An in-vehicle network (IVN) is essentially a miniature Internet within a connected vehicle, coordinating different parts of the car and ensuring a seamless driving experience. In-vehicle components such as ECUs, BCMs, ABS, software modules and sensors pass data between each other to manage various operations, from mission critical ADAS for safe navigation, to winding the window up and down at tollbooths. Beyond the vehicle itself, an in-vehicle network extends to the cloud via built-in modems, enabling two-way communication between the car, the manufacturers and fleet managers, allowing them to deliver best-in-class features and maximize ROI.
Inside IVNs: more data, faster speeds
Modern in-vehicle networks transmit a variety of complex data streams, including engine and drivetrain data such as engine speed and temperature, safety system data such as airbag deployment signals, and body and comfort data such as temperature control settings. These networks also support vehicle-to-cloud telematics like vehicle location, mileage, diagnostics and maintenance. Real-time data from in-vehicle networks allows manufacturers to monitor vehicle health, track location, optimize fleet management, push over-the-air (OTA) updates, and personalize in-car experiences. According to a McKinsey estimate, IVNs can generate up to 25 GB of data per hour1. As automotive technology advances, the growing complexity of onboard data will demand robust data pipes with ample capacity and minimal latency.
Most vehicles traditionally use a combination of protocols for in-vehicle and vehicle-to-cloud data communication like CAN and LIN for low-speed non-critical data, MOST for infotainment and FlexRay for safety-critical data. However, the need to process complex data at faster rates is driving a trend towards incorporating IP and Ethernet as system networks in the vehicle, with IEEE 1722 specifying a method for encapsulating legacy protocols like CAN and LIN within Ethernet packets2. The global automotive Ethernet market is expected to grow from $1.635 billion in 2019 to $4.367 billion by 20243.
Covering a growing attack surface
Today’s connected vehicles with their complex data flows, interconnected components and cloud connectivity open up a multitude of access points for attackers including via USB ports, OBD-II ports and Bluetooth connectivity. For instance, attackers can gain access to IVN through a USB port or malware-laden software update. Once inside, they can manipulate IVN data to disrupt critical ADAS features or delay critical maintenance and updates. Hackers can also intercept sensitive data like current location or overwhelm the IVN with huge volumes of data traffic to render the vehicle’s internal systems unusable. This can result in control failure, accidents, thefts, disappearance from the tracking radar, loss of telemetry and more.
Onboarding DPI for network traffic visibility
ipoque’s next-gen DPI engines, R&S®PACE 2 and R&S®vPACE provide vehicle manufacturers a highly efficient traffic filtering functionality that is suited for compact networks such as IVNs. Boasting one of the lowest memory footprints in the industry, ipoque’s DPI technology can be embedded in network analysis software or IDS/IPS, to inspect in-vehicle network traffic in real-time at wire speed, without overheads to the network. R&S®PACE 2 and R&S®vPACE use advanced traffic classification techniques such as behavioral, heuristics and statistical analysis along with encrypted traffic intelligence (ETI). ETI, powered by ML/DL algorithms and high-dimensional data analysis, delivers visibility into protocols, applications and application attributes, even when network traffic is encrypted. ipoque’s DPI engines also use metadata extraction to capture packet parameters such as speed and latency, enabling advanced analytics and threat detection.
Vehicle under attack: how DPI mitigates threats
DPI’s application awareness combined with flow / packet parameters such as source / destination IP addresses, protocols, port numbers and packet sequence enable accurate identification of the underlying applications. For instance, infotainment traffic involves standard ports and longer session durations to make way for continuous streaming or navigation while critical sensor data only involves short traffic bursts and standardized protocols, such as GVI for video data from ADAS cameras and OPC UA-IP for LiDAR sensor data.
Accurate classification enables DPI to identify malicious data traffic such as malware, C&C and botnet traffic. This information enables in-vehicle monitoring systems to be aware of malicious activities onboard and helps to trigger different levels of safeguards based on data traffic segmentation. For example, active intervention via IPS, IDS and firewalls can be meted out across non-critical applications such as infotainment, allowing immediate blocking or quarantining of infected packets. By the same token, DPI software can also identify rogue applications that have planted themselves in the network to collect and transmit data illegally.
DPI’s continuous data traffic analysis can expose irregularities hidden in the staggering crisscross of information between various components. For example, smart cockpits display ADAS data such as lane departure warning and blind-spot monitoring, in addition to speed, RPM and fuel parameters as well as navigation and climate controls. DPI can enhance the integrity of data transmission between the smart cockpit gateway, mission-critical sensors, telematics app and the manufacturer’s servers through real-time and historic contextual awareness and anomaly detection. For instance, unusual data traffic volumes can indicate a DDoS attack or a system hijack. Similarly, the presence of a new network, be it Bluetooth, Wi-Fi or 4G / 5G, or a new device, can be quickly identified. Unusual transfer of data to and from the vehicle can also be monitored. DPI can also ensure that OTA updates come from legitimate cloud sources, thus narrowing down the attack surface by patching potential attacker entry points.
Real-time visibility unleashes new in-vehicle applications
DPI-powered packet classification enables prioritization for critical data flows and optimization of resources based on predefined policies, for instance, more bandwidth for critical ADAS data compared to infotainment. Apart from this, DPI software can be a valuable tool for network diagnostics and predictive maintenance. Real-time data on latency and RTT helps DPI identify bottlenecks and connection failures, speeding up remote troubleshooting and optimizing network performance. The information also assists automotive manufacturers in complying with regulations such as UN R155 and GB/T.
When it comes to personalization of content provided in the car, DPI’s analytics can help identify user preferences for infotainment and navigation. With these network insights, service providers can cache frequently accessed content in the cloud to reduce buffering times and improve the responsiveness of infotainment features.
A safe journey with DPI
In years to come, integrations with smart cities, experimentation with software-defined vehicles (SDVs) and the rise of in-vehicle AI will exacerbate security and performance challenges faced by IVNs. Car manufacturers must thus ensure end-to-end monitoring and advanced analytics capabilities at wire speed to keep up with increasing bandwidth and latency demands. In such a future, next-gen DPI is necessary for ensuring a smoother, safer and a more enjoyable driving experience, as well as in enabling greater efficiency, innovation and profitability for manufacturers.
Sources:
[1] https://www.eeworldonline.com/what-high-speed-data-means-connected-vehicles/
[2] https://embeddedcomputing.com/application/automotive/vehicle-networking/the-need-for-deep-packet-inspection-in-automotive...
[3] https://www.businesswire.com/news/home/20190705005209/en/Global-Automotive-Ethernet-Market-by-Component-Bandwidth...