ESCAR Presentation: Current Status of the AUTOSAR Security

Transcription

 AUTOSAR Security Modules
Current Status
V1.00 | 2015-05-27
Agenda
2/40
1.
AUTOSAR
2.
CAL & CSM
3.
SecOC
AUTOSAR
Introduction

Automotive Open System Architecture
 Software for electronic control units (ECU)
Software architecture
SWC/Application
RTE
SYS
COM
LIB
MCAL
CDD
Microcontroller
3/40
AUTOSAR
Introduction
Software component (SWC) / Application
 Implementation of functionality of ECU
 Runs on microcontroller
 Sends & receives data to and from other ECUs (in network)
SWC/Application
Microcontroller
4/40
AUTOSAR
Introduction
Run time environment (RTE)
 Provides interface to basic software (BSW)
SWC/Application
RTE
Microcontroller
5/40
AUTOSAR
Introduction
System services (SYS) and libraries (LIB)
 Cryptographic modules
Operating system (OS)
Complex device drivers (CDD)
SWC/Application
RTE
SYS
LIB
CDD
Microcontroller
6/40
AUTOSAR
Introduction
Communication modules (COM)
 send & receive data on automotive bus systems
>
>
>
>
>
Controller Area Network (CAN)
Local Interconnect Network (LIN)
FlexRay
Ethernet
...
SWC/Application
RTE
SYS
COM
LIB
CDD
Microcontroller
7/40
AUTOSAR
Introduction
Microcontroller abstraction layer (MCAL)
 BSW & SWC independent of microcontroller
SWC/Application
RTE
SYS
COM
LIB
MCAL
CDD
Microcontroller
8/40
AUTOSAR
Motivation for security modules in AUTOSAR
New security challenges
 Automotive software plays central role in car innovations
 Car connectivity will provide an essential part for value-added features
Car security – strict and secure access control to…
 … the car and its parts (ECU)
 … sensitive car data (odometer, motor characteristic)
 … passenger’s data (GPS)
 … intellectual property of the OEM
9/40
AUTOSAR
AUTOSAR security modules
CAL & CSM
 Basic cryptographic primitives for BSW and application
SecOC
 Authenticated communication seamlessly integrated into the AUTOSAR
communication stack
10/40
Agenda
11/40
1.
AUTOSAR
2.
CAL & CSM
3.
SecOC
CAL & CSM
Introduction
Crypto Abstraction Library – CAL

BSW, CDD or SWC use CAL by
inclusion

Memory allocated by caller
 Enables re-entrance
SWC/Application

RTE
CAL
Crypto Primitive Library – CPL
SW implementation of
cryptographic primitives
CRY
Crypto Service Manager – CSM

SWC use CSM through RTE

BSW/CDD use CSM by inclusion

Asynchronous operation possible
 Callback indicates application
LIB
SYS
CSM
CPL
CRY
COM
SHEDRV
MCAL
Microcontroller
CDD
SHE
Crypto library module – CRY

12/40
Implementation of cryptographic
primitives

Usage of SW or crypto HW possible
CAL & CSM
Supported Cryptographic Services

Abstract definition of cryptographic services

No definition for a concrete cryptographic algorithm
Basic Cryptography
13/40

Hash

Message
authentication
code (MAC)
 Generation
 Verification

Random number
generation

Encryption/
Decryption
 Symmetric
 Asymmetric

Signatures
Key Management
Miscellaneous

Key derivation
function (KDF)

Compression/
Decompression

Key generation,
update*, export,
import

Checksum

Key exchange
protocols
*Csm only
CAL & CSM
Cryptographic Service Configuration
AsymEncryptService
SymEncryptService
AsymEncrypt_1
SymEncrypt_1
RSA2048
AsymEncrypt_2
RSA4096
14/40
AES
SymEncrypt_2
TwoFish

Individual configuration of each required service

Set of distinct configurations

Specific implementation for each service configuration
HashService
CAL & CSM
AsymEncryptService
SymEncryptService
AsymEncrypt_1
SymEncrypt_1
AES
RSA2048
AsymEncrypt_2
SymEncrypt_2
RSA4096
15/40
Serpent




Implementations may change in future
HashService
CAL & CSM
AsymEncryptService
SymEncryptService
AsymEncrypt_1
SymEncrypt_1
AES
RSA2048
ECC256
AsymEncrypt_2
SymEncrypt_2
RSA4096
ECC512
16/40
Serpent




Implementations may change in future

API compatibility not ensured
HashService
CAL & CSM
General Usage
Streaming services
Indefinite long data stream
...
Start
Update
Update
Update
...
Update
Finish
Result

Initialization with Start function (e.g. Csm_SymEncryptStart)

Update function (e.g. Csm_SymEncryptUpdate)

Finish function (e.g. Csm_SymEncryptFinish)
Non-streaming services

17/40
Example: Csm_GenerateRandom
CAL & CSM
Hardware-based Security
SWC/Application
RTE
SYS
CSM
CRY
LIB
CRY
MCAL
SHEDRV
Microcontroller

18/40
CDD
SHE
CSM services use cryptographic hardware or software implementation
CAL & CSM
Hardware-based Security
Controller
Secure Zone
SHE –
Secure Hardware Extension
AES
CPU
Control
Logic
RAM + Flash +
ROM
Peripherals (CAN, UART, ...)
Secure Hardware Extension (SHE)
 On-chip extension to microcontroller
 Memory for secure storage of (cryptographic) data
 Hardware extension for cryptographic primitives
 Specified by Hersteller Initiative Software (HIS)
19/40
CAL & CSM
SHE - Performance

AES ECB Encryption: SHE vs. Software library
2002.5
2000
1 Block
1800
3 Blocks
1600
6 Blocks
1400
1200
1111.6
µs 1000
800
600
400
200
24.94
0
SHE 64 Mhz
13.5
SW 64 Mhz
SHE 120 Mhz
SW 120 Mhz
Measured on a Freescale MPC5646C (w/ CSE), MICROSAR Stack with CSM and SHE driver with the Vector
‘AUTOSAR Measurement and Debugging (AMD) Runtime Measurement (Rtm)‘ Tool.
1 Block = 16 bytes
20/40
Agenda
21/40
1.
AUTOSAR
2.
CAL & CSM
3.
SecOC
SecOC
Introduction

SecOC is parallel to PDUR
 PDUR routes PDUs
 PDU is a message on a bus
SWC/Application
RTE
SecOC
SYS
LIB
PDUR
COM
MCAL
CDD
Microcontroller
22/40
SecOC
Introduction


PDUs are routed through SecOC

PDU & authentication sent &
received through IF or TP modules
 COM module combines data into
PDUs
 IF modules send & receive
atomic messages
 TP modules manage messages
longer than atomic messages
SWC/Application
RTE
COM
SecOC
SYS
LIB
PDUR
COM
MCAL
CDD
Microcontroller
23/40
IF/TP
SecOC
Introduction


PDUs are routed through SecOC

PDU & authentication sent &
received through IF or TP modules

SecOC uses Cal or Csm

RTE-interface

Authentication: MAC or signature
SWC/Application
RTE
CAL
COM
CSM
SYS
LIB
SecOC
PDUR
COM
MCAL
CDD
Microcontroller
24/40
IF/TP
SecOC
Functionality
ECU 1
ECU 3
Secured PDU
BUS
25/40

SecOC sends & receives secured PDUs

Secured PDUs are protected against
 Manipulation
 Random errors
 Replays
SecOC
Sending a secured PDU
ECU 1
DataID 1
PDU 1
Secured PDU
26/40

DataID assigned to secured PDU

Authentic PDU
SecOC
ECU 1
DataID 1
PDU 1
Fresh. Value
27/40
Secured PDU

Freshness value
 Monotonic counter to prevent replay attacks

Implementation
 Timestamp
 Counter
SecOC
ECU 1
DataID 1
PDU 1
Fresh. Value
Secured PDU
MAC Generator
MAC
28/40

DataID, PDU, freshness value form input to MAC generator

Symmetric key required for MAC generation

SecOC may use CMAC to benefit from SHE
SecOC
ECU 1
DataID 1
PDU 1
LSBs
Fresh. Value
Fresh.
PDU 1 Value MAC
Secured PDU
MAC Generator
MAC
MSBs

29/40
PDU, truncated freshness value, truncated MAC form secured PDU
SecOC
ECU 1
DataID 1
PDU 1
Fresh. Value
Fresh.
PDU 1 Value MAC
Secured PDU
MAC Generator
MAC
MSBs

NIST Special Publication 800-38B (CMAC)
 Truncated MAC length ൒ 64 bits
Truncated MAC length must be thoroughly chosen dependent on
network attributes and security requirements
30/40
SecOC
Reception of a secured PDU
ECU 1
ECU 3
DataID 1
DataID 1
PDU 1
PDU 1
Fresh. Value
replace LSBs
PDU 1
MAC
Secured PDU
Fresh.
Value
Ver. Fresh.
MAC Generator
MAC
31/40

Authentic PDU is parsed

DataID must be identical for sender and receiver

Truncated freshness value is synchronized to form verification freshness
value
SecOC
ECU 3
DataID 1
PDU 1
Ver. Fresh.
+
0..01 0..0
=
Ver. Fresh.
32/40
Fresh.
PDU 1 Value MAC
Secured PDU
Ver. Fresh.

Verification freshness value ൐ stored freshness value (replay attacks)
 If not: Increment MSBs of verification freshness value

Synchronization between sender and receiver
SecOC
ECU 1
ECU 3
DataID 1
DataID 1
PDU 1
PDU 1
Fresh. Value
Fresh.
PDU 1 Value MAC
Secured PDU
MAC Generator
MAC
33/40
Fresh. Value
MAC Generator
compare
MAC

DataID, PDU, verification freshness form input to MAC generator

Symmetric key must be identical for sender and receiver

MSBs of calculated MAC are compared to truncated MAC
 If successful, PDU is forwarded
 If not, PDU is dropped
SecOC
System Configuration
ECU 1
PDU 1
PDU 1
PDU 2
PDU 2
PDU 3
BUS
34/40
ECU 2
ECU 3
PDU 1
PDU 3
SecOC
ECU 1
PDU 1
PDU 1
PDU 2
PDU 2
PDU 3
BUS
35/40
ECU 2
ECU 3
PDU 1
PDU 3
SecOC
ECU 1
ECU 2
DataID 1
DataID 1
DataID 1
PDU 1
PDU 1
PDU 1
DataID 2
DataID 2
PDU 2
PDU 2
PDU 3
BUS

36/40
ECU 3
Assignment of DataIDs to the to-be-secured PDUs
PDU 3
SecOC
ECU 1
ECU 2
DataID 1
PDU 1
Fresh.
Value
DataID 1
MAC
DataID 2
PDU 2
Fresh.
Value
ECU 3
PDU 1
Fresh.
Value
DataID 1
MAC
DataID 2
MAC
PDU 2
Fresh.
Value
MAC
PDU 3
BUS

37/40
PDU 1
Specification of the layout of the secured PDU
PDU 3
Fresh.
Value
MAC
SecOC
System configuration
ECU 1
ECU 2
DataID 1
PDU 1
Fresh.
Value
DataID 1
MAC
DataID 2
PDU 2
Fresh.
Value
ECU 3
PDU 1
Fresh.
Value
DataID 1
MAC
DataID 2
MAC
PDU 2
Fresh.
Value
MAC
PDU 3
BUS
38/40
PDU 1

Assignment of keys to the secured PDUs

Initial keying

Re-keying
PDU 3
Fresh.
Value
MAC
SecOC
System configuration
ECU 1
ECU 2
DataID 1
PDU 1
Fresh.
Value
DataID 1
MAC
DataID 2
PDU 2
Fresh.
Value
ECU 3
PDU 1
Fresh.
Value
DataID 1
MAC
Fresh.
Value
MAC
DataID 2
MAC
PDU 2
Fresh.
Value
MAC
PDU 3
ECU1_Extract
39/40
PDU 1
PDU 3
ECU2_Extract
ECU3_Extract
For more information about Vector
and our products please visit
www.vector.com
Author:
Philipp Werner, Armin Happel, Ralf Fritz, Steffen Keul
Vector Informatik GmbH
© 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.00 | 2015-05-27

ESCAR Presentation: Current Status of the AUTOSAR Security

Transcription

Similar documents

MICROSAR Produktinformation

Quo Vadis SAE J1939

Maintenancereport BSI-DSZ-CC-0528-2008-MA-02

Preview - UVS Info