© 2015 Excelfore. All rights reserved. Excellence in Connected Automotive Solutions
Security Implications on Ethernet Networks for
Connected Cars
Ethernet & IP @ Automotive Technology Day October 28, 2015
Shrikant Acharya, CTO [email protected]
Excellence in Connected Automotive Solutions 2 2
1. Security in Automotive Networks Security Variances Sources of Vulnerabilities
2. Making Automotive Ethernet Secure
Classes of Devices • Linux Headunit • RTOS Sub-Systems (Camera, Tuner) • Smaller Devices (AUTOSAR ECUs)
Security Requirements • Headunit to End-Nodes • Updating Devices to Keep them Secure • Securing OTA (Over the Air) Updates
3. Implementation Considerations
Security Challenges
Excellence in Connected Automotive Solutions 3 3
LIN CAN Flex-Ray MOST EAVB Bandwidth 20-40 Kbps 125-1,000
Kbps 10 Mbps 25-150 Mbps 100 Mbps- 1 G
Cost Very Low Low High High Moderate
Security None Low Isolation-based High High
Application Simple sensors ( Roof, Seat, Climate, Mirror)
Sub-systems (ECU, Power-train, Transmission, Airbags, ABS, Power Steering Windows, Doors)
ECU to ECU, High-Performance Powertrain, Safety (Drive-by-wire, active suspension, adaptive cruise control)
Infotainment Connectivity (Media, Digital Radio, DVD, Front Displays, Rear Displays, Camera)
Lower-cost replacement for Flex-Ray and MOST
Security in Automotive Networks
Sweet Spot
Trending to EAVB due to Cost, Bandwidth, Security
Excellence in Connected Automotive Solutions 4 4
Connected Car is Vulnerable Open to Threats
Potential Threats (sample list) Connectivity & Transmission Threat
USB OBD Bluetooth Wi-Fi V2V Cellular Telematics Manufacturing Plant Dealer Service Station EV Charging Station Supplier Black-box
Threat Types in an Open system Eavesdropping Malware Injection Time-Bomb Attack Cloud Server Attack Denial of Service (DOS) Distributed DOS (DDOS) Malware Attack Virus Attack Javascript Attack 3rd Party Apps, 3rd Party Appstore Adware System Upgrade Unauthorized Access
BT USB Wi-Fi Cellular OBD EV Charging
Excellence in Connected Automotive Solutions 5 5
High-End OS Level: Linux, QNX Processors: 1+ GHz SoC Level: ARM
• Cortex A8, Cortex A15, Cortex A57/A53 • ARM TrustZone
SoC Level: Intel • I7 (Baytrail, Broxton) • Intel TXT (Trusted Execution)
RTOS Sub-Systems
OS Level: FreeRTOS, AUTOSAR, Nucleus, MQX Processors: 200-700 MHz SoC: Cortex R4, Cortex M5 based
• Camera, Tuner With Crypto-engines
Smaller Peripherals
SoC: Cortex M1 Processors: Under 200 MHz
Securing Varied Classes of Devices
Excellence in Connected Automotive Solutions 6 6
Security is about Securing Individual Assets
CAN Gateway
Ethernet Switch
Securing Assets in a Connected Car
Asset 1: Camera
Asset 6 Asset 2: Smart
Antenna
Asset 5: Amplifier
Asset 7: Headunit
Asset 3: Instrument Cluster Asset 8: Rear Displays
Asset 4: Game Player
HMI Input
Excellence in Connected Automotive Solutions 7 7
Hardware Security Modules (HSM)
AES DES/3DES SHA-1 SHA-224 SHA-256
Other Security Measures • Run-time Integrity Checker • Security Controller (including secure RAM and Security Monitor)
HSM
UID
Universal Unique ID
RAND
NIST SP 800-90
Cry
pto
Secure JTAG
Electrical Fuses
Memory Checker
Secure Real-time Clock
Secure Boot
High Assurance
Tamper Resistance
Internal Access
ARM/Intel Trust Zone
Excellence in Connected Automotive Solutions 8 8
Communication Interface ISO17215 Interface for Camera and Tuner
Ethernet Physical Layer
Ethernet MAC + VLAN (802.1Q) + d
IPV6/IPV4
IEEE 1722 (AVTP)
IEEE 802.1AS (gPTP)
UDP
DHCP
API API
Application (layer 7) ISO 17215-3
Presentation (layer 6)
ISO 17215-2
Session (layer 5)
Transport (layer 4)
ISO 17215-4 Network (layer 3)
Data link (layer 2)
Physical (layer 1)
Support- Full
TCP
SOME IP/IP-SD
Support- Partial In Roadmap
HTTPS
CHAP (Authentication)
DoIP TFTP
Excellence in Connected Automotive Solutions 9 9
Port Security USB, OBD, SD, …
Data-Link Security
Headunit to ECU Components Cloud to Headunit
Payload Security
Encryption
Security Updates through OTA
OTA Security
Layered Approach Certificate Verification Signature Verification Authorization Verification
Security Requirements
• Data Link Security, e.g. TLS • Payload Security, e.g. AES • Certificate Management
Excellence in Connected Automotive Solutions 10 10
Developer
Authentication Trust Chain
Certificate Authority
OEM, Tier-1 Certificate Request
Issue Certificate
10001 00101 10001
00101
OTA Server
Verify Developer Certificate
Verify Developer Signature
Verify Developer Authorization
Sign
Developer Signature
Developer Certificate
Server Certificate
Database
Encryption Key
Binary
Create Key
Encrypt Binary
Vehicle
DMClient
Verify Server Certificate
Verify Server Signature
Verify Server Authorization
Meta Data
Decrypt
Encrypted and Signed
Binary Download
Binary
Trust Bundle
Upload Binary with
Certified Signature
Trust Bundle
Request Update
Get
Encryption
Key
Sign Binary
CDN
Update Agents
Excellence in Connected Automotive Solutions 11 11
Excelfore EAVB Camera Module
Ethernet
EAVB Camera
HDR Imager
(22 bits
Resolution)
1M Pixel
Image Stripe Storage ( for Low Latency
encoding)
DMA
Cortex R4 Micro
Channel-1
MJPEG/H.264 (1722 EAVB) Channel-2
Optical Flow, Edge Detect UDP Control + Software Update
BroadR-Reach
Embedded GENIVI
Linux Platform Running
gStreamer
Or PC
Running VLC
Camera Stream Visualization
BroadR-Reach EAVB
Switch MIPI
OS: FreeRTOS SoC: STV0991, 400 MHz (Cortex R4) Stats:
• CPU Performance is 40% of J5 • CPU is low-power • H/W Accelerators for Video and Imager
consumer more power • Camera: 1.7W • 2-wire POD/4-wire BroadR-Reach
Cryptography Engine (AES)
Excellence in Connected Automotive Solutions 12 12
EAVB Antenna/Tuner
AM/FM Tuner
DVB/XM
DSRC
LTE
GPS
Micro-Controller Cortex A5
RTOS
100 Mbps BroadR-Reach & POE
Android Headunit
I2S
RS232
SPI
USB
OS: MQX gStreamer: 1.x SoC: Cortex A5, 500 MHz (16 MB Flash, 1 MB RAM)
Cryptography Engine (AES)
Excellence in Connected Automotive Solutions 13 13
PC Talker H.264- 20 Mbit
HD Stream (1920x1080)
Rear-Seat Entertainment (RSE) Challenge: Video Clock Recovery
(Push-Pull of HDMI Video Encoder PLL)
gPTP Sync
EAVB Switch
MSRP Single VLAN (Xtreme X440)
gPTP Sync
H.264
gStreamer
Embedded Linux-
Cortex A9+ Listener
Vid Clock Recovery
gPTP Sync
H.264
gStreamer
Embedded Linux-
Cortex A9+ Listener
Vid Clock Recovery
Synchronized HDMI Screens
HDMIVGAVSync
HDMIVGAVSync
DHCP
OS: Linux Kernel 2.62 gStreamer: 0.1 SoC: TI Jacinto 5, 1 GHz
(Cortex A8, Cortex M3, DSP, HD Acc, HDMI-out, I2S Ports for Audio)
Cryptography Engine (AES)
Cryptography Engine (AES)
Cryptography Engine (AES)
Excellence in Connected Automotive Solutions 14 14
EAVB Audio
Audio Source
e.g. iPhone radio
Audio Capture Board Input
J5 Talker
AVB Ethernet Switch
Stereo Speakers
Samples Captured @ 48KHz, 2Ch, 16bit PCM
Analog Audio
OS: Linux Kernel 3.14 gStreamer: 1.x SoC: TI Jacinto 5 Entry, 1 GHz
(Cortex A8, I2S for Audio) Stats:
• AVB stack 100K bytes • 13% of CPU running at 1GHz • Effective base AVB stack takes about 100MIPS • Does not include A/V Codecs
Output
Cryptography Engine (AES)
Audio Playback Board
J5 Listener
Cryptography Engine (AES)
Excellence in Connected Automotive Solutions 15 15
Making CAN Secure through Ethernet
Ethernet Switch
CAN-1
CAN-2
Xfer Buffer Encryption, Decryption Communication
Packet Sync
Authentication Parsing
Configuration
CAN, CAN-FD
Secure Ethernet-CAN Gateway
Excellence in Connected Automotive Solutions 16 16
u
© 2015 Excelfore. All rights reserved. Excellence in Connected Automotive Solutions
Thank You
Shrikant Acharya, CTO [email protected]