Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for protocol independent data unit forwarding. A packet forwarding system receives a data unit comprising a header byte string via an input port. The packet forwarding system parses the data unit based on a header type determined based on the input port, yielding a parsing output describing the header byte string of the data unit. The packet forwarding system updates a metadata item associated with the data unit based on the parsing output and determines a packet forwarding instruction for forwarding the data unit to a destination based on the metadata item associated with the data unit. The packet forwarding system forwards the data unit to the destination based on the packet forwarding instruction and the metadata item associated with the data unit.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for network security using Root of Trust (RoT). A node in the vehicle networking system receives an authentication message from an adjacent node in the vehicle networking system. The authentication message included identifying information of the adjacent node that is digitally signed with a digital signature having been generated using a private key. The adjacent node accessed the identifying information of the second node from a source image authenticated during a secure boot of the adjacent node. The node accesses a public key available to the node and authenticates the adjacent node based on the public key and the digital signature included in the authentication message.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for protocol independent data unit forwarding. A packet forwarding system receives a data unit comprising a header byte string via an input port. The packet forwarding system parses the data unit based on a header type determined based on the input port, yielding a parsing output describing the header byte string of the data unit. The packet forwarding system updates a metadata item associated with the data unit based on the parsing output and determines a packet forwarding instruction for forwarding the data unit to a destination based on the metadata item associated with the data unit. The packet forwarding system forwards the data unit to the destination based on the packet forwarding instruction and the metadata item associated with the data unit.

Abstract: Various embodiments provide for using data encapsulation to extend support of an Audio Video Transport Protocol (AVTP) standard, which can be used in such applications as data network communications between sensors (e.g., cameras, motion, radar, etc.) and computing equipment within vehicles (e.g., smart and autonomous cars).

Abstract: A computer-implemented method is provided for a management entity to detect where a rogue access point is connected to the network infrastructure. The management entity receives from a wireless network controller an indication of an unauthorized frame wirelessly intercepted by an authorized access point. The unauthorized frame carries data between a rogue access point and a wireless client device. The rogue access point is connected to a compromised network element in a managed network at a compromised port of the compromised network element. The management entity extracts a client network address and a gateway network address from the indication of the unauthorized frame. The management entity traces a path through the managed network from a gateway network element associated with the gateway network address to the compromised network element. The management entity determines the compromised port in the compromised network element at which the rogue access point is connected.

Abstract: A computer-implemented method is provided for a management entity to detect where a rogue access point is connected to the network infrastructure. The management entity receives from a wireless network controller an indication of an unauthorized frame wirelessly intercepted by an authorized access point. The unauthorized frame carries data between a rogue access point and a wireless client device. The rogue access point is connected to a compromised network element in a managed network at a compromised port of the compromised network element. The management entity extracts a client network address and a gateway network address from the indication of the unauthorized frame. The management entity traces a path through the managed network from a gateway network element associated with the gateway network address to the compromised network element. The management entity determines the compromised port in the compromised network element at which the rogue access point is connected.