MACsec in Classic AUTOSAR : MACsec Implementation PoC on Classic AUTOSAR ECUs

Sammanfattning: Classic AUTOSAR provides a standardized architecture and guidelines for automotive development. However, it does not include specifications for securing Ethernet communication. The IEEE 802.1AE standard specifies a security standard called Media Access Control Security (MACsec) to protect Ethernet communication. MACsec protected communication requires key agreement between the network peers. IEEE has also standardized this as MACsec Key Agreement (MKA) protocol specified in the 802.1X-2020 standard. This thesis determines the feasibility of incorporating the MKA protocol and MACsec standard in Classic AUTOSAR. For this purpose, we designed and implemented a proof of concept (PoC), having an evaluation board running Classic AUTOSAR communicating via Ethernet with a virtual machine. Classic AUTOSAR has a layered architecture. The PoC developed in this thesis introduces a services module in its basic software layer, which performs MKA protocol and provides MACsec protection. It interacts with the Ethernet interface in the hardware abstraction layer and with the cryptographic service manager (CSM) in the services layer. Furthermore, this thesis evaluates the results to determine that the PoC meets the security requirements and does not violate the Classic AUTOSAR specifications. Based on the design and implementation of this proof of concept, we conclude that it is feasible to incorporate the MKA protocol and MACsec standard in Classic AUTOSAR. This work also mentions the limitations of the PoC and future work required to achieve the goal of having MKA protocol and MACsec standard as a part of Classic AUTOSAR specification.