet security strategies must involve more than just the detection/override, and drop/redirection of malicious signals. Compared with CAN techniques, handling rogue messages or ECUs properly and effectively means considering the specifics of the network—its architecture, protocols, and applications.
Solutions will require effective data-management techniques and a more complex network-management system. Ethernet and its extensions also deal with network resource management and offer a variety of attack vectors and scenarios, from unused ports, MAC spoofing, and bandwidth abuse, to the more sophisticated, such as TCP hijacking and VLAN hopping, among others. These require more active methods of protection, as well as in-depth consideration of security at the stage that the network architecture is designed.
Simplified drawing of an Ethernet connector.
The flexible and modular structure of Ethernet, offers opportunities to tailor specific security solutions, allowing network architects and security consultants to both preserve and leverage the features that make it so attractive. Furthermore, in the same way that automotive Ethernet is a flavor of traditional Ethernet, OEMs can expect to see automotive adaptations, or flavors, of Ethernet cybersecurity solutions. To take full advantage of this cross-pollination from traditional networking, they should look to a secure automotive security platform to host them.
Rethinking Network Design
It’s likely that automotive Ethernet will replace other in-car networks in the long-term. If not already reached, it’s rapidly approaching adoption targets set by the automotive industry, with driver assistance and network backbone use cases likely to become a functional reality in the near-future.
CAN, CAN-FD, and LIN will probably remain relevant for the near to mid-term. They’re established, cost-effective, and will remain relevant for certain solutions, especially those where low cost and low bandwidth are key design specifications. Network architecture will need to become model-specific, as both low- and high-end vehicles have different needs.
As a result, cybersecurity will need to become a fundamental design consideration. It can no longer be an afterthought or tertiary requirement. Automotive Ethernet is flexible and modular. An effective cybersecurity solution will complement this and be able to evolve with network design. This would mean that car manufacturers wouldn’t need to rethink their solution with every model.
However, in comparison to CAN, automotive Ethernet cyber security is complex, and will require expertise and dedicated central management. No doubt, it’s an exciting time to be involved in the growing field of automotive network security.
Ziv Levi is CEO and found of Arilou Cyber Security.