FAQ 770: Secure Onboard Communication (SecOC) – Usage with the Ethernet Configuration Package

Question

How to use SecOC with the Ethernet Configuration Tool.

Solution

Secure onboard communication is a key AUTOSAR protocol designed to ensure secure communication between electronic control units (ECUs) in automotive systems. It is used to authenticate and verify the integrity of messages (PDUs) exchanged between ECUs using freshness values, e.g., to prevent replay attacks.

This FAQ provides a step-by-step guide for configuring SecOC communication using the dSPACE Ethernet Configuration Package. The instructions are based on the SecOC demo, which is available upon request from dSPACE.

To configure SecOC for an Ethernet communication, follow these steps:

1. Open the Ethernet Configuration Tool and create a configuration.

After you import a communication cluster file containing secured IPDUs in the Ethernet Configuration Tool, the authentic IPDUs are displayed in the Communication Cluster Data pane.

The following illustration shows the SecOC properties of an authentic TX IPDU as an example:

2. Activate SecOC and add a Usercode ID.

To implement secure onboard communication, you must enable SecOC support for the project and provide the OEM-specific implementation for generating and/or verifying authentication information via user code.

For the User code identifier, enter the value defined in the user code, which contains the encryption and decryption algorithms. This value is specified using #define DS_BUS_CUSTOM_FEATURE_NAME <UserCodeID> in the UserCode_SecOC.c file.
 

/* Start of feature parameter definition, must be at the beginning of the file, before all includes, etc. */
#define DS_BUS_CUSTOM_FEATURE_NAME SecOC /*
End of feature parameter definition */

#include <DbusCustomCode_SecOC.h> /*

Place your code below */

In general, C or C++ code that contains user-specific algorithms can be used. You can use user-specific algorithms to provide additional functionality to the Ethernet Configuration Package, for example, for generating authentication information in secure onboard communication (SecOC) scenarios.

A user code implementation consists of a source file (C, CPP) and optional include files (H, HPP), such as header files.

3. Set controller settings according to your hardware and generate the code.

4. Create a ConfigurationDesk project.

5. Add the user code file in ConfigurationDesk before building the real-time application.

For custom source files, add the following files:

  • DsAes.c
  • DsCmac.c
  • UserCode_Csm.c
  • UserCode_Fvm.c
  • UserCode_SecOC.c
  • UserCode:SecOCHelper.c
  • DsTimeManager.cpp
     

6. Create a ControlDesk project, connect your hardware, import the generated file, and find SecOC variables.

You get access to authentication data and status information on the verification of secured I-PDUs at run time in ControlDesk.

dspace-ethct_secoc_demo-2025_11.zip

ZIP, 11259.6 KB

Download

Tags

Date 2025-11-18
Information Type Frequently Asked Questions

Stay up-to-date with our dSPACE direct newsletter service.

With our dSPACE newsletter service, we will keep you informed about current use cases and new solutions and products, as well as trainings and events. Sign up here for a free subscription.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.