Enabling the Security of Global Time in Software-Defined-Vehicles (SGTS, MACsec)

The global time that is propagated and synchronized in the vehicle E/E architecture is used in safety-critical, security-critical, and time-critical applications (e.g., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384 [2]. These failures reduce the vehicle availability, robustness, and safety of the road user. IEEE 1588 [3] lists four mechanisms (integrated security mechanism, external security mechanism, architectural solution, and monitoring & management) to secure the global time. AUTOSAR defines the architecture and detailed specifications for the integrated security mechanism “Secured Global Time Synchronization (SGTS)” to secure the global time on automotive networks (CAN, FlexRay, Ethernet). However, there are also external security mechanisms such as MACsec which protect all communication frames (at layer 2) on an Ethernet network. The objective of this paper is to evaluate the need of SGTS in a vehicle E/E architecture. As part of the evaluation, this paper presents the experimental data to demonstrate the impact on the precision of global time with SGTS and MACsec. It describes the constraints that prevent applying the SGTS and/or MACsec on an Ethernet network. It emphasizes the tradeoff between security and precise global time when using SGTS and/or MACsec on an Ethernet network.