|
|
Subscribe / Log in / New account

Linux and automotive computing security

Linux and automotive computing security

Posted Oct 10, 2012 21:24 UTC (Wed) by iabervon (subscriber, #722)
Parent article: Linux and automotive computing security

I'm not convinced by those examples of systems that need to bridge the security-critical and IVI networks; all of the stability-control-related systems (plus stability control itself) seem critical, likewise cruise control, while none of the door-lock things are. It seems to me that you would need a device that listened to the critical bus and report to the non-critical bus, so that the CD player could tell when the car is in motion. However, as far as I can tell, this device doesn't need to do able to affect the critical bus.

I'm not clear as to the intent of suggesting an IP network instead of the CAN network, in any case; IP is not at the same protocol layer. You could switch from CAN to ethernet, but you'd need a custom switch (which knows which sensors are where and what's most important) in order to avoid having the denial of service problem be at least as bad. Sure, you couldn't have the CD player tell the brakes they shouldn't engage, but you couldn't really keep the CD player from pushing 100Mb of audio data at the brakes so packets from the brake pedal don't get through. And CAN has the security advantage that you can build your CD player with a CAN PHY that is only able to use low-priority IDs. It's practically impossible for an ethernet PHY to know that it would be flooding the network.

to post comments

Linux and automotive computing security

Posted Oct 10, 2012 21:50 UTC (Wed) by bjencks (subscriber, #80303) [Link] (1 responses)

Actually, it's not that hard to do proper QoS with modern switches. Just mark all packets coming from the CD player at a lower priority than the ones coming from the brake system. You can even have the devices emit tagged packets and restrict them to a subset of available priorities.

Or you could put in extra point-to-point links between each especially critical pair of devices. With IP, it's not very hard to just add an extra host route down a different pipe; it doesn't have to have the overhead that a whole new bus would.

This doesn't even get into the possibilities of using non-ethernet transport, some of which can provide more strictly managed performance guarantees.

Linux and automotive computing security

Posted Oct 10, 2012 22:36 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

So CD player can instead spam all other subsystems? And going to PtP links is distinctly a step back.

Never mind that you now need a complex IP stack capable of supporting PKI on each freaking sensor. If that's not a definition of madness, then I don't know what is.

CAN bus is fine for what it does. It's GREAT. The problem is, it's an internal bus that's being abused to interface with external systems.

Adding PKI to each sensor is like adding PKI to your hard drive to fight against computer viruses.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds