Future Ethernet-based E/E architectures will need powerful security features. Automotive firewalls will therefore have an important role to play in monitoring and controlling in-vehicle communication networks. CycurGATE is a high-performance Automotive Ethernet/IP firewall developed by ESCRYPT that is integrated directly into the Ethernet switch.
Ethernet-based E/E architectures with distributed domains will lead to an increase in the flow of data between individual vehicle components and a huge rise in data volumes and transfer rates. Continuous monitoring of in-vehicle network communications will therefore play a key role in any cyber security solution.
The CycurGATE automotive firewall from ESCRYPT is integrated directly into the Ethernet switch. It offers protection against denial-of-service attacks and also constitutes the domain structure at all levels of the Ethernet and IP stack – via packet filter, stateful packet inspection (SPI) and deep packet inspection (DPI). The firewall also supports segmentation of the network into virtual subnetworks (VLANs).
Gatekeeper and router of on-board communication
Integrated directly in the Ethernet switch, the firewall monitors the entire packet flow without causing any interference with the host controller or individual ECUs. Based on a design that can be tailored and scaled as required, the firewall can be used on the switch either as a library or as a stand-alone solution.
Thanks to its well-balanced hardware/software co-design, the firewall solution reaps maximum benefits from the hardware acceleration on the switch. The switch hardware and software are algorithmically so interwoven that CycurGATE can process the vast majority of data packets at wire speed.
“The automotive Ethernet firewall promotes cyber security in two different ways,” says Dr. Thomas Wollinger, managing director of ESCRYPT GmbH. “First, it acts as a kind of gatekeeper, preventing unauthorized network access to the E/E architecture. Secondly, it operates as a router, managing authorized on-board communication right through to the application level.”
The communications policy can be customized as required, including whitelisting and blacklisting. A wide range of configuration options make it easy and affordable to integrate CycurGATE in a range of Automotive Ethernet-based E/E architectures.