Abstract
With the introduction of Advanced Driver Assistance Systems (ADAS), modern vehicles are equipped with numerous sensors, significantly increasing data communication within the in-vehicle network. However, the limited bandwidth of the Controller Area Network (CAN) poses challenges for high-speed sensor data transmission. To address this, automotive ethernet is emerging as a replacement for CAN, enabling the efficient transmission of large volumes of data, such as from cameras and LiDAR. Supporting this transition, SOME/IP (Scalable Service-Oriented Middleware over IP) has been introduced as middleware to enable service-oriented communication through Request/Response and Publish/Subscribe mechanisms. Despite its advantages, SOME/IP lacks essential security measures, such as authentication and encryption, making it vulnerable to attacks, including man-in-the-middle attack scenarios where attackers inject fake SOME/IP messages. However, existing security approaches, such as group key-based protocols and pairwise key-based methods utilizing authentication servers, present limitations. Group key-based methods are not secure against node compromise attacks, while pairwise key-based approaches face single point of failure issues due to their reliance on authentication servers. To address these challenges, this paper proposes a domain key-based secure SOME/IP protocol. By leveraging domain keys, the proposed approach limits the impact of node compromise attacks to the specific domain of the compromised node, while eliminating the single point of failure problem. Experimental results demonstrate that the session establishment time increases by only 5-10 ms, and the message transmission time increases by up to 115 ms compared to the existing group key-based SOME/IP protocol.