ASTRID - Accompagnement spécifique des travaux de recherches et d’innovation défense

Résilient TSN – ResTSN

Submission summary

Thousands or event hundreds of sensors, actuators and calculators are currently embedded in modern vehicles. They are constantly exchanging messages, trough one of several real-time networks, and these messages are requires for the correct behavior of the system. These networks handle data flows with very different characteristics. The IEEE society has defined a real-time extension of Ethernet, called TSN (Time Sensitive Networking). It allows unifying the architectures by offering several mechanisms. In case of failure of some elements of the network, some of the communications are lost, leading to a global system failure or at least degradation. The aim of the project is to work on the resilience of such network, and to allow a network suffering from some degradation to reconfigure itself in order to continue to provide the core of its services. Such adaptation mechanism already exists in communication networks, but the challenge comes here from the real-time requirements. In a degraded situation, it is not sufficient to serve all flow in a blind best effort way. Some flows have a greater importance than others for the global service, i.e. they are more critical. But one can not simply map criticality into priorities and to a per priority schedule. First because Ethernet and TSN networks only have 8 levels of priority. But mostly because in real-time networks, a scheduling based on priorities is not sufficient to offer good real-time properties (otherwise, the 8 priority levels of Ethernet would have been sufficient.

The challenge is to reconfigure the network with the remaining resources. But computing a reconfiguration is quite different from computing a configuration at system design. First, the new configuration must be as identical to the previous one as possible. The reason is that it is better not to modify the parameters of the date flows that are not directly impacted by the faults (is its criticality is high enough to keep the resources it uses). Second, this configuration must be computed on-line, that is to say in a few seconds, using the embedded computing power, whereas at design, one may use hours of computation of dedicated computers. Moreover, this reconfiguration will be easier if the initial configuration has been designed to be reconfigurable.

But adding new mechanisms always increases the attack opportunities. In TSN, it exists a central network configuration element, and a central user configuration element. The system design must prevent an attacker to signal as faulty some element in nominal state, in order to push the system in a degraded situation. One must also prevent an attacker to endorse the identity of a configuration element and so, deploy a faulty configuration on a nominal network (for example, by sending messages to the wrong destination, or forcing all flow to cross a single element, leading to overload, buffer overflow and message losses).

The aim of the project is to make TSN resilient, i.e. to define reconfiguration algorithms and reconfigurable architectures, without adding new attack opportunities.

Project coordination

Marc Boyer (Office National d'Etudes et de Recherches Aérospatiales (ONERA) - Centre Toulouse)

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.

Partner

TRT Thales Research & Technology
ONERA - Centre Toulouse Office National d'Etudes et de Recherches Aérospatiales (ONERA) - Centre Toulouse

Help of the ANR 299,554 euros
Beginning and duration of the scientific project: - 36 Months

Useful links

Explorez notre base de projets financés

 

 

ANR makes available its datasets on funded projects, click here to find more.

Sign up for the latest news:
Subscribe to our newsletter