AUTOSAR Security Modules - Vector€¦ · Run time environment (RTE) ... Assignment of DataIDs to...

V1.00 | 2015-05-27

Current Status

AUTOSAR Security Modules

1. AUTOSAR

2. CAL & CSM

3. SecOC

Agenda

2/40

Automotive Open System Architecture Software for electronic control units (ECU)

Software architecture

IntroductionAUTOSAR

LIB

RTE

Microcontroller

SYS

COM

CDDMCAL

SWC/Application

3/40

Software component (SWC) / Application Implementation of functionality of ECU Runs on microcontroller Sends & receives data to and from other ECUs (in network)

IntroductionAUTOSAR

Microcontroller

SWC/Application

4/40

Run time environment (RTE) Provides interface to basic software (BSW)

IntroductionAUTOSAR

RTE

Microcontroller

SWC/Application

5/40

System services (SYS) and libraries (LIB) Cryptographic modules

Operating system (OS)

Complex device drivers (CDD)

IntroductionAUTOSAR

LIB

RTE

Microcontroller

SYS

CDD

SWC/Application

6/40

Communication modules (COM) send & receive data on automotive bus systems

> Controller Area Network (CAN)> Local Interconnect Network (LIN)> FlexRay> Ethernet> ...

IntroductionAUTOSAR

LIB

RTE

Microcontroller

SYS

COM

CDD

SWC/Application

7/40

Microcontroller abstraction layer (MCAL) BSW & SWC independent of microcontroller

IntroductionAUTOSAR

LIB

RTE

Microcontroller

SYS

COM

CDDMCAL

SWC/Application

8/40

New security challenges Automotive software plays central role in car innovations Car connectivity will provide an essential part for value-added features

Car security – strict and secure access control to… … the car and its parts (ECU) … sensitive car data (odometer, motor characteristic) … passenger’s data (GPS) … intellectual property of the OEM

Motivation for security modules in AUTOSARAUTOSAR

9/40

CAL & CSM Basic cryptographic primitives for BSW and application

SecOC Authenticated communication seamlessly integrated into the AUTOSAR

communication stack

AUTOSAR security modulesAUTOSAR

10/40

1. AUTOSAR

2. CAL & CSM

3. SecOC

Agenda

11/40

IntroductionCAL & CSM

LIB

RTE

Microcontroller

SYS

COM

CDDMCAL

SWC/Application

Crypto Abstraction Library – CAL BSW, CDD or SWC use CAL by

inclusion

Memory allocated by caller Enables re-entrance

CALCrypto Primitive Library – CPL SW implementation of

cryptographic primitivesCPL

Crypto Service Manager – CSM SWC use CSM through RTE

BSW/CDD use CSM by inclusion

Asynchronous operation possible Callback indicates application

CSM

Crypto library module – CRY Implementation of cryptographic

primitives

CRY CRY

SHEDRV

SHE

Usage of SW or crypto HW possible

12/40

Abstract definition of cryptographic services

No definition for a concrete cryptographic algorithm

Supported Cryptographic ServicesCAL & CSM

Key derivation function (KDF)

Key generation, update*, export, import

Key exchange protocols

Key Management

*Csm only

Miscellaneous

Compression/ Decompression

Checksum

Basic Cryptography

Hash

Message authentication code (MAC) Generation Verification

Random number generation

Encryption/ Decryption Symmetric Asymmetric

Signatures

13/40

Individual configuration of each required service

Set of distinct configurations

Specific implementation for each service configuration

Cryptographic Service ConfigurationCAL & CSM

AsymEncryptService HashServiceSymEncryptService

AsymEncrypt_1

AsymEncrypt_2

SymEncrypt_1

SymEncrypt_2

RSA2048

RSA4096

AES

TwoFish

14/40



AsymEncrypt_1

AsymEncrypt_2

SymEncrypt_1

SymEncrypt_2

RSA2048

RSA4096

AES

Serpent




Implementations may change in future

15/40



AsymEncrypt_1

AsymEncrypt_2

SymEncrypt_1

SymEncrypt_2

RSA2048

RSA4096

AES

Serpent

ECC256

ECC512




Implementations may change in future

API compatibility not ensured

16/40

Streaming services

General UsageCAL & CSM

Indefinite long data stream

...Start

Initialization with Start function (e.g. Csm_SymEncryptStart)

Update

Update function (e.g. Csm_SymEncryptUpdate)

Update Update Update...

Finish function (e.g. Csm_SymEncryptFinish)

Finish

Result

Non-streaming services Example: Csm_GenerateRandom

17/40

Hardware-based SecurityCAL & CSM

LIB

RTE

Microcontroller

SYSCSM

CRY

CDDMCAL SHEDRV

SHE

SWC/Application

CSM services use cryptographic hardware or software implementation

CRY

18/40

Secure Hardware Extension (SHE) On-chip extension to microcontroller Memory for secure storage of (cryptographic) data Hardware extension for cryptographic primitives Specified by Hersteller Initiative Software (HIS)

Hardware-based SecurityCAL & CSM

Controller

CPU

Peripherals (CAN, UART, ...)

SHE – Secure Hardware Extension

Control Logic

AES

RAM + Flash + ROM

Secure Zone

19/40

SHE - PerformanceCAL & CSM

AES ECB Encryption: SHE vs. Software library

0

200

400

600

800

1000

1200

1400

1600

1800

2000

SHE 64 Mhz SW 64 Mhz SHE 120 Mhz SW 120 Mhz

µs

1 Block

3 Blocks

6 Blocks

24.94

2002.5

1111.6

13.5

Measured on a Freescale MPC5646C (w/ CSE), MICROSAR Stack with CSM and SHE driver with the Vector ‘AUTOSAR Measurement and Debugging (AMD) Runtime Measurement (Rtm)‘ Tool.

1 Block = 16 bytes

20/40

1. AUTOSAR

2. CAL & CSM

3. SecOC

Agenda

21/40

IntroductionSecOC

LIB

RTE

Microcontroller

SYS COM

CDDMCAL

SWC/Application

SecOC is parallel to PDUR PDUR routes PDUs PDU is a message on a bus

PDURSecOC

22/40

SecOC is parallel to PDUR

PDUs are routed through SecOC

PDU & authentication sent & received through IF or TP modules COM module combines data into

PDUs IF modules send & receive

atomic messages TP modules manage messages

longer than atomic messages

IntroductionSecOC

LIB

RTE

Microcontroller

SYS COM

CDDMCAL

SWC/Application

COM

PDUR

IF/TP

SecOC

23/40

IntroductionSecOC

LIB

RTE

CAL

Microcontroller

SYS

CSM

COM

CDDMCAL

SWC/Application

COM

PDUR

IF/TP

SecOC

SecOC is parallel to PDUR

PDUs are routed through SecOC

PDU & authentication sent & received through IF or TP modules

SecOC uses Cal or Csm

RTE-interface

Authentication: MAC or signature

24/40

SecOC sends & receives secured PDUs

Secured PDUs are protected against Manipulation Random errors Replays

FunctionalitySecOC

Secured PDU

ECU 1 ECU 3

BUS

25/40

Sending a secured PDUSecOC

Secured PDU

ECU 1

PDU 1DataID 1

DataID assigned to secured PDU

Authentic PDU

26/40


Secured PDU

ECU 1

PDU 1DataID 1

Fresh. Value

Freshness value Monotonic counter to prevent replay attacks

Implementation Timestamp Counter

27/40


Secured PDU

ECU 1

PDU 1DataID 1

MAC Generator

MAC

DataID, PDU, freshness value form input to MAC generator

Symmetric key required for MAC generation

SecOC may use CMAC to benefit from SHE

Fresh. Value

28/40


Secured PDU

ECU 1

PDU 1DataID 1

PDU 1 MACFresh.ValueFresh. Value

MAC Generator

MACMAC

PDU, truncated freshness value, truncated MAC form secured PDU

LSBs

MSBs

29/40


Secured PDU

ECU 1

PDU 1DataID 1

PDU 1 MACFresh.ValueFresh. Value

MAC Generator

MACMAC

NIST Special Publication 800-38B (CMAC) Truncated MAC length 64 bits

Truncated MAC length must be thoroughly chosen dependent on network attributes and security requirements

MSBs

30/40

ECU 1

Fresh. Value

Reception of a secured PDUSecOC

Secured PDU

DataID 1

PDU 1 MACFresh.Value

ECU 3

PDU 1DataID 1

Ver. Fresh.

Authentic PDU is parsed

DataID must be identical for sender and receiver

Truncated freshness value is synchronized to form verification freshness value

replace LSBsPDU 1

MAC Generator

MACMAC

31/40


Secured PDUPDU 1 MACFresh.

Value

ECU 3

PDU 1DataID 1

Ver. Fresh.

Verification freshness value stored freshness value (replay attacks) If not: Increment MSBs of verification freshness value

Synchronization between sender and receiver

Ver. Fresh.

0..00..01+

=Ver. Fresh.

32/40


Secured PDU

ECU 1

PDU 1 MACFresh.Value

ECU 3

PDU 1DataID 1

MAC Generator

Fresh. Value

MACMAC

DataID, PDU, verification freshness form input to MAC generator

Symmetric key must be identical for sender and receiver

MSBs of calculated MAC are compared to truncated MAC If successful, PDU is forwarded If not, PDU is dropped

compare

Fresh. Value

DataID 1PDU 1

MAC Generator

MACMAC

33/40

System ConfigurationSecOC

ECU 1 ECU 2 ECU 3

BUS

PDU 2

PDU 1

PDU 2

PDU 1PDU 1

PDU 3 PDU 3

34/40


ECU 1

PDU 2

PDU 1

PDU 3

ECU 2

PDU 2

ECU 3

PDU 1

PDU 3

BUS

PDU 1

35/40


ECU 1

PDU 2

PDU 1

PDU 3

ECU 2

PDU 2

ECU 3

PDU 1

PDU 3

BUS

PDU 1DataID 1 DataID 1 DataID 1

DataID 2 DataID 2

Assignment of DataIDs to the to-be-secured PDUs

36/40


ECU 1

PDU 2

PDU 1

PDU 3

ECU 2

PDU 2

ECU 3

PDU 1

PDU 3

Specification of the layout of the secured PDU

BUS


DataID 2 DataID 2

MACFresh.Value MACFresh.

Value MACFresh.Value


Value

37/40

System configurationSecOC

ECU 1

PDU 2

PDU 1

PDU 3

ECU 2

PDU 2

ECU 3

PDU 1

PDU 3

Assignment of keys to the secured PDUs

Initial keying

Re-keying

BUS


DataID 2 DataID 2




Value

38/40

System configurationSecOC

ECU 1

PDU 2

PDU 1

PDU 3

ECU 2

PDU 2

ECU 3

PDU 1

PDU 3


DataID 2 DataID 2




Value

ECU1_Extract ECU2_Extract ECU3_Extract

39/40

© 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.00 | 2015-05-27

For more information about Vectorand our products please visit

www.vector.com

Author:Philipp Werner, Armin Happel, Ralf Fritz, Steffen KeulVector Informatik GmbH

AUTOSAR Security Modules - Vector€¦ · Run time environment (RTE) ... Assignment of DataIDs to...

Documents

Transcript of AUTOSAR Security Modules - Vector€¦ · Run time environment (RTE) ... Assignment of DataIDs to...