Securing Time Critical Traffic in Automotive TSN Networks

The increasing complexity of autonomous and connected vehicles imposes stringent demands on in-vehicle networks for secure, reliable, and real-time communication. Time-Sensitive Networking (TSN) offers deterministic guarantees via time synchronization based on the generalized Precision Time Protocol (gPTP), but gPTP was not originally designed with security in mind. Consequently, TSN systems remain vulnerable to time synchronization attacks that can silently violate latency bounds, disrupt traffic schedules, and impair safety-critical functions. This thesis presents a comprehensive security analysis of automotive TSN, focusing on the detection, prevention, and mitigation of gPTP-based timing attacks. A structured threat model, grounded in RFC 7384 and adapted to automotive use cases, is employed to assess and prioritize potential threats. To experimentally evaluate these threats, two physical testbeds were developed: a gPTP testbed for analyzing synchronization-layer vulnerabilities and a novel automotive TSN testbed incorporating real TSN switches and endpoints. Despite technical challenges, this setup enabled the first hardware-based evaluation of gPTP attacks on TSN guarantees. The experiments revealed and quantified the impact of such attacks, demonstrating severe consequences, including transmission gate misalignment, queue buildup, packet loss, and missed end-to-end deadlines. Security mechanisms from Precision Time Protocol (PTP), Media Access Control (MACsec), and MACsec Key Agreement (MKA) were tested for their effectiveness, performance, and limitations. The evaluation revealed critical shortcomings in authenticating time-critical fields and supporting hardware timestamping. To address detection, a lightweight, machine learning-based Intrusion Detection System (IDS) was developed, capable of identifying rogue master attacks and timestamp manipulation in real time with minimal overhead on embedded Electronic Control Units (ECU)s. To complement detection, a Software-Defined Networking (SDN) prototype was implemented to demonstrate runtime reconfiguration. The SDN controller effectively restored TSN functionality through dynamic Time-Aware Shaper (TAS) schedule updates and gate control list adaptation. The novelty of this work lies in its end-to-end, multi-layered defense architecture for TSN, integrating threat modeling, hardware-in-the-loop testbed experimentation,standard-compliant security mechanisms, and intelligent detection and response. The custom-built automotive TSN testbed, the first of its kind, enables hardware-level validation of synchronization threats and countermeasures. This research contributes toward securing future automotive TSN systems in compliance with ISO/SAE 21434, IEEE 802.1DG, and UNECE WP.29.