A study of securing in-vehicle communication using IPSEC protocol

Current vehicles are increasingly dependent on Electronic Control Units (ECUs) that control virtually every system of the vehicle. To enable advanced features automotive embedded systems are opening to external world, which raises security concerns. At the same time these innovative systems require more complex software and higher bandwidth for information exchange. Thanks to its bandwidth, payload size, and openness, Ethernet is a candidate technology for future in-vehicle architectures. This paper deals with design of a novel approach to secure In-vehicle Systems by taking advantage of Ethernet/IP technology and proven security mechanisms from TCP/IP model. Main goal is to design an efficient solution that meets requirements for latency without requiring high amounts of processing power and provides secure exchange of control messages. The work is mainly focused on the widespread Controller Area Network (CAN). The presented solution is based on encapsulation of CAN frames into UDP datagrams with added authenticity, integrity, and (if required) confidentiality of communication using IPsec protocol in transport mode. This creates a “secure tunnel across backbone Ethernet network in a vehicle. Next part of the paper presents extensive tests in simulation that are based on our previous experiments on hardware, in order to evaluate the characteristics of the designed security extension. The results indicate that using IPsec is a viable solution for securing in-vehicle communications.

TAKE-IoT

The goal of this work is to develop a key exchange solution for IPsec protocol, adapted to the restricted nature of the Internet of Things (IoT) components. With the emergence of IP-enabled wireless sensor networks (WSNs), the landscape of IoT is rapidly changing. Nevertheless, this technology has exacerbated the conventional security issues in WSNs, such as the key exchange problem. Therefore, Tiny Authenticated Key Exchange Protocol for IoT (TAKE-IoT) is proposed to solve this problem. The proposed TAKE-IoT is a secure, yet efficient, protocol that responds to several security requirements and withstands various types of known attacks. Moreover, TAKE-IoT aims to reduce computation costs using lightweight operations for the key generation. The proposed protocol is validated using the automated validation of internet security protocols and applications (AVISPA) tool. Hence, results show that TAKE-IoT can reach a proper level of security without sacrificing its efficiency in the context of IoT.

Simulation of Cryptographic Algorithms in IPSec on Ad-Hoc Networks

This paper focuses on secure data communication between nodes in Ad-Hoc networks by employing IPSec (Internet Protocol Security). In wireless communication, Ad-Hoc network is a new paradigm since, which is used for highly sensitive and emergency operations. Ad-Hoc network is considered a number of mobile nodes that are connected through wireless interfaces and moves arbitrarily. Ensuring security is one of the main issues due to its infrastructure less solutions. This research aims for IPSec protocol that provides security for an Ad-Hoc networking in a various applications. IPSec incorporates security model, i.e. AES (Advanced Encryption Standard) into its framework. In this work, we consider the problem of incorporating security mechanisms to securing data communication for Ad-Hoc networks. We look at AODV routing protocol (Ad-Hoc On-Demand Distance Vector) in detail and it is used for secure routing. Simulation of IPSec protocol is simulated using NS-3 simulator. Results from NS-3 simulator is compared with AH, ESP, and AES in terms of Quality of Service parameters throughput, average processing time and average end-to-end delay.

Application and Study of Virtual Private Network Base on L2TP-IPSec

Using IPSec protocol and VPN technology can be in the open, insecure public network, build a safe and stable communication channel, ensure the safety of data transmission. The communicating peers should implement mutual ID authentication prior to the building up of IPSec channel. Traditional way of IPSec ID authentication is based on “Pre-shared keys”, it has lower security. It makes a detaied analysis on the key technologies in VPN based on IPSec. A design of the IPSec ID authentication building VPN based on certificate is proposed. Finally, in the VMWare simulation experiment has been carried out on the design, experimental results show the design is safe, steady operation and easy to implement.

SYNTHESIS OF STRUCTURES OF OPERATING DEVICES IMPLEMENTATION CRYPTOGRAPHIC ALGORITHMS IPSEC OF OPTIMIZED FOR MEDIA PACKAGES PROCESSIN

In the paper the operating device of IPSec protocol optimized for treatment media of packages is investigated. Analytical expressions which describe time of media packages processing depending on the parameters of operating device structure are offered, the mathematical model of operating device of IPSec processor is developed. On the basis of mathematical model, with the purpose of reduction of delay and jitter, which rise up during the generation of media package, software is developed for optimization of structures descriptions of processor IPSec operating device. The row of the optimized structures of operating device is got for different services of given IPSec treatment at different technological descriptions of component base. The analysis of results allowed to set that in most cases, the least time of treatment media of packages is observed at iterative and iterative-conveyer realization of IPSec operating device.