Automotive Ethernet is considered the backbone network of future vehicles owing to its high bandwidth, high throughput, and low cost. With the appearance of the connected car environment, in-vehicle networks (e.g., automotive Ethernet) are now connected to external networks (e.g., 3G/4G/5G mobile networks), enabling an attacker to perform an attack using automotive Ethernet vulnerabilities. Unfortunately, security problems have not been treated appropriately in automotive Ethernet. In this paper, we propose a security protocol for automotive Ethernet. The protocol has two secure modules: Key Distribution (KD) and Secure Communication (SC). During start-up phase, KD distributes keys to all legitimate ECUs. During the communication phase, SC provides the following important baseline security primitives: data confidentiality and data authenticity. We evaluate the effectiveness and real-time performance of the proposed security protocol using CANoe software and a MPC5646C microcontroller. Results show that the proposed security protocol can improve the defense ability of automotive Ethernet on the premise of meeting the real-time requirements.