Automotive Cyber Security Mechanisms
Status of Standardization and Next Steps
V2.01.00 | 2016-05-09 Agenda
Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary
2 Introduction Vehicle is a Part of the Internet of Things
OEM Suppliers ITS Operator
DSRC OBD
4G LTE
Public Clouds Service Provider
3 Introduction New Features and Business Models
OEM Suppliers ITS Operator Flashing over the air Software as an aftersales product Remote feature activation DSRC OBD Data mining campaigns Autonomous driving
4G Electronic license LTE plate Traffic management Toll collection …
Public Clouds Service Provider
4 Introduction Many different Attack Vectors and Threats
OEM Suppliers ITS Operator Chip tuning Privacy abuse Remote controlled vehicles
DSRC Unlocking of OBD feature sets …
4G LTE
Public Clouds Service Provider
5 Agenda
Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary
6 Security Engineering Security Engineering Lifecycle
Cyber Security does Asset Definition not start or end with cryptography
Threat Analysis and Risk Assessment Similar to functional safety, security needs Penetration Testing Derivation of to be considered Security Goals throughout the Fuzz Testing development process
Security Architecture Design & Analysis Functional Security Testing Automotive specific initiatives for security Security Mechanisms engineering have been Design & Analysis started > SAE J3061
Secure Implementation (Coding Guidelines!) > Joint ISO/SAE standardization group “Automotive Security Incident Management and Response Engineering” started
7 Agenda
Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary
8 Security Mechanisms for Embedded Automotive Systems Layered Security Concept (Logical View) Associated Security Concepts
Secure communication to services outside the vehicle Secure External Communication Intrusion detection mechanisms
Access control
Firewalls Secure Gateways Key management (update, distribution)
Synchronized secure time
Secure In-Vehicle Authenticity of communication Communication Integrity and freshness of communication
Confidentiality of communication
Key storage
Secure boot and secure flash Secure Platform Crypto algorithms
HW trust anchor (HTA)
9 Security Mechanisms for Embedded Automotive Systems Security Mechanisms allocated in Example Architecture
Diagnostic Interface Instrument Head Unit
Cluster DSRC 4G LTE
Powertrain CU DC Central Connectivity Gateway Gateway Chassis DC Laptop
Body Tablet DC
Smart- phone
ADAS Smart DC Charging
Secure Update & Boot Security Event Log Secure On Board Com.
Secure Synchronized Key Infrastructure Secure Off Board Com. Time Manager
Crypto Algorithms Intrusion Detection / Prevention Firewall 10 Agenda
Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary
11 Security Mechanisms in AUTOSAR 4.3 MICROSAR 4.3 Security Modules
Cryptographic Functions Application FVM Crypto Service Manager (CSM) RTE Crypto Interface (CRYIF) SYS DIAG COM Crypto (SW) / Crypto (HW)
SECOC CRYPTO Protection of Onboard Communication
CAN ETH Secure onboard Communication (SECOC) CSM Freshness Value Manager (FVM)
CRYIF
CRYPTO (SW)
MCAL
CRYPTO (HW)
Hardware Trust Anchor (HTA ) Microcontroller
12 Agenda
Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary
13 Advanced Security Mechanisms Security Mechanisms currently not specified by AUTOSAR
Application FVM Key Manager (KEYM) Secure Time Manager (STIM) RTE Security Event Log (SLOG) SYS DIAG COM Firewall Manager (FWM) STIM SLOG IDS FWM SECOC Ethernet Firewall (ETHFW) CRYPTO Intrusion Detection System (IDS)
KEYM CAN ETH Transport Layer Security (TLS)
TLS CSM
CRYIF ETHFW CRYPTO (SW)
MCAL
CRYPTO (HW)
Hardware Trust Anchor (HTA ) Microcontroller
14 Advanced Security Mechanisms Management of Cryptographic Material (Keys, Certificates)
Key Manager (KEYM): Application FVM Receives new cryptographic RTE material (keys, certificates) via diagnostic routines SYS DIAG COM Verifies authenticity, integrity and STIM SLOG freshness of cryptographic material Implements business logic for key lifecycle phases (production, CRYPTO initialization, update, repair, KEYM CAN ETH replacement) Supports derivation of new keys CSM DCM Supports secure distribution of shared secret keys CRYIF Logs security events to SLOG
CRYPTO (SW)
MCAL
CRYPTO (HW)
Hardware Trust Anchor (HTA ) Microcontroller
15 Advanced Security Mechanisms Ethernet Firewall
Ethernet Firewall (ETHFW): Application FVM DENY-ALL Firewall (Whitelist) RTE Post-build loadable support SYS DIAG COM Evaluates filter rules (policy) based on > Ethernet information (VLAN, frame SLOG FWM priority, Ether Type, MAC addresses, next layer protocol) PDUR > AVB information (Stream ID) CRYPTO > IP information (IP addresses, next layer protocol)
CAN ETH > IP protocol (UDP, TCP, RAW) SOAD > UDP/TCP protocol (ports) CSM DCM Logging of non-policy-conform packets TCPIP in tamper proof SLOG CRYIF ETHFW Firewall Manager (FWM): CRYPTO (SW) ETHIF Manages state of individual firewalls MCAL Securely stores and updates firewall filter rules (policies) CRYPTO (HW)
Hardware Trust Anchor (HTA ) Microcontroller
16 Summary Key Points
New features and business models require cyber security as an enabler Security does not start or end with cryptography Security Engineering Layered security concept supports defense in depth AUTOSAR provides improved security stack with AUTOSAR 4.3, but… Further security extensions are required (e.g. Key Management, Firewalls)
Remember to visit the Vector Automotive Cyber Security Symposium 2017/10/12
17 For more information about Vector and our products please visit
www.vector.com
Author:
Dr. Eduard Metzker
Vector Informatik GmbH
18 © 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V2.01.00 | 2016-05-09