MACsec: The Future is Protected
Media Access Control Security (short MACsec) is the state-of-the-art security solution on Ethernet. It provides integrity protection, replay protection, and optional confidentiality protection for nearly all frames transported on Ethernet. In contrast to other available solutions, this includes Unicast, Multicast, and Broadcast messages as well as all protocols running over Layer 2.
MACsec can be easily offloaded since it was designed with very strong hardware support in mind. This leaves the resources of applications controllers to the applications, while making sure that MACsec runs with the highest speed possible – covering complete link speed and having a very low latency.
Starting up MACsec for Automotive Ethernet
Dr. Lars Völker, Technica Engineering
Jun. 2021 / 7th International VDI Conference – Cyber Security for Vehicles, virtual / English.
Advantages:
- Enables secure transmission of unicast, multicast, and broadcast data
- Allows to protect all protocols virtually, including layer 2 protocols like AVB TP (IEEE 1722)
- The smallest attack surface on Ethernet-based links for attacks with physical access to the medium
- HW implementations allow for best performance compared to alternatives, while having the smallest performance impact on the host system
- Several standardized authentication mechanisms are available to fulfil different requirements and use cases, if needed
- Protection from the base of the network stack against common attacks:
- Manipulation of data on Ethernet links.
- Man-in-the-middle attacks.
- Eavesdropping (when optional encryption is used).
How does this work for Automotive?
Specific requirements (e.g., on performance, car assembly, and service) are very common in the Automotive industry – they have a high impact on regular MACsec too. Processes for assembly and repair as well as device startup need to be considered for MACsec deployment. This includes the key agreement and key provisioning process that need to be made automotive capable.
Future Outlook
Security is a crucial topic for the next years, especially with current and upcoming regulations. Strengthening and simplifying the security concept: Creating a strong security concept is of highest priority! MACsec enables the best foundation for the most secure communication platform possible, whilst having a limited impact on the system.
Future E/E architectures will use MACsec for creating a high performance, scalable, and trustworthy platform. With Security first, you can deploy faster on such platforms since most security challenges are already solved.
Let us help you with the MACsec introduction.
Examples include:
- Considering integrating MACsec in your next architecture? Our team can help you with that as we have done this for others before.
- Do you need to validate your MACsec concepts or requirements? We can help with consulting, products, and prototyping platforms for MACsec.
- Do you need testing and integration support for MACsec? Speed-up your testing and validation with our MACsec test suite and hardware tools.
- Need more in-depth know-how? Contact us for MACsec trainings.
System Architecture and Concepts
We develop new and highly efficient communication system architectures to manage existing and future requirements of OEMs. The development of new architectures includes proof of concepts, validation strategies, and implementation of prototypes.
We are currently supporting various OEMs worldwide in the development of new zone-based secure architectures.