Public

VNI CE

Links

16.05.2018

1

› Course link:

› Join on your computer or mobile app

› Click here to join the meeting

› Laboratory Links:

› Join on your computer or mobile app

› Click here to join the meeting : I3B4 , I3B5 , I3B6

› Click here to join the meeting : I3A3 , I3A4 , I3A5 , I3A6

› Click here to join the meeting : I3A1 , I3A2 , I3E1 , I3E2

› Click here to join the meeting : I3A7 , I3B1 , I3B2 , I3B3

Bitte decken Sie die schraffierte Fläche mit einem Bild ab.

Please cover the shaded area with a picture.

(24,4 x 11,0 cm)

Software security in Automotive Systems

Course 11

www.continental-corporation.com VNI CE

Public

VNI CE 16.05.2018

3

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

4 SW authentication mechanism

Security in Automotive. Why? 4

11

13

21

23

29

35

7

Public

VNI CE 16.05.2018

4

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Software security in Automotive SystemsWhy?

5

Public

VNI CE

Software security in Automotive SystemsWhy?

6

Yesterday: cars separated

from the digital system

network / IoT

Today and tomorrow: cars

are integrated in the digital

system network / IoT

Public

VNI CE 16.05.2018

7

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Threats and risks to road safety

8

Possible risks and threats in Automotive:

▪ Attacks over the car’s communication bus

• CAN is a trusted network and once you are on it you can alter the

functionality of a vehicle by sending messages to certain ECUs

part of the network → CAN is not inherently secured;

▪ Attacks over the car’s wireless networks: Bluetooth, Wi-Fi, 4G;

▪ Attacks through the car’s media systems: CD player, USB, media

player;

Public

VNI CE

Threats and risks to road safetySystematic threat modeling in automotive secure development cycle

9

Public

VNI CE

Threats and risks to road safety

10

▪ Safety critical risks

• Driver distraction (e.g. volume, wipers);

• Engine shutoff or degradation;

• Steering changes (autonomous vehicles);

▪ Less Safety-Critical vehicle specific risks;

• Theft of the car or contents;

• Insurance or lease fraud;

• Theft of information;

• Vector for attacking mobile devices in the car;

Public

VNI CE 16.05.2018

11

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Security mechanism

12

▪ The mechanisms needed to manage the security of an application may be implemented

in software, hardware or a combination of both. In general, some form of software

execution is always needed. Hardware is usually provided to accelerate the execution of

the cryptographic algorithms to meet the performance requirements of the application.

▪ For example, an SHA-256 algorithm used to checksum the contents of memory could

easily be two orders of magnitude faster with hardware acceleration, in comparison to a

purely software-based equivalent.

▪ The benefits of hardware acceleration

become even more compelling for

asymmetric cryptographic algorithms such

as RSA and ECC, especially as the key

size increases. Figure 1 shows the relative

increase in computation time for software-

based RSA authentication using a public

key. With a hardware accelerator, the same

public key authentication operation can be

executed in under 100 microseconds.

Public

VNI CE 16.05.2018

13

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

14

▪ E2E communication protection aims to detect and mitigate the causes for or effects of

communication faults arising from:

1. (systematic) software faults

2. (random) hardware faults

3. Transient faults due to external faults;

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

15

With respect to the exchange of information in safety-related systems, the mechanisms for

the in-time detection of causes for faults, or effects of faults as those listed below, can be

used to design suitable safety concepts (i.e. to achieve freedom from interference between

system elements sharing a common communication infrastructure).

▪ loss of information;

▪ insertion of information;

▪ masquerade or incorrect addressing of information;

▪ incorrect sequence of information;

▪ corruption of information;

▪ asymmetric information sent from a sender to multiple receivers;

▪ information from a sender received by only a subset of the receivers;

▪ blocking access to a communication channel.

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

18.12.2020

16

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

18.12.2020

17

› An important aspect of a communication protection mechanism is its standardization and

its flexibility for different purposes. This is resolved by having a set of E2E Profiles, that

define a combination of protection mechanisms, a message format, and a set of

configuration parameters.

› E2E communication protection works as follows:

• Sender: addition of control fields like CRC or counter to the transmitted data;

• Receiver: evaluation of the control fields from the received data, calculation of

control fields (e.g. CRC calculation on the received data), comparison of

calculated control fields with an expected/received content

Application data element

E2E header Application data element

CF1 CF2 … CFn

Data element directly from COM stack

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

18.12.2020

18

▪ The E2E Profiles provide a consistent set of data protection mechanisms, designed to protecting

against the faults considered in the fault model.

▪ Each E2E Profile provides an alternative way to protect the communication, by means of different

algorithms. However, E2E Profile have similar interfaces and behavior.

▪ Each E2E Profile shall use a subset of the following data protection mechanisms:

• CRC, provided by CRC Supervision;

• Sequence Counter incremented at every transmission request, the value is checked at

receiver side for correct increment;

• Alive Counter incremented at every transmission request, the value checked at the receiver

side if it changes at all, but correct increment is not checked;

• A specific ID for every port data element sent over a port or a specific ID for every I-PDU

group (global to system, where the system may contain potentially several ECUs)

• Timeout detection:

o Receiver communication timeout.

o Sender acknowledgement timeout

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

18.12.2020

19

E2E Mechanism Detected Communication faults

Counter Repetition, Loss, insertion, incorrect sequence,

blocking

Transmission on a regular basis

and timeout monitoring using E2E

Supervision

Loss, delay, blocking

Data ID + CRC Masquerade and incorrect addressing insertion

CRC Corruption, Asymmetric information

E2E profile 1 protection mechanisms

Public

VNI CE

Security mechanismsEnd to end (E2E) protection

18.12.2020

20

Fault Main Safety mechanisms

Repetition of information Counter

Loss of Information Counter

Delay of information Counter

Masquerading Data ID, CRC

Insertion of information Data ID

Incorrect addressing Data ID

Incorrect sequence of information Counter

Corruption of information CRC

Asymmetric information sent from a

sender to multiple receivers

CRC (to detect corruption at any of

recevers)

Information form a sender received by

only a subset of the receivers

Counter (loss on specific receivers)

Blocking access to a communication

channel

Counter (loss or timeout)

E2E profile 4 protection mechanisms

Public

VNI CE 16.05.2018

21

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Security mechanismsCrypto algorithms

18.12.2020

22

› Crypto(graphic) algorithms are essentially mathematical computations

designed to perform encryption and decryption of a message. The two main

categories of algorithms are symmetric and asymmetric.

› Symmetric cryptography algorithms use the same key for encryption and

decryption. The key must therefore be kept secret by all entities that use the

key for secure communications. This may pose a problem with distributing the

key to new entities, unless a method such as Diffie-Hellman is used, as

described in the Secret Key Exchange section below.

Public

VNI CE 16.05.2018

23

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Security mechanismsRSA encryption/decryption

18.12.2020

24

▪ The RSA cryptosystem was invented by Ron Rivest, Adi Shamir and Len

Adleman, and first publicized in the August 1977 issue of Scientific American.

▪ The cryptosystem is most commonly used for providing privacy and ensuring

authenticity of digital data.

▪ These days RSA is deployed in many commercial systems : web servers and

browsers to secure web traffic, it is used to ensure privacy and authenticity of

Email, it is used to secure remote login sessions and it is at the heart of

electronic credit-card payment systems. In short RSA is frequently used in

applications where security of digital data is a concern.

▪ Since initial publication the RSA system has been

analyzed for vulnerability by researchers, and

although these led to a number of fascinating

attacks, the mostly only showed the danger of

improper use of RSA.

Public

VNI CE

Security mechanismsRSA encryption/decryption

18.12.2020

25

Generating the public and private keys

▪ Select two prime numbers. Suppose P = 53 and Q = 59. Now First part of the

Public key : n = P*Q = 3127.

▪We also need a small exponent say e which must be an integer, not a factor of n.

▪ 1 < e < Φ(n). Let us now consider it to be equal to 3.

▪Our Public Key is made of the pair n and e

Public

VNI CE

Security mechanismsRSA encryption/decryption

18.12.2020

26

Generating the public and private keys

▪We need to calculate Φ(n), such that

Φ(n) = (P-1)(Q-1) so, Φ(n) = 3016

▪ Now calculate Private Key, d :

d = (k*Φ(n) + 1) / e

for some integer k For k = 2, value of d is 2011.

▪ Now we have the pair of public and private keys:

▪ Public Key ( n = 3127, e = 3)

▪ Private Key (n = 3127, d = 2011)

Public

VNI CE

Security mechanismsRSA encryption/decryption

18.12.2020

27

Generating the public and private keys

▪We need to calculate Φ(n), such that

Φ(n) = (P-1)(Q-1) so, Φ(n) = 3016

▪ Now calculate Private Key, d :

d = (k*Φ(n) + 1) / e

for some integer k For k = 2, value of d is 2011.

▪ Now we have the pair of public and private keys:

▪ Public Key ( n = 3127, e = 3)

▪ Private Key (n = 3127, d = 2011)

Public

VNI CE

Security mechanismsRSA encryption/decryption

18.12.2020

28

Encryption

▪Convert letters to numbers : H = 8 and I = 9;

▪ Thus Encrypted Data c = 89e mod n;

▪ Thus our Encrypted Data comes out to be 1394.

Decryption

▪Now we will decrypt 1394;

▪Decrypted Data = cd mod n;

▪ Thus our Encrypted Data comes out to be 89 8 = H and I = 9 i.e. "HI".

Public

VNI CE 16.05.2018

29

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

7

Public

VNI CE

Security mechanismsRSA blinding

18.12.2020

30

Author of the

message m- blinded message m’

SW entity

Signing authority

SW/HW entity

Public

VNI CE

Security mechanismsRSA blinding

18.12.2020

31

Public

VNI CE

Security mechanismsRSA blinding

18.12.2020

32

Author of the

message m- blinded message m’

SW entity

Signing authority

SW/HW entity

m’

Public

VNI CE

Security mechanismsRSA blinding

18.12.2020

33

Public

VNI CE

Security mechanismsRSA blinding

18.12.2020

34

Author of the

message m- blinded message m’

SW entity

Signing authority- sign m’

- generate s’

SW/HW entity

m’

s’

Public

VNI CE 16.05.2018

35

Software Security in Automotive Systems

Table Of Contents

1 3

Threats and risks to road safety2

9

Security mechanisms3

7

E2E protection3.1

Crypto algorithms3.2

RSA encryption/decryption3.3

RSA blinding3.4

Security in Automotive. Why?

4 SW authentication mechanism

4

11

13

21

23

29

35

Public

VNI CE

SW authentication mechanism Security goals for SW update

18.12.2020

36

Taking into account the errors that may arise during the SW update, the

following security goals have been pointed out for the process:

› error detection: the ECU must be able to check if the flash-ware (i.e.

the new content of the flash memory) is corrupted due to transmission

problems;

› authenticity: it should be guaranteed that the flash-ware comes from a

legitimate source;

› copy protection: the flash-ware should be copied only on a certain ECU;

› confidentiality: no unauthorized party should be able to read the flash-ware;

› authorization of the external programming tool (diagnostic tester) towards

the ECU: the diagnostic tester should be suitably recognized by the ECU, in

order to decide if the flashing has to be permitted or not.

Public

VNI CE

SW authentication mechanism Authentication architecture

18.12.2020

37

Public

VNI CE

Software security in Automotive Systems

18.12.2020

38

› “Twenty Years of Attacks on the RSA Cryptosystem”, DAN Boneh

› “ACEA Principles of Automobile Cybersecurity”, European Automobile Manufacturer’s

Association

› “E2E Protocol Specification”, AUTOSAR

› Continental Documents