{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T16:00:59Z","timestamp":1782835259594,"version":"3.54.5"},"reference-count":48,"publisher":"MDPI AG","issue":"23","license":[{"start":{"date-parts":[[2021,11,27]],"date-time":"2021-11-27T00:00:00Z","timestamp":1637971200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"The National Key Research and Development Program of China","award":["2017YFB0102502"],"award-info":[{"award-number":["2017YFB0102502"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In recent years, Ethernet has been introduced into vehicular networks to cope with the increasing demand for bandwidth and complexity in communication networks. To exchange data between controller area network (CAN) and Ethernet, a gateway system is required to provide a communication interface. Additionally, the existence of networked devices exposes automobiles to cyber security threats. Against this background, a gateway for CAN\/CAN with flexible data-rate (CANFD) to scalable service-oriented middleware over IP (SOME\/IP) protocol conversion is designed, and security schemes are implemented in the routing process to provide integrity and confidentiality protections. Based on NXP-S32G, the designed gateway is implemented and evaluated. Under most operating conditions, the CPU and the RAM usage are less than 5% and 20 MB, respectively. Devices running a Linux operating system can easily bear such a system resource overhead. The latency caused by the security scheme accounts for about 25% of the entire protocol conversion latency. Considering the security protection provided by the security scheme, this overhead is worthwhile. The results show that the designed gateway can ensure a CAN\/CANFD to SOME\/IP protocol conversion with a low system resource overhead and a low latency while effectively resisting hacker attacks such as frame forgery, tampering, and sniffing.<\/jats:p>","DOI":"10.3390\/s21237917","type":"journal-article","created":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T01:45:02Z","timestamp":1638323102000},"page":"7917","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Design of a CANFD to SOME\/IP Gateway Considering Security for In-Vehicle Networks"],"prefix":"10.3390","volume":"21","author":[{"given":"Zheng","family":"Zuo","sequence":"first","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shichun","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1159-4719","authenticated-orcid":false,"given":"Bin","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bosong","family":"Zou","sequence":"additional","affiliation":[{"name":"China Software Testing Center, Beijing 100038, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yaoguang","family":"Cao","sequence":"additional","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Qiangwei","family":"Li","sequence":"additional","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sida","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jichong","family":"Li","sequence":"additional","affiliation":[{"name":"School of Transportation Science and Engineering, Beihang University, Beijing 102206, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,11,27]]},"reference":[{"key":"ref_1","unstructured":"Mundhenk, P. (2017). Security for Automotive Electrical\/Electronic (E\/E) Architectures. [Ph.D. Thesis, Nanyang Technological University]."},{"key":"ref_2","unstructured":"Andreas, L. (2021, October 06). Trends of Future E\/E-Architectures. Available online: https:\/\/www.gsaglobal.org\/wp-content\/uploads\/2019\/05\/Trends-of-Future-EE-Architectures.pdf."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"100096","DOI":"10.1109\/ACCESS.2021.3093077","article-title":"Requirements-Driven Automotive Electrical\/Electronic Architecture: A Survey and Prospective Trends","volume":"9","author":"Zhu","year":"2021","journal-title":"IEEE Access"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Lee, T.-Y., Lin, I.-A., and Liao, R.-H. (2020). Design of a Flexray\/Ethernet Gateway and Security Mechanism for in-Vehicle Networks. Sensors, 20.","DOI":"10.3390\/s20030641"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Lee, T., Liao, R., Lin, I., and Tsai, J. (2019, January 25\u201330). A Novel Flexray\/Ethernet Gateway for in-Vehicle Networks. Proceedings of the 2019 8th International Conference on Innovation, Communication and Engineering (ICICE), Zhengzhou, China.","DOI":"10.1109\/ICICE49024.2019.9117469"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/s12239-021-0003-9","article-title":"Design and Implementation of Security Function According to Routing Method in Automotive Gateway","volume":"22","author":"Park","year":"2021","journal-title":"Int. J. Automot. Technol."},{"key":"ref_7","first-page":"1294","article-title":"Routing Methods Considering Security and Real-Time of Vehicle Gateway System","volume":"1","author":"Park","year":"2020","journal-title":"SAE Tech. Pap."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"4472","DOI":"10.1109\/TVT.2014.2371470","article-title":"Gateway Framework for in-Vehicle Networks Based on Can, Flexray, and Ethernet","volume":"64","author":"Kim","year":"2015","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1790","DOI":"10.1109\/TC.2017.2700277","article-title":"Vega: A High Performance Vehicular Ethernet Gateway on Hybrid Fpga","volume":"66","author":"Shreejith","year":"2017","journal-title":"IEEE Trans. Comput."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"5737","DOI":"10.1109\/TVT.2016.2636867","article-title":"Flexray and Ethernet Avb Synchronization for High Qos Automotive Gateway","volume":"66","author":"Lee","year":"2017","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Yadav, K., Mittal, V., and Bhat, V. (2020, January 24\u201326). Novel Implementation of a Configurable Gateway between Can and Ethernet Protocol for in-Vehicle Networks. Proceedings of the 2020 First IEEE International Conference on Measurement, Instrumentation, Control and Automation (ICMICA), Kurukshetra, India.","DOI":"10.1109\/ICMICA48462.2020.9242874"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Jo, C., Park, J., and Jeon, J. (2020, January 1\u20133). Multi-Core Gateway Architecture and Scheduling Algorithm for High-Performance Gateway Implementation. Proceedings of the 2020 IEEE International Conference on Consumer Electronics\u2014Asia (ICCE-Asia), Seoul, Korea.","DOI":"10.1109\/ICCE-Asia49877.2020.9276951"},{"key":"ref_13","first-page":"21","article-title":"Cyberattacks and Countermeasures for in-Vehicle Networks","volume":"54","author":"Aliwa","year":"2021","journal-title":"ACM Comput. Surv."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1016\/j.comnet.2018.12.018","article-title":"Cyber Security Challenges and Solutions for V2x Communications: A Survey","volume":"151","author":"Alnasser","year":"2019","journal-title":"Comput. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.adhoc.2018.10.002","article-title":"A Taxonomy and Survey of Cyber-Physical Intrusion Detection Approaches for Vehicles","volume":"84","author":"Loukas","year":"2019","journal-title":"Ad Hoc Netw."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Puhm, A., Roessler, P., Wimmer, M., Swierczek, R., and Balog, P. (2008, January 15\u201318). Development of a Flexible Gateway Platform for Automotive Networks. Proceedings of the 2008 IEEE International Conference on Emerging Technologies and Factory Automation, Seoul, Korea.","DOI":"10.1109\/ETFA.2008.4638435"},{"key":"ref_17","unstructured":"Bella, G., Biondi, P., Costantino, G., and Matteucci, I. (2019, January 27). Toucan: A Protocol to Secure Controller Area Network. Proceedings of the ACM Workshop on Automotive Cybersecurity, Richardson, TX, USA."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Agrawal, M., Huang, T., Zhou, J., and Chang, D. (2019). Can-Fd-Sec: Improving Security of Can-Fd Protocol. Security and Safety Interplay of Intelligent Software Systems, Springer.","DOI":"10.1007\/978-3-030-16874-2_6"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Carel, G., Isshiki, R., Kusaka, T., Nogami, Y., and Araki, S. (2018, January 27\u201330). Design of a Message Authentication Protocol for Can Fd Based on Chaskey Lightweight Mac. Proceedings of the 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW), Takayama, Japan.","DOI":"10.1109\/CANDARW.2018.00057"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1145\/3056506","article-title":"Libra-Can: Lightweight Broadcast Authentication for Controller Area Networks","volume":"16","author":"Groza","year":"2017","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Kang, K., Baek, Y., Lee, S., and Son, S.H. (2017, January 18\u201319). An Attack-Resilient Source Authentication Protocol in Controller Area Network. Proceedings of the 2017 ACM\/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Beijing, China.","DOI":"10.1109\/ANCS.2017.25"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Fassak, S., El Idrissi, Y., Zahid, N., and Jedra, M. (2017, January 1\u20134). A Secure Protocol for Session Keys Establishment between Ecus in the Can Bus. Proceedings of the 2017 International Conference on Wireless Networks and Mobile Communications (WINCOM), Rabat, Morocco.","DOI":"10.1109\/WINCOM.2017.8238149"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Radu, A.-I., and Garcia, F.D. (2016). Leia: A Lightweight Authentication Protocol for Can. 21st European Symposium on Research in Computer Security, Springer.","DOI":"10.1007\/978-3-319-45741-3_15"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"13450","DOI":"10.1109\/TVT.2020.3028880","article-title":"Securing Some\/IP for in-Vehicle Service Protection","volume":"69","author":"Iorio","year":"2020","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1109\/MVT.2020.2980444","article-title":"Protecting in-Vehicle Services: Security-Enabled Some\/IP Middleware","volume":"15","author":"Iorio","year":"2020","journal-title":"IEEE Veh. Technol. Mag."},{"key":"ref_26","unstructured":"ISO (2015). Road Vehicles-Controller Area Network (Can)\u2014Part 1: Data Link Layer and Physical Signalling, ISO. ISO 11898-1:2015."},{"key":"ref_27","unstructured":"ISO, IEC, and IEEE (2018). ISO\/EC\/IEEE International Standard\u2014Part 3: Standard for Ethernet\u2014Amendment 1: Physical Layer Specifications and Management Parameters for 100 Mb\/S Operation over a Single Balanced Twisted Pair Cable (100base-T1), ISO. ISO\/IEC\/IEEE 8802-3:2017\/Amd 1:2017(E)."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Lim, H., Herrscher, D., V\u00f6lker, L., and Waltl, M.J. (2011, January 14\u201316). IEEE 802.1 as Time Synchronization in a Switched Ethernet Based in-Car Network. Proceedings of the 2011 IEEE Vehicular Networking Conference (VNC), Amsterdam, The Netherlands.","DOI":"10.1109\/VNC.2011.6117136"},{"key":"ref_29","unstructured":"IEEE (2010). IEEE Standard for Local and Metropolitan Area Networks\u2014Virtual Bridged Local Area Networks Amendment 12: Forwarding and Queuing Enhancements for Time-Sensitive Streams, IEEE. IEEE Std 802.1Qav-2009 (Amendment to IEEE Std 802.1Q-2005)."},{"key":"ref_30","unstructured":"IEEE (2010). IEEE Standard for Local and Metropolitan Area Networks\u2014Virtual Bridged Local Area Networks Amendment 14: Stream Reservation Protocol (Srp), IEEE. IEEE Std 802.1Qat-2010 (Revision of IEEE Std 802.1Q-2005)."},{"key":"ref_31","unstructured":"IEEE (2016). IEEE Standard for Local and Metropolitan Area Networks\u2014Audio Video Bridging (Avb) Systems\u2014Corrigendum 1: Technical and Editorial Corrections, IEEE. IEEE Std 802.1BA-2011\/Cor 1-2016 (Corrigendum to IEEE Std 802.1BA-2011)."},{"key":"ref_32","unstructured":"IEEE (2011). IEEE Standard for Layer 3 Transport Protocol for Time-Sensitive Applications in Local Area Networks, IEEE. IEEE Std 1733-2011."},{"key":"ref_33","unstructured":"IEEE (2011). IEEE Standard for Layer 2 Transport Protocol for Time Sensitive Applications in a Bridged Local Area Network, IEEE. IEEE Std 1722-2011."},{"key":"ref_34","unstructured":"AUTOSAR (2019). Some\/IP Protocol Specification, AUTOSAR. Autosar Foundation Release R19-11, 696."},{"key":"ref_35","unstructured":"ISO (2011). Road Vehicles\u2014Diagnostic Communication over Internet Protocol (Doip)\u2014Part 1: General Information and Use Case Definition, ISO. ISO 13400-1:2011."},{"key":"ref_36","unstructured":"ISO (2012). Road Vehicles\u2014Diagnostic Communication over Internet Protocol (Doip)\u2014Part 2: Transport Protocol and Network Layer Services, ISO. ISO 13400-2:2012."},{"key":"ref_37","unstructured":"Patzer, A., and Zaiser, R. (2016). Xcp\u2013the Standard Protocol for Ecu Development, Vector Informatik Gmbh."},{"key":"ref_38","unstructured":"V\u00f6lker, L. (2021, October 05). Scalable Service-Oriented Middleware over Ip (Some\/IP). Available online: https:\/\/some-ip.com\/."},{"key":"ref_39","unstructured":"AUTOSAR (2019). Some\/IP Service Discovery Protocol Specification, AUTOSAR. Autosar Foundation Release R19-11, 802."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1080\/19393555.2014.900834","article-title":"Book Review: Stallings, W. Cryptography and Network Security: Principles and Practice","volume":"23","author":"Sklavos","year":"2014","journal-title":"Inf. Secur. J. A Glob. Perspect."},{"key":"ref_41","unstructured":"Bellare, M., Rogaway, P., and Wagner, D. (2021, October 16). A Conventional Authenticated-Encryption Mode. Available online: https:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.480.743&rep=rep1&type=pdf."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Eldewahi, A.E.W., Sharfi, T.M.H., Mansor, A.A., Mohamed, N.A.F., and Alwahbani, S.M.H. (2015., January 7\u20139). Ssl\/Tls Attacks: Analysis and Evaluation. Proceedings of the 2015 International Conference on Computing, Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE), Khartoum, Sudan.","DOI":"10.1109\/ICCNEEE.2015.7381362"},{"key":"ref_43","unstructured":"GENIVI, GENIVI vSOMEIP (2021, October 16). Vsomeip in 10 Minutes. Available online: https:\/\/github.com\/COVESA\/vsomeip\/wiki\/vsomeip-in-10-minutes."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MNET.2017.1600257","article-title":"In-Vehicle Network Attacks and Countermeasures: Challenges and Future Directions","volume":"31","author":"Liu","year":"2017","journal-title":"IEEE Netw."},{"key":"ref_45","unstructured":"Dang, Q. (2021, October 09). Recommendation for Applications Using Approved Hash Algorithms, Available online: https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=911479."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Dworkin, M. (2016). Recommendation for Block Cipher Modes of Operation: The Cmac Mode for Authentication. NIST.","DOI":"10.6028\/NIST.SP.800-38b"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J. (2007). Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (Gcm) for Confidentiality and Authentication. NIST.","DOI":"10.6028\/NIST.SP.800-38c"},{"key":"ref_48","unstructured":"Langley, A., Chang, W., Mavrogiannopoulos, N., Strombergson, J., and Josefsson, S. (2021, October 06). Chacha20-Poly1305 Cipher Suites for Transport Layer Security (Tls). Internet Engineering Task Force (IETF). Available online: https:\/\/www.hjp.at\/doc\/rfc\/rfc7905.html."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/23\/7917\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:36:45Z","timestamp":1760168205000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/23\/7917"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,27]]},"references-count":48,"journal-issue":{"issue":"23","published-online":{"date-parts":[[2021,12]]}},"alternative-id":["s21237917"],"URL":"https:\/\/doi.org\/10.3390\/s21237917","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,27]]}}}