Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robust security architecture, even though security is an essential in future Internet-connected vehicles. In this paper, we augment the SOME/IP service discovery with an authentication and certificate management scheme based on DNSSEC and DANE. We argue that the deployment of well-proven, widely tested standard protocols should serve as an appropriate basis for a robust and reliable security infrastructure in cars. Our solution enables on-demand service authentication in offline scenarios, easy online updates, and remains free of attestation collisions. We evaluate our extension of the common vsomeip stack and find performance values that fully comply with car operations.

翻译：汽车软件化进程不断推进，未来汽车预计将在多用途计算单元上运行面向服务的架构，这些单元通过高速以太网骨干网互连。AUTOSAR架构预置了一种名为SOME/IP的通用中间件，它提供基于以太网和IP的服务原语、接口及应用协议。尽管安全性对未来联网汽车至关重要，但SOME/IP缺乏稳健的安全架构。本文基于DNSSEC和DANE为SOME/IP服务发现补充了认证与证书管理方案。我们论证，部署经过充分验证且广泛测试的标准协议可作为汽车中稳健可靠安全基础设施的适当基础。我们的方案可在离线场景下实现按需服务认证，支持便捷的在线更新，且无认证冲突问题。我们对通用vsomeip协议栈的扩展进行了评估，发现其性能指标完全符合汽车运行要求。