How MACsec Protects the Vehicles of the Future
As Automotive Driver Assistance Systems (ADAS) continue to improve and vehicles become ever more connected, data security is increasingly critical to ensure safety and integrity of the vehicle.
V2X Has Revolutionized the Security Needs of Modern Vehicles
While the automotive industry continues to trend toward highly integrated Software-Defined Vehicles (SDVs), technologies such as MACsec have become more important as concerns about vehicle security grow. In the age of increasing interconnectivity and instability, fears over threats to vehicles have become magnified and with good reason. If a nefarious third party were able to gain access to vehicle controls, untold damage could follow. From unlocking a car in a car park to remote surveillance of drivers and passengers, to taking complete vehicle control while it is in motion, consequences of insufficient security can be severe.
In traditional vehicle designs, tampering typically requires physical access to controls. In contrast, SDVs use Vehicle to Everything (V2X) advanced connectivity, so attacks can potentially be implemented remotely as vehicles are no longer isolated systems. SDVs with V2X continuously exchange safety-critical data with other vehicles, infrastructure and cloud services, which dramatically expands the potential for attacks. This new risk means automakers must ensure vehicles are highly secure to prevent unauthorized access or tampering by external actors. MACsec mitigates a subset of these risks by protecting communication over the physical Ethernet links that connect the devices in the network, securing the In-Vehicle Network (IVN) infrastructure. It does not extend protection to non-Ethernet buses, such as CAN, LIN and ASA, or external interfaces, such as Over-The-Air (OTA) telematics links or diagnostic access, which must be secured by complementary mechanisms.
What Is Media Access Control Security (MACsec), and How Does It Work?
The IEEE 802.1AE standard, commonly known as MACsec, was created to address these safety concerns and provide a Zero-Trust-based, highly secure network architecture. MACsec is a hardware-based line-rate encryption for Ethernet systems that operates at Layer 2 to ensure secure data transit across the IVN. Most other Ethernet security systems begin at Layer 3 or even higher, which leaves a gap of vulnerabilities in the system. This Zero-Trust Architecture continuously authenticates peers and therefore nothing is automatically considered trustworthy based solely on whether they are already within the network’s perimeter.
MACsec as an L2 security is “transparent,” which means the upper communication layers are unaware of this encryption and don’t require alterations to their applications for MACsec to run. This allows MACsec to be deployed fully automatically as a network service and without negative impacts on latency or overall system performance.
MACsec Key Agreement (MKA) is a crucial part of any MACsec implementation, as it manages the process of secure key exchanges. During the MKA process, the key server first identifies peers and then distributes Secure Association Keys (SAKs) to the confirmed peer group to protect the frames and periodically refreshes these SAKs to maintain security. This MKA process is how MACsec can both encrypt and authenticate the Ethernet frames.
Threats Addressed by MACsec
Common Threats | How MACsec Protects |
Message tampering | Integrity Check Value (ICV) |
Data interception | Encryption of all traffic |
Replay attacks | Incrementing packet number |
Impersonation/unauthorized access | MKA |
Man-In-The-Middle (MITM) attacks | Combination of all above protections |
When deployed across a zonal architecture, or IVN system, MACsec enforces origin authentication of every frame and prevents unauthorized Electronic Control Units (ECUs) from successfully receiving/interpreting traffic. Through MKA keys, protected frames can only be decrypted by authenticated peers.
In vehicles, wiring harnesses are often more exposed and vulnerable to physical tampering due to maintenance requirements, making hardware level protection essential. Both MACsec and timing synchronization operate at Layer 2; this means that vehicle applications running over the IVN can rely on the network to be properly synchronized. Protocols such as Precision Time Protocol (PTP) and Time Sensitive Networking (TSN) continue to run over the secure network while the applications remain decoupled. MACsec with MKA is an optimal solution for reducing safety risks by enforcing cryptographic trust at the Ethernet ingress point, preventing unauthorized ECUs from participating in critical, in-vehicle communications.
Beyond automotive implementations, MACsec plays a key role in any system that requires enhanced security to protect data from external threats, such as industrial/building automation, aerospace and defense and robotics. Like in automotive environments, safety and security are critical for these applications, and MACsec can help enable data integrity and system-wide trust. In industrial robotics, MACsec can help prevent unsafe mechanical behaviors caused by attacks, helping with the safety of all persons and property involved.
Standardizing MACsec for 10BASE-T1S
Traditional MACsec is designed to secure Ethernet media, including direct Point-to-Point (P2P) links and shared media, but implementing this type of security in 10BASE-T1S introduces additional challenges because of the multidrop topology of 10BASE-T1S. In a multidrop system, multiple devices share the same bus line, which complicates authentication and key management via MKA due to the stringent requirements in automotive, such as fast boot.
Key Differences Between P2P and Multidrop Topologies in Relation to MACsec
P2P | Multidrop |
|
|
|
|
|
|
The question around standardizing MACsec for use in 10BASE-T1S solutions lies within the organization and system level implementation rather than with MACsec itself. This includes Connectivity Associations (CAs)/ Security Associations (SAs), defining security zones within mixed ECUs and the overall scalability of MKA. While MACsec supports shared media, the MKA process becomes more complex in multidrop topologies with the use of shared group keys, and routine operations such as re-keying could introduce higher latencies.
Latency and other architectural challenges associated with T1S multidrop topologies, particularly with automotive requirements, have delayed standardization, though the technical committee at OPEN Alliance (TC17) has been working hard to complete this standard. Progress is supported by discussion at events such as Plugfest at Automotive Ethernet Congress (AEC). While no formal standardization for using MACsec in 10BASE-T1S systems exists yet, MACsec and MKA concepts for 10BASE-T1S have been successfully demonstrated using software-based MKA implementations. We are among the companies contributing demonstrations and taking part in TC17 and related Plugfest activities to advance standardization.
While MACsec is well-suited and already implemented for switched Ethernet, extending to multidrop networks like 10BASE-T1S requires innovative approaches to key management, group trust and latency control rather than changes to the MACsec dataplane itself.
Our Solutions
Our LAN878x and LAN888x families of 100/1000BASE-T1 Ethernet transceivers are fully featured and include MACsec, TSN and TC10/12 support in addition to functional safety, with enhanced diagnostics beyond ASIL B standards, making them well-suited for infotainment, ADAS, telematics and other IVN applications.
The LAN969x automotive multi-Gigabit TSN Ethernet switches, when paired with a LAN878x or LAN888x as the external PHY, allows the switch to support the MACsec protocol. These switches help enable zonal architecture and industrial automation implementations.
We also offer multi-Gigabit optical Ethernet PHYs (LAN802x, LAN804x, LAN826x), which support MACsec, with options supporting up to 25G and up to four ports, providing an excellent solution for enterprise, 5G and industrial applications.
Our VelocityDRIVE™ Software Platform (SP) provides a turnkey solution for deploying MACsec across an IVN. As a fully integrated switch application, the VelocityDRIVE SP works with our hardware to enable end-to-end MACsec protection, without requiring custom software development. Built-in support for the MKA protocol, together with MACsec-capable drivers across all switch ports and PHYs enables automated MACsec deployment. With this approach, MACsec automatically establishes a secure network across all Ethernet links each time the vehicle is started. The self-managed nature of this MACsec implementation means that beyond initial provisioning of cryptographic keys during vehicle manufacturing, there are no additional development requirements to deploy MACsec throughout the IVN. Automatically securing the network end-to-end with MACsec through the VelocityDRIVE SP shortens design cycles and reduces overall implementation costs.
MACsec addresses link layer security, but long-term cyber resilience also depends on secure lifecycle management after deployment. Firmware Over The Air (FOTA) updates are crucial to help reduce the risk of costly recalls and allow automakers to continuously improve vehicle performance. The VelocityDRIVE SP supports these updates through its dual-bank Flash system, running the current version on one while the new update is securely authenticated and downloaded within the other bank. When the vehicle is next turned on, the system will automatically boot with the new firmware, allowing updates to be installed seamlessly. We also offer secure FOTA update capabilities for automotive applications not using the VelocityDRIVE SP through our TrustMANAGER platform, which helps support the European Cyber Resilience Act (CRA) compliance. The TA101 is a security IC that provides hardware-based cryptographic key storage and features a secure cloud environment with update capabilities via the TrustMANAGER platform.
Looking Forward
As we look toward the future of securing vehicles, regulatory pressures mount as the shift toward Zero-Trust Architecture-based systems continues. Security, when it comes to safety critical applications, cannot be overstated, which is why a continued effort toward interoperability and standardization is essential. While vehicles evolve into distributed, software-defined systems, security must be designed into the network itself. MACsec is a foundational standards-based technology in this transition, enabling secure, scalable and deterministic Ethernet networks essential for SDVs and the V2X era.