Time-Triggered protocols provide high dependability and guaranteed timeliness and are present in many distributed real-time applications today. They provide various services such as clock synchronisation, membership, redundancy management etc. The ever growing demand for dependable real-time systems imposes new requirements on these communication protocols. One of the open challenges is security.Current implementations of time-triggered communication protocols are not focused on security and their protection against malicious attacks is weak or non-existing.
Time-triggered systems are based on a consistent notion of time. The functionality of all essential services in these systems depends on this time, therefore it is of vital importance that the global time is secured against malicious attacks (i.e. unauthorized modification). The main task of this thesis is to design a security layer for the Time-Triggered Architecture (TTA) with a focus on implementing a secure and fault tolerant clock synchronisation algorithm. The approach consists of a platform-independent security layer realized on top of the existing clock synchronisation algorithm provided by the underlying time-triggered communication protocol. In this thesis we use Time-Triggered Ethernet as an implementation platform.
Our security layer protects the global time from many different kinds of malicious attacks like the fabrication, modification, replay, delay or speed up of clock synchronization messages. Our approach is based on an interplay of asymmetric and symmetric ciphers, and provides a high level of security while keeping the resource overhead low. The feasibility of our approach is demonstrated by carefully selected experiments, that show how the time base of unprotected standard time-triggered protocols can be attacked, and how our security layer reliably detects such attacks. Furthermore, various tests have been conducted in an experimental setup in order to measure the computational overhead and the general usage of system resources.