{"title":"用正式和实用的方法分析和保护某些/IP汽车服务","authors":"Daniel Zelle, Timm Lauser, Dustin Kern, C. Krauß","doi":"10.1145/3465481.3465748","DOIUrl":null,"url":null,"abstract":"Automotive Ethernet is increasingly used in modern vehicles and complements or replaces legacy bus systems such as CAN. Ethernet also enables service-oriented communication with the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. In this paper, we present a formal and practical security analysis of Scalable service-Oriented MiddlewarE over IP (SOME/IP), the identified Man-in-the-Middle (MITM) attacks, and propose two security extensions. The attacks are possible even if SOME/IP is used in combination with link layer security mechanisms. The attacker can impersonate a service offering server and a service consuming client. The two most common communication methods, request/response and publish/subscribe, are both vulnerable. In most communication scenarios, we are able to route all messages over the attacker. Our security extensions for authentication and authorization of service provisioning and usage protect against these attacks. We formally analyze the security and evaluate the overhead with practical implementations.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Analyzing and Securing SOME/IP Automotive Services with Formal and Practical Methods\",\"authors\":\"Daniel Zelle, Timm Lauser, Dustin Kern, C. Krauß\",\"doi\":\"10.1145/3465481.3465748\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automotive Ethernet is increasingly used in modern vehicles and complements or replaces legacy bus systems such as CAN. Ethernet also enables service-oriented communication with the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. In this paper, we present a formal and practical security analysis of Scalable service-Oriented MiddlewarE over IP (SOME/IP), the identified Man-in-the-Middle (MITM) attacks, and propose two security extensions. The attacks are possible even if SOME/IP is used in combination with link layer security mechanisms. The attacker can impersonate a service offering server and a service consuming client. The two most common communication methods, request/response and publish/subscribe, are both vulnerable. In most communication scenarios, we are able to route all messages over the attacker. Our security extensions for authentication and authorization of service provisioning and usage protect against these attacks. We formally analyze the security and evaluate the overhead with practical implementations.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3465748\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3465748","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analyzing and Securing SOME/IP Automotive Services with Formal and Practical Methods
Automotive Ethernet is increasingly used in modern vehicles and complements or replaces legacy bus systems such as CAN. Ethernet also enables service-oriented communication with the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. In this paper, we present a formal and practical security analysis of Scalable service-Oriented MiddlewarE over IP (SOME/IP), the identified Man-in-the-Middle (MITM) attacks, and propose two security extensions. The attacks are possible even if SOME/IP is used in combination with link layer security mechanisms. The attacker can impersonate a service offering server and a service consuming client. The two most common communication methods, request/response and publish/subscribe, are both vulnerable. In most communication scenarios, we are able to route all messages over the attacker. Our security extensions for authentication and authorization of service provisioning and usage protect against these attacks. We formally analyze the security and evaluate the overhead with practical implementations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
