SecOC Information Security

From Legacy to Intelligence: Security Challenges and SecOC Solutions for Intra-vehicle Communications

In conventional automotive electronic architectures, the number and complexity of electronic control units (ECUs) in a vehicle is limited, as is the communication bandwidth. Therefore, it is widely believed that the communication between individual ECUs in the vehicle is reliable. As long as an ECU node receives the appropriate message, it will process it. However, as the automotive industry and the Internet continue to evolve and vehicles become more intelligent and connected, this default in-vehicle communication becomes increasingly insecure. If a new node is added to the vehicle's physical bus that sends false signals or tampers with messages sent by other ECUs, such as acceleration, braking, and cornering signals, while the power control ECUs associated with it blindly accept these messages, the vehicle may lose control. Therefore, there is an urgent need to develop a secure and efficient algorithm for verifying the authenticity of messages, confirming the legitimacy of the message sender and whether the data has been tampered with. In this context, the Secure Onboard Communication (SecOC) mechanism has emerged.

SecOC Information Security Solutions

SecOC is the abbreviation of Security Onboard Communication, which is a new basic module added by AUTOSAR from Classic Platform 4.2, and its main function is to provide authentication and prevent replay attacks for data transmission on the automotive embedded network bus.

The SecOC mechanism requires that the SecOC module be implemented between the electronic control units (ECUs) that send and receive Protocol Data Units (PDUs).

During the sending process, the SecOC module generates secure PDUs by adding authentication information to the original PDUs of the protocol that are to be transmitted.This authentication information consists of the Freshness Value (abbreviated as FV) and the Message Authentication Code (abbreviated as MAC).

The Freshness Value Management Module (FVM) is responsible for generating FVs.The FVM is divided into a master FVM (handled by the gateway) and a slave FVM (handled by other ECUs implementing the SecOC mechanism). The former ensures that the FVs at the sending and receiving ends of the PDUs are consistent by sending freshness value synchronization messages to the latter, while the latter sends FV synchronization request messages to the former.

The data identifier of the PDU, the original PDU, and the complete freshness value are concatenated together and then passed to the authentication algorithm to generate the MAC value.

After the receiver receives the secure PDU, it will be verified by the MAC authentication module to verify its freshness and integrity. If the validation is successful, the raw data PDU will be passed to the upper layer application software module; if the validation fails, it will be directly discarded.

This solution is built on the basis of SecOC program, which is designed to authenticate sensitive information in the vehicle.TOSUN SecOC system is built on the basis of our self-developed core software TSMaster and CAN tools, which can meet the testing requirements in the development and production process. Its main functions include master node synchronization message parsing, full freshness value generation, MAC value calculation, security message generation and transmission, receiving and verifying security messages, and fault injection function.

Provide a simple and easy-to-understand interface to help provide customized testing functions

Based on self-developed core software TSMaster and CAN tool realization, it can cover the test requirements in development and production.

SecOC Key Features

● Synchronized message reception
:: Freshness value management
:: Secure messaging
:: Security message reception
:: Fault injection testing

Previous slide
Next slide

Recommended Equipment