A study of securing in-vehicle communication using IPSEC protocol

Current vehicles are increasingly dependent on Electronic Control Units (ECUs) that control virtually every system of the vehicle. To enable advanced features automotive embedded systems are opening to external world, which raises security concerns. At the same time these innovative systems require more complex software and higher bandwidth for information exchange. Thanks to its bandwidth, payload size, and openness, Ethernet is a candidate technology for future in-vehicle architectures. This paper deals with design of a novel approach to secure In-vehicle Systems by taking advantage of Ethernet/IP technology and proven security mechanisms from TCP/IP model. Main goal is to design an efficient solution that meets requirements for latency without requiring high amounts of processing power and provides secure exchange of control messages. The work is mainly focused on the widespread Controller Area Network (CAN). The presented solution is based on encapsulation of CAN frames into UDP datagrams with added authenticity, integrity, and (if required) confidentiality of communication using IPsec protocol in transport mode. This creates a “secure tunnel across backbone Ethernet network in a vehicle. Next part of the paper presents extensive tests in simulation that are based on our previous experiments on hardware, in order to evaluate the characteristics of the designed security extension. The results indicate that using IPsec is a viable solution for securing in-vehicle communications.

TAKE-IoT

The goal of this work is to develop a key exchange solution for IPsec protocol, adapted to the restricted nature of the Internet of Things (IoT) components. With the emergence of IP-enabled wireless sensor networks (WSNs), the landscape of IoT is rapidly changing. Nevertheless, this technology has exacerbated the conventional security issues in WSNs, such as the key exchange problem. Therefore, Tiny Authenticated Key Exchange Protocol for IoT (TAKE-IoT) is proposed to solve this problem. The proposed TAKE-IoT is a secure, yet efficient, protocol that responds to several security requirements and withstands various types of known attacks. Moreover, TAKE-IoT aims to reduce computation costs using lightweight operations for the key generation. The proposed protocol is validated using the automated validation of internet security protocols and applications (AVISPA) tool. Hence, results show that TAKE-IoT can reach a proper level of security without sacrificing its efficiency in the context of IoT.

Simulation of Cryptographic Algorithms in IPSec on Ad-Hoc Networks

This paper focuses on secure data communication between nodes in Ad-Hoc networks by employing IPSec (Internet Protocol Security). In wireless communication, Ad-Hoc network is a new paradigm since, which is used for highly sensitive and emergency operations. Ad-Hoc network is considered a number of mobile nodes that are connected through wireless interfaces and moves arbitrarily. Ensuring security is one of the main issues due to its infrastructure less solutions. This research aims for IPSec protocol that provides security for an Ad-Hoc networking in a various applications. IPSec incorporates security model, i.e. AES (Advanced Encryption Standard) into its framework. In this work, we consider the problem of incorporating security mechanisms to securing data communication for Ad-Hoc networks. We look at AODV routing protocol (Ad-Hoc On-Demand Distance Vector) in detail and it is used for secure routing. Simulation of IPSec protocol is simulated using NS-3 simulator. Results from NS-3 simulator is compared with AH, ESP, and AES in terms of Quality of Service parameters throughput, average processing time and average end-to-end delay.

Application and Study of Virtual Private Network Base on L2TP-IPSec

Using IPSec protocol and VPN technology can be in the open, insecure public network, build a safe and stable communication channel, ensure the safety of data transmission. The communicating peers should implement mutual ID authentication prior to the building up of IPSec channel. Traditional way of IPSec ID authentication is based on “Pre-shared keys”, it has lower security. It makes a detaied analysis on the key technologies in VPN based on IPSec. A design of the IPSec ID authentication building VPN based on certificate is proposed. Finally, in the VMWare simulation experiment has been carried out on the design, experimental results show the design is safe, steady operation and easy to implement.

Research of the Experimental Teaching about IPSec Protocol Based on Transport Pattern

As a result of the limitation of teaching equipment hardware conditions, server configuration and management of the experimental teaching is hard to finish involving multi-homed host and multiple IP subnets network experiment. Aimed at the problem existing in the experimental teaching and the characteristics of the server configuration and management courses use the VMware virtualization technology to build a virtual network to IPSec protocol based on transport pattern between multiple subnets experiment teaching. A real trial of experimental teaching is conducted among the 12-year students majoring in computer network in Zheng zhou Normal University, and the students provide a good feedback.