Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
© Mitsubishi Electric Corporation
Your company internal use only
Idea’s for securing the Vehicle Information Access API WebSocket approach
Magnus Gunnarsson
Peter Winzell
© Mitsubishi Electric Corporation
Your company internal use only
Agenda
• UseCases introduction
• WebSocket
• CIA security model
– Mapping of UC’s against CIA model
• Man In the Middle attacks
– Certificate Pinning
• ?
© Mitsubishi Electric Corporation
Your company internal use only
Identified API Use Cases
• Inter-process communication
• Inter-ECU communication
• Internet communication
© Mitsubishi Electric Corporation
Your company internal use only
WebSocket
• Not a HTTP protocol
• Uses HTTP handshake as a bridge.
© Mitsubishi Electric Corporation
Your company internal use only
CIA security model
• Interception Confidentiality
• Interruption
• Modification
• Fabrication Integrity
• Interruption
• Modification
• Fabrication Availability
© Mitsubishi Electric Corporation
Your company internal use only
IPC UC
Websocket Service broker
Vehicle Network publisher
Service 1
Service 2
Service 3
Service 4 Service 5
Service 6
Service n
© Mitsubishi Electric Corporation
Your company internal use only
Inter ECU UC
© Mitsubishi Electric Corporation
Your company internal use only
Internet UC
© Mitsubishi Electric Corporation
Your company internal use only
SSL hijacking one example of a Man-in-the-middle attack
Connect to HTTPS site on 443
Replace HTTPS Content with HTTP Content
Connect to HTTPS site on 443
Provide Server Certificate
Communication in clear text Encrypted Communication
© Mitsubishi Electric Corporation
Your company internal use only
Certificate and Public Key Pinning
• What's pinning: – Pinning is a way to re-use the existing protocols and infrastructure but
to use them in a harden way in order to reduce the incidence of man-in-the-middle attacks due to compromised Certification Authorities.
• When should you pin? – Pinning should be done anytime you want to be relatively certain of
the remote host's identity or when operating in a hostile environment.
© Mitsubishi Electric Corporation
Your company internal use only
Certificate and Public Key Pinning
• How does it work – By knowing something about the remote host you can you do not
need to rely on generalized mechanisms meant to solve the key distribution problem
• What to pin? – Certificate
– Public key
• subjectPublicKeyInfo
• RSAPublicKey or DSAPublicKey
[Certificate and Public Key Pinning, https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#What.27s_the_problem.3F]
[RFC7469, https://tools.ietf.org/html/rfc7469#page-24]
© Mitsubishi Electric Corporation
Your company internal use only
Scope for the API Specification