MICROSAR Cyber Security

4Th VECTOR INDIA CONFERENCE 2019

V0.2 | 2019-07-25 Cybersecurity Realization in u Automotive Systems Basics of Cryptography Use Cases Secure Onboard Communication Cybersecurity Architecture Secured Communication Configuration Configuration of Security Manager in CANoe Vector Company Overview

Cybersecurity Realization in Automotive Systems

© 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Realization in Automotive Systems Goals of Cyber Security

u Authenticity: u Confidentiality: Allows to determine whether someone or Ensures that the necessary level of secrecy is something is, in fact, who or what it is declared enforced and prevents unauthorized disclosure of to be. information.

u Integrity: u Availability: Allows to assure the accuracy and reliability of Availability protection ensured reliability and information and allows to prevent or detect timely access to data and resources to authorized unauthorized modification individuals

3 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Realization in Automotive Systems Layered Security Concept – The logical view Associated Security Concepts Secure External Communication u Secure communication to services outside the vehicle Secure External Secure Off Board Com. Communication

u Intrusion detection mechanisms

u Firewalls Secure Gateways u Key Infrastructure / Vehicle PKI

Secure In-Vehicle u Authenticity of messages Communication u Integrity and freshness of messages Secure On Board Com. u Confidentiality of messages

u Key storage

u Secure boot and secure flash Secure Platform u Crypto library

u HW trust anchor (HTA)

u E.g. : HSM ( Hardware Security Modules )

4 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Realization in Automotive Systems Security Mechanisms in Vehicle Architecture

Diagnostic Interface Head Unit Instrument DSRC 4G LTE Cluster

Powertrain CU DC Central Connectivity Gateway Gateway Chassis DC Laptop

Body Tablet DC

Smart- phone

ADAS Smart DC Charging

Firewall Monitoring / Logging Secure On Board Com. Secure Flash/Boot Key Infrastructure

Hypervisor Secure Off Board Com. Crypto Primitives Intrusion Detection / Prevention Download Manager 5 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Realization in Automotive Systems Cyber Security Lifecycle

Asset Definition

Security Validation Threat and Risk Assessment

Penetration Testing Derivation of Security Goals

Fuzz Testing

Security Architecture Design & Analysis Functional Security Testing Cyber Security does Security Mechanisms not start or end with Design & Analysis cryptography:

Similar to Safety, Secure Implementation of Nominal Function and Security needs to be Security Mechanisms an integrated part of the development Incident Management and Response process

6 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Realization in Automotive Systems Safety & Security - Interdependency

Dependable Automotive Systems

Accident Attack

Functional Safety Cyber Security

Protection against risks Protection against risks from technical failures from malicious actions

7 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Realization in Automotive Systems Hardware Support - Hardware Trust Anchors Hardware Security Module (HSM) Secure Hardware Extension (SHE)

Controller Secure Zone

SHE – Secure Hardware Extension AES Control CPU Logic RAM + Flash + ROM

Peripherals (CAN, UART, ...)

Cybersecurity Realization in Automotive Systems u Basics of Cryptography Use Cases Secure Onboard Communication Cybersecurity Architecture Secured Communication Configuration Configuration of Security Manager in CANoe Vector Company Overview

Hash Functions Symmetric Cryptography

100110110001101 001001010110011 110011000110011 0101110… 101101101.. 101101101..

Enc(x) Dec(x)

Q?“D/7L$§.. Q?“D/7L$§.. Q?“D/7L$§..

H(x) Message Authentication Code (MAC)

Hashed Message-Authentication-Code (HMAC): Uses a hash function and a secret (symmetric) key.

Cipher-based Message-Authentication-Code (CMAC): |10011011001101110| Use a block cipher (e.g. AES) and the key

10 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Basics of Cryptography Asymmetric Cryptography

u Asymmetric cryptosystems are based on a key pair owned by a party.

u The key pair consists of a public key and a private key. u Public key can be known by the public. u A Private Key shall never be shared.

u Messages can be 101101101.. u encrypted with the public key and the cipher function M‘=E(M, Kpub). k D(M’) E(M) public u decrypted with the decryption function and the private key M=D(M‘, Kpriv) kprivate u There is no way the private key can be calculated. Q?“D/7L$§..

11 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Basics of Cryptography Asymmetric vs. Symmetric Cryptography

Symmetric Asymmetric

Key One single secret key Key pair (One public and one private key)

Key length Relatively short Relatively long

Data throughput rate Very fast especially with HW support Always much slower than symmetric

Secrecy Secret has to be shared with each Secret (private key) is kept to its involved communication partner owner, public key is shared

Key management Complexity grows with number of Complexity is linear with number involved communication partners of number of communication partners

12 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Basics of Cryptography Digital Signature - Principles

Goals : authenticity and integrity of data

u The originator needs to have a generated Public-Private key pair.

u The originator uses the following process to generate a signature u Calculate Hash Value for the Data u Resulting hash value is encrypted using the private key of the originator u Signature is appended to the data and sent over to the user

u The user uses the following signature verification process u Decrypts the hashed value with the originator's public key u calculates the hash of the data u compares the hashed data and decrypted hashed value u If they are the same, then the authenticity and integrity of data can be assured

[1] u Standards for Digital Signatures are set forth in FIPS 186

13 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Basics of Cryptography Certificates

Certificates

u … used to identify communication partners

u … contains signed personal characteristics of the owner (name, place, …)

u … can be restricted to a limited period of time, service and location.

u … can be provided by a „Trusted Authority“ (TA) or „Certificate Authority“ (CA)), which is the trust anchor and has built the signature within the certificate.

T1 T2

14 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Basics of Cryptography Certificates - Example for Automotive PKI

OEM Root Certificate, Root CA Kpub CA Self signed Issuer tbsCert Kpub CA Kpriv CA Signature C

Sign(Root CA) = SignAlgo( tbsCert (Root CA), K(Priv RootCA) )

Platform CA Tester CA K K Issuer pub PCA Issuer pub TCA

Kpub PCA Kpub TCA K K Signature C priv PCA Signature C priv TCA

Sign(PlatformCA) = SignAlgo( tbsCert (PlatformCA), K(Priv RootCA) ) Sign(TesterCA) = SignAlgo( tbsCert (TesterCA), K(Priv RootCA) )

Car Cert Tester Cert K K Issuer pub car Issuer pub Tester K pub car … Kpub Tester … K K Signature C priv car Signature C priv Tester

Sign(CarCA) = SignAlgo( tbsCert (CarCA), K(Priv PlatformCA) ) Sign(CarCA) = SignAlgo( tbsCert (CarCA), K(Priv TesterCA) )

15 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Basics of Cryptography Transport Layer Security (TLS 1.2)

u Application data can be reliably exchanged on an IP based Network by the Transport Control Protocol (TCP), but, TCP does neither ensure privacy, nor integrity of the exchanged data.

u To protect a TCP connection, the Transport Layer Security Protocol (TLS 1.2, RFC5246) can be used.

u Privacy is ensured by Symmetric Cryptography (e.g. AES). u Data integrity is ensured by a Hash-based Message Authentication Code (H-MAC). u The encryption and H-MAC computations are using temporary secret keys bound to TLS 1.2 session. u Authenticity of the server is always ensured by a Digital Certificate (X.509v3). u Optionally the client can be authenticated, too.

TLS_ECHDE_ECDSA_WITH_AES_128_CBC_SHA256

Digital Signature Algorithm Hash Algorithm

Key Exchange Algorithm Symmetric Encryption Algorithm

Cybersecurity Realization in Automotive Systems Basics of Cryptography u Use Cases Secure Onboard Communication Cybersecurity Architecture Secured Communication Configuration Configuration of Security Manager in CANoe Vector Company Overview

17 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Use Cases Example: HMAC for flash programming

Calculated Flashfile HMAC

Verify Hash Hash

ksecret Flash data Transferred Flash- HMAC Flashfile HMAC download Boot ksecret

Hash Hash function ksecret: Secret key HMACHMAC Keyed-Hash Message Authentication Code (FIPS PUB 198)

18 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Use Cases Example: Digital Signature for flash programming

kprivate Flashfile

MAC-E Verify MAC-I H Code

kpublic kprivate RSA H RSA Flash data

Flash- SIGN Flashfile SIGN download Boot

19 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Use Cases Usage Example: Communication between tester and vehicle

u Certificates are used for an authentic communication

u They can be used for the following purposes: u Tester to car:

> Usage of CertTester and CertCar for communication. > Car requests the revocation list of tester serial number from backend. > Option: If revocation list cannot verified at the moment, only restricted operations by the tester are allowed.

Example: Revocated?

OEM

Generate Generate C

Kpub CA

Kpub PCA CAR Tester Kpub Tester Kpub TCA Send C C

Kpriv car

20 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication Goals

integrity authenticity

ECU 1 ECU 2 ECU 1 ECU 2

21 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication AUTOSAR SecOC

ECU 1 ECU 2

data

freshness value authenticated message

MAC generator

MAC

BUS

MAC=Message Authentication Code

22 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication AUTOSAR SecOC

ECU 1 ECU 2

data data freshness value MAC freshness value authenticated message

MAC

BUS

23 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication AUTOSAR SecOC

ECU 1 ECU 2

data data freshness value MAC authenticated message freshness value

MAC generator

MAC

BUS

24 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication AUTOSAR SecOC

ECU 1 ECU 2

MAC authenticated message

MAC

BUS

25 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication Freshness Value Manager (FvM)

u AUTOSAR does not specify the calculation/synchronization of the freshness value.

u Instead a generic callout to a Freshness Value Manager (FVM) component is provided

u FVM specification is left to the OEM

26 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication Freshness: Replay of authenticated messages

ECU 1 ECU 2

27 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication Freshness: Replay of authenticated messages

ECU 1 ECU 2

28 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication Freshness: Replay of authenticated messages

ECU 1 ECU 2

29 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secure Onboard Communication Concepts of Freshness

u Message counter based freshness (MCBF) u Trip counter based freshness (TCBF)

ECU 1 ECU 2 ECU 1 ECU 2

trip counter reset counter message counter

u Time stamps u Hybrid system: time stamp & message counter

ECU 1 ECU 2 ECU 1 ECU 2

Cybersecurity Realization in Automotive Systems Basics of Cryptography Use Cases Secure Onboard Communication u Cybersecurity Architecture Secured Communication Configuration Configuration of Security Manager in CANoe Vector Company Overview

32 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Architecture MICROSAR Cyber Security Solution

u Crypto Service Manager – CSM > Services can be called by SWCs SWC/Application FVM > Configuration of cryptographic keyelements FBL Application > Configuration of cryptographic services RTE LIBS SYS u Crypto Interface – CRYIF CALCSM (CPL) HIS Security Module SecOC > Supports dispatching of security jobs to HW or SW Complex Runtime Protection crypto drivers Driver CRYIF Update Authorization

Crypto(SW) COMSecure Update Manager

u Crypto Driver – Crypto (SW/HW) > Implementation of cryptographic functions MCAL Crypto(HW) CDD > Crypto (SW): Usage of SW-libraries > Crypto (HW): Usage of resources and capabilities Microcontroller Sec. BootmanagerHTA (HSM) of HW-Trust Anchors (SHE, HSM, TPM,…)

33 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Architecture Interaction of the AUTOSAR Application, BootLoader with Vector HSM

Host Core of ECU HSM Core of ECU

HSM Application FBL Application Secure SWC/Application Mode FVM Boot Custom Manager Manager Secure Secure Repro- Boot gramming

RTE Job Crypto Primitive Manager Dispatcher

CSM SecOC

SYS Cry Cry Cry Cry CryLib KeyM TRNG AES …

CRYIF Vector Crypto Lib COM OS SYS

FBL Crypto (HW) MCAL Crypto (HW) MCAL IPC FLS TRNG AES …

Microcontroller Inter Process Communication (IPC) HW Trust Anchor

CSM Job Handling : CSM Keys Job Priority Key Synchronous job CSM Queues Priority Asynchronous job Sync/Async CSM keys Queue Callback function CSM queues CSM Primitives CSM primitives Primitive

Crypto Service Module

CSM

Job Job Queue

Crypto Interface

CryIF Channel

Driver Obj Crypto Driver

35 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Architecture Scheduling of Asynchronous Jobs

u Upon calling CSM service function, the job is added into the queue Application/RTE u Scheduling and execution in CSM mainfunction

Csm_Encrypt(jobId, data…)

CSM Queue1 Csm_MainFunction u Sort job wrt. their priorities

u Synchronously call Driver Object to process the job with highest priority CryIf

u After job finishes, call callback function & Channel1 remove the job from the queue Crypto

Driver Obj1

Low High Job priority

36 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Cybersecurity Architecture Crypto Driver objects & CSM Keys

u Crypto Driver :

Cryptographic capabilities

Primitives

Driver Obj1

Cybersecurity Realization in Automotive Systems Basics of Cryptography Use Cases Secure Onboard Communication Cybersecurity Architecture u Secured Communication Configuration Configuration of Security Manager in CANoe Vector Company Overview

38 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secured Communication Configuration

Flow of Secured Receive Frame :

data COM

FvM SecOC CSM data FV MAC FV MAC CryIF data FV MAC PDUR

CANIF data FV MAC Crypto

data FV MAC CAN

CAN Bus data freshness value MAC authenticated message

39 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secured Communication Configuration SecOC Configuration

User can select the Freshness calculation function

User can configure Call back function, which will be called based on each individual PDU propagation Mode

40 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secured Communication Configuration AES primitive configuration for MAC calculation :

SecOC ID has been considered from CAN ID

Here user can decide for verification result propagation / Call backs

41 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Secured Communication Configuration Key Configuration:

CryIF Key CSM Key Cry Key

This is the Symmetric Key , which should be same in both sides In this example , same key should be configured in the Canoe Security profile

42 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Configuration of Security Manager in CANoe Testing : Enabling Analysis and Test of Secured Networks

u CANoe Fuzz Testing Crypt o Mat erial u Available: for selected Provider Pilot Customers

OEM Securit y Cloud u Security Manager Def ault Car2X Securit y Sources Backend Adapt er Adapt er u Available: (OEM specific)

Securit y Manager

Device Vect or Tools CANoe CANalyzer . . . under Test

Int erf ace Bus Syst em

43 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 Vector Company Overview Application Areas and Product Examples

Development of Distributed Systems PREEvision

Embedded Software and Systems MICROSAR, CANbedded, VC ECU, Customer Projects

Testing CANoe, CANalyzer, vTESTstudio, VT System, Logger, VectorCAST

Diagnostics CANdelaStudio, Indigo, vFlash, CANoe.DiVa

ECU Calibration CANape, VX1000, vCDM, vADASdeveloper, ASAP2 Tool-Set

Measurement Technology vMeasure exp, vSignalyzer, vMDM, MDF4 Lib, Analog Measurement Devices

Consulting Consulting Services, Engineering Services

44 © 2019. Vector Informatik India Private Limited. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V0.2 | 2019-07-25 More information ! Visit our Website for : > News > Products > Demo Software > Support > Workshops > Contact Addresses

www.vector.com Author: Subrahmanyam Namdikam Vector Informatik India Limited