Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
V2.01.00 | 2016-05-09
Status of Standardization and Next Steps
Automotive Cyber Security Mechanisms
2
Introduction
Security Engineering
Security Mechanisms for Embedded Automotive Systems
Security Mechanisms in AUTOSAR 4.3
Advanced Security Mechanisms
Summary
Agenda
3
Vehicle is a Part of the Internet of Things Introduction
4G LTE
OBD DSRC
Suppliers
Public Clouds
Service Provider
ITS Operator
OEM
4
New Features and Business Models Introduction
4G LTE
OBD DSRC
Suppliers OEM
Public Clouds
Service Provider
ITS Operator
Flashing over the air
Software as an aftersales product
Remote feature activation
Data mining campaigns
Autonomous driving
Electronic license plate
Traffic management
Toll collection
…
5
Many different Attack Vectors and Threats Introduction
4G LTE
OBD DSRC
Suppliers OEM
Public Clouds
Service Provider
ITS Operator
Chip tuning
Privacy abuse
Remote controlled vehicles
Unlocking of feature sets
…
6
Introduction
Security Engineering
Security Mechanisms for Embedded Automotive Systems
Security Mechanisms in AUTOSAR 4.3
Advanced Security Mechanisms
Summary
Agenda
7
Cyber Security does not start or end with cryptography
Similar to functional safety, security needs to be considered throughout the development process
Automotive specific initiatives for security engineering have been started > SAE J3061 > Joint ISO/SAE
standardization group “Automotive Security Engineering” started
Security Engineering Lifecycle Security Engineering
Functional Security Testing
Asset Definition
Threat Analysis and Risk Assessment
Derivation of Security Goals
Security Architecture Design & Analysis
Security Mechanisms Design & Analysis
Secure Implementation (Coding Guidelines!)
Fuzz Testing
Penetration Testing
Incident Management and Response
8
Introduction
Security Engineering
Security Mechanisms for Embedded Automotive Systems
Security Mechanisms in AUTOSAR 4.3
Advanced Security Mechanisms
Summary
Agenda
9
Layered Security Concept (Logical View) Security Mechanisms for Embedded Automotive Systems
Secure External Communication
Secure Gateways
Secure In-Vehicle Communication
Secure Platform
Secure communication to services outside the vehicle
Intrusion detection mechanisms
Access control
Firewalls
Key management (update, distribution)
Synchronized secure time
Authenticity of communication
Integrity and freshness of communication
Confidentiality of communication
Key storage
Secure boot and secure flash
Crypto algorithms
HW trust anchor (HTA)
Associated Security Concepts
10 Firewall
Key Infrastructure
Secure On Board Com.
Secure Off Board Com.
Intrusion Detection / Prevention
Security Event Log
Crypto Algorithms
Connectivity Gateway
CU
Instrument
Cluster DSRC 4G LTE
Laptop
Tablet
Smart-phone
Central Gateway
ADAS DC
Smart Charging
Powertrain DC
Chassis DC
Body DC
Secure Update & Boot
Security Mechanisms allocated in Example Architecture Security Mechanisms for Embedded Automotive Systems
Head Unit
Secure Synchronized Time Manager
Diagnostic Interface
11
Introduction
Security Engineering
Security Mechanisms for Embedded Automotive Systems
Security Mechanisms in AUTOSAR 4.3
Advanced Security Mechanisms
Summary
Agenda
12
MICROSAR 4.3 Security Modules Security Mechanisms in AUTOSAR 4.3
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
SECOC
CRYPTO (HW)
CRYIF
CRYPTO (SW)
Application FVM
SYS
Cryptographic Functions
Crypto Service Manager (CSM)
Crypto Interface (CRYIF)
Crypto (SW) / Crypto (HW)
Protection of Onboard Communication
Secure onboard Communication (SECOC)
Freshness Value Manager (FVM)
Hardware Trust Anchor (HTA )
13
Introduction
Security Engineering
Security Mechanisms for Embedded Automotive Systems
Security Mechanisms in AUTOSAR 4.3
Advanced Security Mechanisms
Summary
Agenda
14
Security Mechanisms currently not specified by AUTOSAR Advanced Security Mechanisms
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
CRYPTO (HW)
CRYIF
CRYPTO (SW)
Application FVM
SYS
Key Manager (KEYM)
Secure Time Manager (STIM)
Security Event Log (SLOG)
Firewall Manager (FWM)
Ethernet Firewall (ETHFW)
Intrusion Detection System (IDS)
Transport Layer Security (TLS) KEYM
SLOG FWM
ETHFW
IDS
TLS
STIM
Hardware Trust Anchor (HTA )
SECOC
15
Management of Cryptographic Material (Keys, Certificates) Advanced Security Mechanisms
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
CRYPTO (HW)
CRYIF
CRYPTO (SW)
Application
Hardware Trust Anchor (HTA )
FVM
SYS
Key Manager (KEYM): Receives new cryptographic
material (keys, certificates) via diagnostic routines
Verifies authenticity, integrity and freshness of cryptographic material
Implements business logic for key lifecycle phases (production, initialization, update, repair, replacement)
Supports derivation of new keys Supports secure distribution of
shared secret keys Logs security events to SLOG
KEYM
SLOG
DCM
STIM
16
Ethernet Firewall Advanced Security Mechanisms
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
CRYPTO (HW)
CRYIF
CRYPTO (SW)
Application FVM
SYS
Ethernet Firewall (ETHFW): DENY-ALL Firewall (Whitelist) Post-build loadable support Evaluates filter rules (policy) based on
> Ethernet information (VLAN, frame priority, Ether Type, MAC addresses, next layer protocol)
> AVB information (Stream ID) > IP information (IP addresses, next layer
protocol) > IP protocol (UDP, TCP, RAW) > UDP/TCP protocol (ports)
Logging of non-policy-conform packets in tamper proof SLOG
Firewall Manager (FWM): Manages state of individual firewalls Securely stores and updates firewall
filter rules (policies)
SLOG
DCM
FWM
ETHFW
ETHIF
TCPIP
SOAD
PDUR
Hardware Trust Anchor (HTA )
17
New features and business models require cyber security as an enabler Security does not start or end with cryptography Security Engineering
Layered security concept supports defense in depth
AUTOSAR provides improved security stack with AUTOSAR 4.3, but…
Further security extensions are required (e.g. Key Management, Firewalls)
Remember to visit the Vector Automotive Cyber Security Symposium 2017/10/12
Key Points Summary
18 © 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V2.01.00 | 2016-05-09
For more information about Vector and our products please visit www.vector.com
Author: Dr. Eduard Metzker Vector Informatik GmbH