Macsec in car communication

How to achieve secure in-car communication

The use of sensor-centric communication and computer devices in vehicles is expanding for a range of purposes, including vehicle monitoring, wiring reduction, and driving assistance ECUs as ADAS. As a result, in-vehicle communication has become an essential component of today's driving environment.

Many security solutions currently in use primarily rely on protocol-specific security measures which do not necessarily provide a comprehensive security framework for in-vehicle communication. 

Here we look at new advancements in technology with a focus on automotive cybersecurity solutions for in-vehicle communication.

How is car communication evolving?

Today’s era allows us to experience the tremendous development of in-vehicle automotive technologies. Modern intelligent vehicles are now considered to be cyber-physical systems with capabilities to connect with external infrastructures.  

This in-vehicle technology of intelligent vehicles should not be compared to mechanical
systems, but to the integrated architecture that consists of millions of lines of complex code to provide a variety of real-time information to occupants within the vehicle. These advancements in in-vehicle communication technologies enable more refined in-vehicle dashboard-centric communications.

The numerous electronic control units (ECUs) installed in the vehicle communicate vital information. Since each separate component has a different requirement for bandwidth and latency, the complexity level of in-vehicle networks also increases as the number of ECUs in advanced modern automobiles rises. 

The developments in wireless technologies are used by connected car technology to communicate with other vehicles, infrastructure, and other portable devices. Intelligent vehicles result from the use of advanced information, data, and communication technology through onboard vehicle sensors. 

Automobile manufacturers must continue to prioritize safety as communication technology develops. 

What does Automotive Ethernet mean?

Faster data throughput and more reliable networks are necessary as more sensors, controls, and interfaces use more bandwidth. Automotive Ethernet is a physical layer standard designed for use in vehicle connectivity applications.

Standard Ethernet requires two twisted pairs of cables, one for transmitting data and one for receiving it. This is the main distinction between automobile Ethernet and ordinary Ethernet. Automotive Ethernet, in contrast, uses a single twisted pair that simultaneously transmits and receives. Additionally, Automotive Ethernet employs a particular kind of signal encoding to transmit the most data possible while utilizing the least amount of bandwidth.

The main advantage of this protocol is the reduced wiring cost since it supports switched network technology.

What are the benefits of using Ethernet in-vehicle communication?

The communication requirements within vehicles have become far more complex to fulfill drivers' evolving needs. The large volume of ECUs required to control everything from power steering to remote maintenance has become untenable. Ethernet is the obvious choice to support the outdated technology currently utilized in vehicles and to serve as the foundation for the new, highly-connected vehicles due to its power, simplicity, and scalability.

The following advantages will result from the transition to automotive Ethernet:

  • Ethernet in-vehicle communication provides increased capacity and flexibility for integration with cloud services and consumer products.
  • Highly connected vehicles will be safeguarded from viruses and hackers by advanced security mechanisms
  • Multiple Controller Area Network buses (CAN bus) aggregated to one Ethernet link will provide significantly higher throughput rates (up to 10 Gbps). Less wiring will be required, and installation and maintenance expenses will be reduced
  • With ethernet's plug-and-play capabilities, new components can be easily connected (and older ones can be disconnected) when they are upgraded or added
  • Real-time communication and the simultaneous transmission of less important data will be supported by time-sensitive networking (TSN) and quality of service (QoS).

Automotive ethernet will drive advancing in-car communication for next-generation vehicle functions.

What is MACsec?

Media Access Control security (MACsec) provides point-to-point security on Ethernet links. 

MACsec is defined by IEEE standard 802.1AE. The MACsec protocol provides point-to-point security of data between Ethernet-connected devices and it can secure data communications between two devices without interfering with the number of devices or networks. 

When MACsec is enabled, the two connected devices exchange and verify security keys to establish a continuous secure link and protect transmitted data by using a combination of data integrity checks and encryption.

How does MACsec protect ethernet communication?

The fast growth in connectivity among transportation facilities integrated with new advanced technologies, such as V2X communications, has resulted in the widening of security gaps, allowing attackers to gain access to the in-vehicle network.

MACsec functionality can be implemented between two devices or between client and devices. 

MACsec refers to a series of trusted entities (SecY) composed of network nodes, with each node or SecY entity having a unique key linked to its Ethernet source address. To achieve secure key distribution across the network, MACsec is typically used in conjunction with IEEE 802.1X-2010 or Internet Key Exchange (IKE), and it is appropriate for Ethernet topologies such as star or bus LAN, as well as point-to-point systems. 

MACsec supports hardware-based protection for almost all communication on Automotive Ethernet. It protects the communication on the ISO/ OSI layer 2 – the Data Link layer or the Medium Access Control layer; hence, giving it the name MACsec. This is achieved by protecting the Ethernet message with a so-called SecTag and the Integrity Check Value.

Download our white paper for further insight on using MACsec to protect Ethernet communication. 

MACsec can detect and prevent the majority of security threats, such as denial of service, man-in-the-middle, intrusion, passive wiretapping, masquerading, and playback attacks.

Vehicle manufacturers should implement MACsec security on the most vulnerable Ethernet links exposed to the outside world. It provides integrity protection and confidentiality security for nearly all frames transported on Ethernet. MACsec is a low-cost security technology in the Automotive Security toolbox for in-vehicle communication.

UTIMACO has accumulated a wealth of experience in securing data and devices for more than two decades and has created a distinct offering by recognizing the importance of Key Provisioning as a Foundation for Automotive MACsec.

Find out more about Key Provisioning for Automotive MACsec in our white paper.



To find more blog posts related with below topics, click on one of the keywords:

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.