車聯網的時代來臨，將原本封閉變成開放的網路架構，且車載系統攸關即時車輛安全，傳統的Controller Area Network(CAN)協議已經很難滿足車廠的需求。而車載乙太網路(Automotive Ethernet)是一個可行的解決方案，提供巨量頻寬、良好擴展性且符合成本效益。
在[1]描述一種在CAN協議下針對OBD埠漏洞的無線攻擊。OBD埠能夠連接到車內的CAN網路。受害者在OBD埠安裝OBD埠轉藍芽或WIFI的裝置。接著使用者使用智能手機應用程式連接到OBD埠，測試車輛的基本功能(閃燈、雨刷)是否正常。但是當攻擊者製造了惡意的手機應用程式並且注入攻擊的指令，例如關閉引擎。這導致車輛陷入非常危險的情況。而在車載乙太網路中類似的問題如防火牆沒有擋掉特定的埠，攻擊者似乎可以利用這些漏洞。所以必須建立車內網路的安全協議。
在本篇論文中我們提出一種適用於車載乙太網路的協議。該協議使用橢圓曲線密碼學(Elliptic Curve Cryptograph)來支援多種數位簽章演算法(digital signature algorithm)來驗證對方身份。接著使用EC-ElGamal安全的傳送對稱密鑰。再用HSM加速對稱式加密與提供密鑰的安全儲存空間。我們能動態的更新對稱密鑰，而非在工廠階段與其他ECU預先分享對稱密鑰，並透過HSM的記憶體更新協議將對稱密鑰儲存在安全且非揮發性的記憶體中。
對稱密鑰用在HSM硬體加速的對稱式演算法，如ECB、CBC、CFB等，讓主CPU能夠更專注在即時處理。且為了訊息的完整性也支援訊息驗證碼(message authentication code)。HSM只支援對稱式演算法，為了提高對稱密鑰的安全性，我們需要高計算效率的非對稱加密演算法在兩個ECU之間建立對稱密鑰。於是我們引入了橢圓曲線密碼學來實現ECDSA、EC-ElGamal等驗證身份和傳送對稱密鑰的演算法。
在我們的架構中能夠安全的儲存金鑰，不被任何人獲取非揮發性記憶體中的資訊。也能夠抵擋重放攻擊(replay attack) 因為每次執行記憶體更新協議時，需要將更新密鑰的計數值加一。在HSM的支援下，我們能夠在0.72ms完成一次安全溝通，這對於車內網路的即時性要求是相當足夠。

The rise of the Internet of Vehicles turns the original closed network into an open network architecture, while the in-vehicle system is concerned with real-time vehicle safety and security. The traditional Controller Area Network (CAN) protocol has been difficult to meet the needs of car manufacturers, and Automotive Ethernet (Auto-Ethernet) is a viable solution because Auto-Ethernet provides wide bandwidth and good scalability and is cost-effective.
A wireless attack against the vulnerability of the OBD port in CAN protocol is introduced in [1]. The OBD port can be connected to the CAN network. The user installs an OBD port to Bluetooth or WIFI device on the OBD port. Then users can use the smartphone application to connect to the Bluetooth device to test whether the basic functions of the vehicle (such as flashing lights and wipers) are normal. But when the attacker creates a malicious smartphone application and injects an attack command, such as shutting down the engine, this will cause a very dangerous situation to the vehicle and the driver. In Auto-Ethernet, similar problems like firewalls do not block specific ports may appear to allow attackers to take advantage of them. Therefore, it is necessary to establish secure communication in the in-vehicle network.
In this thesis we propose a protocol that is suitable for automotive Ethernet and uses elliptic curve encryption to support multiple authentication algorithms, secure transmission and storage of symmetric keys, and then uses HSM to accelerate symmetric encryption/decryption. We can dynamically update the symmetric key instead of pre-sharing the symmetric key with other ECUs at the factory stage. And through the HSM memory update protocol, the symmetric key is stored in a secure and non-volatile memory. Symmetric keys are used in hardware-accelerated symmetric algorithms on HSM, such as ECB, CBC, CFB, etc., allowing the main CPU to focus more on real-time processes. And for message integrity, message authentication code is also supported.
HSM only supports symmetric algorithms. In order to improve the security of symmetric keys, we also need asymmetric algorithms with high computational efficiency and low energy consumption to support the establishment of symmetric keys between two ECUs. So we use elliptic curve cryptography to achieve our goal. We implemented the ECDSA identity verification algorithm and the EC-ElGamal transmission symmetric key algorithm by elliptic curve cryptography.
In our architecture, keys can be stored securely, and no one can obtain information about the secure storage space. To resist replay attacks, what we do is that each time the memory update protocol is executed, the count value of the update key is increased by one. With the support of HSM, we can complete a message exchange in 0.72ms, which is quite sufficient for the real-time requirements of the intra-vehicle network.

[1] Samuel Woo, Hyo Jin Jo and Dong Hoon Lee,” A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN”, IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 16, NO. 2, APRIL 2015.
[2] Specification of Secure Hardware Extensions: https://www.autosar.org/fileadmin/user_upload/standards/foundation/19-11/AUTOSAR_TR_SecureHardwareExtensions.pdf
[3] libecc project: https://github.com/ANSSI-FR/libecc
[4] Philipp Mundhenk, Sebastian Steinhorst, Martin Lukasiewycz, Suhaib A. Fahmy, Samarjit Chakraborty, “Lightweight authentication for secure automotive networks”, in Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), pp.285-288,2015.
[5] Taek-Young Youn, Yousik Lee, Samuel Woo, “Practical Sender Authentication Scheme for In-Vehicle CAN With Efficient Key Management”, IEEE Access, pp.86836-86849, May 2020.
[6] Local Interconnect Network: https://en.wikipedia.org/wiki/Local_Interconnect_Network
[7] T.Nolte, H. Hansson, L.L.Bello, ”Automotive communications-past, current and future” in Proc. IEEE Int. Conf. Emerging Technol. Factory Autom., vol. 1, pp. 992-999., 2005.
[8] C. W. Lin and A. Sangiovanni Vincentelli, “Cyber-security for the Controller Area Network (CAN) communication protocol” in Proc. Conf. IASE Int. Conf. Cyber Security, pp. 344–350, 2012.
[9] B. Groza and S. Murvay, “Efficient protocols for secure broadcast in controller area networks” IEEE Trans. Ind. Informa., vol. 9, no. 4, pp. 2034–2042, Nov. 2013.
[10] [FIPS197] NIST/FIPS: Announcing the Advanced Encryption Standard (AES), November 26, 2001 available at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[11] NIST Recommendation for Block 2001 Edition Cipher Modes of Operation Methods and Techniques https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf
[12] D,Hakerson, S.Vanstone, and A.J Menezes, “Guide to Elliptic Curve Cryptography ” , 2004
[13] SP800-38A: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf
[14] One-key MAC: https://en.wikipedia.org/wiki/One-key_MAC
[15] Abhijit Das,” Elliptic-Curve Cryptography (ECC)”, Second International Conference on Mathematics and Computing (ICMC), January, 2015
[16] Nissa Mehibel, M’hamed Hamadouche, “A New Approach of Elliptic Curve Diffie-Hellman Key Exchange”, International Conference on Electrical Engineering – Boumerdes (ICEE-B), October 29-31, 2017
[17] SHE on MPC5746C/MPC5748G: https://docplayer.net/50535522-She-on-mpc5746c-mpc5748g.html
[18] SEC 2: Recommended Elliptic Curve Domain Parameters: https://www.secg.org/SEC2-Ver-1.0.pdf
[19] MPC574xB/C/D/G Family Microcontroller Security Reference Manual. If you want to obtain security reference manual, please contact NXP support team: https://support.nxp.com/s/
[20] MPC5748G Reference Manual: https://www.nxp.com/products/processors-and-microcontrollers/power-architecture/mpc55xx-5xxx-mcus/ultra-reliable-mpc57xx-mcus/ultra-reliable-mcus-for-automotive-industrial-control-and-gateway:MPC574xB-C-G?tab=Documentation_Tab
[21] Elliptic curve point addition in projective coordinates: https://www.nayuki.io/page/elliptic-curve-point-addition-in-projective-coordinates
[22] The Digital Signature Scheme ECGDSA: https://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf
[23] A Note on Signature Standards: https://eprint.iacr.org/2007/357.pdf
[24] The AES-CMAC Algorithm: https://tools.ietf.org/html/rfc4493
[25] DEVKIT-MPC5748G QUICK START GUIDE (QSG): https://www.nxp.com/files-static/32bit/doc/user_guide/DEVKIT-MPC5748G-QSG.pdf
[26] DEVKIT-MPC5748G SOFTWARE INTEGRATION GUIDE (SWIG): https://www.nxp.com/files-static/32bit/doc/user_guide/DEVKIT-MPC5748G-SWIG.pdf
[27] MPC5748G Microcontroller Data Sheet: https://www.nxp.com/docs/en/data-sheet/MPC5748G.pdf