Automotive Cyber Security Mechanisms

Status of Standardization and Next Steps

V2.01.00 | 2016-05-09 Agenda

 Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary

2 Introduction Vehicle is a Part of the Internet of Things

OEM Suppliers ITS Operator

DSRC OBD

4G LTE

Public Clouds Service Provider

3 Introduction New Features and Business Models

OEM Suppliers ITS Operator  Flashing over the air  Software as an aftersales product  Remote feature activation DSRC OBD  Data mining campaigns  Autonomous driving

4G  Electronic license LTE plate  Traffic management  Toll collection  …

Public Clouds Service Provider

4 Introduction Many different Attack Vectors and Threats

OEM Suppliers ITS Operator  Chip tuning  Privacy abuse  Remote controlled vehicles

DSRC  Unlocking of OBD feature sets  …

4G LTE

Public Clouds Service Provider

5 Agenda

Introduction  Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary

6 Security Engineering Security Engineering Lifecycle

 Cyber Security does Asset Definition not start or end with cryptography

Threat Analysis and Risk Assessment  Similar to functional safety, security needs Penetration Testing Derivation of to be considered Security Goals throughout the Fuzz Testing development process

Security Architecture Design & Analysis Functional Security Testing  Automotive specific initiatives for security Security Mechanisms engineering have been Design & Analysis started > SAE J3061

Secure Implementation (Coding Guidelines!) > Joint ISO/SAE standardization group “Automotive Security Incident Management and Response Engineering” started

7 Agenda

Introduction Security Engineering  Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary

8 Security Mechanisms for Embedded Automotive Systems Layered Security Concept (Logical View) Associated Security Concepts

 Secure communication to services outside the vehicle Secure External Communication  Intrusion detection mechanisms

 Access control

 Firewalls Secure Gateways  Key management (update, distribution)

 Synchronized secure time

Secure In-Vehicle  Authenticity of communication Communication  Integrity and freshness of communication

 Confidentiality of communication

 Key storage

 Secure boot and secure flash Secure Platform  Crypto algorithms

 HW trust anchor (HTA)

9 Security Mechanisms for Embedded Automotive Systems Security Mechanisms allocated in Example Architecture

Diagnostic Interface Instrument Head Unit

Cluster DSRC 4G LTE

Powertrain CU DC Central Connectivity Gateway Gateway Chassis DC Laptop

Body Tablet DC

Smart- phone

ADAS Smart DC Charging

Secure Update & Boot Security Event Log Secure On Board Com.

Secure Synchronized Key Infrastructure Secure Off Board Com. Time Manager

Crypto Algorithms Intrusion Detection / Prevention Firewall 10 Agenda

Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems  Security Mechanisms in AUTOSAR 4.3 Advanced Security Mechanisms Summary

11 Security Mechanisms in AUTOSAR 4.3 MICROSAR 4.3 Security Modules

Cryptographic Functions Application FVM  Crypto Service Manager (CSM) RTE  Crypto Interface (CRYIF) SYS DIAG COM  Crypto (SW) / Crypto (HW)

SECOC CRYPTO Protection of Onboard Communication

CAN ETH  Secure onboard Communication (SECOC) CSM  Freshness Value Manager (FVM)

CRYIF

CRYPTO (SW)

MCAL

CRYPTO (HW)

Hardware Trust Anchor (HTA ) Microcontroller

12 Agenda

Introduction Security Engineering Security Mechanisms for Embedded Automotive Systems Security Mechanisms in AUTOSAR 4.3  Advanced Security Mechanisms Summary

13 Advanced Security Mechanisms Security Mechanisms currently not specified by AUTOSAR

 Application FVM Key Manager (KEYM)  Secure Time Manager (STIM) RTE  Security Event Log (SLOG) SYS DIAG COM  Firewall Manager (FWM) STIM SLOG IDS FWM  SECOC Ethernet Firewall (ETHFW) CRYPTO  Intrusion Detection System (IDS)

KEYM CAN ETH  Transport Layer Security (TLS)

TLS CSM

CRYIF ETHFW CRYPTO (SW)

MCAL

CRYPTO (HW)

Hardware Trust Anchor (HTA ) Microcontroller

14 Advanced Security Mechanisms Management of Cryptographic Material (Keys, Certificates)

Key Manager (KEYM): Application FVM  Receives new cryptographic RTE material (keys, certificates) via diagnostic routines SYS DIAG COM  Verifies authenticity, integrity and STIM SLOG freshness of cryptographic material  Implements business logic for key lifecycle phases (production, CRYPTO initialization, update, repair, KEYM CAN ETH replacement)  Supports derivation of new keys CSM DCM  Supports secure distribution of shared secret keys CRYIF  Logs security events to SLOG

CRYPTO (SW)

MCAL

CRYPTO (HW)

Hardware Trust Anchor (HTA ) Microcontroller

15 Advanced Security Mechanisms Ethernet Firewall

Ethernet Firewall (ETHFW): Application FVM  DENY-ALL Firewall (Whitelist) RTE  Post-build loadable support SYS DIAG COM  Evaluates filter rules (policy) based on > Ethernet information (VLAN, frame SLOG FWM priority, Ether Type, MAC addresses, next layer protocol) PDUR > AVB information (Stream ID) CRYPTO > IP information (IP addresses, next layer protocol)

CAN ETH > IP protocol (UDP, TCP, RAW) SOAD > UDP/TCP protocol (ports) CSM DCM  Logging of non-policy-conform packets TCPIP in tamper proof SLOG CRYIF ETHFW Firewall Manager (FWM): CRYPTO (SW) ETHIF  Manages state of individual firewalls MCAL  Securely stores and updates firewall filter rules (policies) CRYPTO (HW)

Hardware Trust Anchor (HTA ) Microcontroller

16 Summary Key Points

 New features and business models require cyber security as an enabler  Security does not start or end with cryptography  Security Engineering  Layered security concept supports defense in depth  AUTOSAR provides improved security stack with AUTOSAR 4.3, but…  Further security extensions are required (e.g. Key Management, Firewalls)

 Remember to visit the Vector Automotive Cyber Security Symposium 2017/10/12

17 For more information about Vector and our products please visit

www.vector.com

Author:

Dr. Eduard Metzker

Vector Informatik GmbH