Vector Cybersecurtiy Symposium 2019 - Vector Security ...

V1.0 | 2019-04-01

Vector Cyber Security Symposium 2019

Vector Security Manager for secure diagnostics

2

u Automotive Security Use Cases

Secure Diagnostics

Certificates

Authentication

Authentication with Vector Security Manager

Agenda

3

u Secured on Board Communication

u Message Authentication

u Message Encryption

u Replay Protection / Freshness Management

u Unique Secret Management

u Administration of keys (SecOC)

u Administration of certificates (Diagnostic)

u Support of OEM specific certificate systems

u Secure Diagnostics

u Error codes

u Variant Coding

u Software Download (Flashing)

u Unlocking of encrypted communication (Testing, Logging)

Security Use Cases

Automotive Security Use Cases

4

u ECU must only accept diagnostic services from a trusted tester

u Do not publish security critical information such as secret keys, certificates, freshness, …

u Do not accept security critical commands

> Software downloads (Flashing)

> Variant Coding

> New secret keys or certificates

Authenticity is required!

Secure Diagnostics Challenges

Secure Diagnostics

5

Authenticity

Secure Diagnostics

Tester

u Before authentication, data and diagnostic services arerestricted and locked

u Authentication unlocks specific subsets of data and services

u Each service specifies a requirement to be unlocked

u Secret function (Seed & Key)

u Certificate (PKI certificate exchange)

u An authenticated tester can only use unlocked services

Tester

Service 1

Service 2

Service m

…

6

Public Key Certificates

Certificates

Certificate

u Public Key

u Subject

u Valid since… until…

u Additional content

Signature

Content

Private Key

7

Chain of trust with digital certificates

Certificates

Public Key CA Certificate

u Public Key

u Subject



Signature

Private Key

u Signature of root certificate cannot be verified.

u Certificate Authority (CA) can issue new certificates by signing them with itsprivate key.

u User certificates reside at the bottom level of this trust chain hirarchy.

Public Key CA Certificate

u Public Key

u Subject



Signature

Private Keysign

sign

Public Key Certificate

u Public Key

u Subject



Signature

End User Certificate

Private Key

verify

8

u Service for diagnostic tester authentication

u Currently being standardized

Unified diagnostic services (UDS): Service 2916

Authentication

Authentication (2916)

Authentication withPKI Certificate

Exchange

Authentication withChallenge-Response

AsymmetricCryptography

SymmetricCryptography

AsymmetricCryptography

9

Certificate Tree: CA, Tester, ECU

Authentication

CA

Tester ECU

10

Service 29: Authentication with PKI certificate exchange

Authentication

29 08

69 08 ARP

ARP Description

02 Authentication with PKI Certificate Exchange (APCE)(Will be supported by DEXT and AUTOSAR)

03 Authentication with Challenge-Response (ACR) and asymmetric cryptography

04 Authentication with Challenge-Response (ACR) and symmetric cryptograph

ARP = Authentication Return Parameter

PKI = Public Key Infrastructure

Tester ECU

11


Authentication

u Tester sends its public keycertificate to ECU

u ECU verifies that the certificateis valid by checking itssignature

u ECU now has public key oftester‘s certificate

u ECU has no proof of ownership

29 01 00 Tester Certificate

Public Key Certificate

u Public Key

u Diagnostic Role

u Unlocked Services

u …

Signature

Private Key

Tester ECU

12


Authentication





u ECU sends challenge to tester


69 01 11 ECU Challenge

Tester ECU

13


Authentication






u Tester computes a signatureusing the certificate‘s private key and the received challenge



29 03Proof of OwnershipTester Certificate

Tester ECU

14


Authentication






u Tester computes a signatureusing the certificate‘s private key and the received challenge

u ECU verifies signature withpublic key of tester‘s certificate

u Tester has proven that it hasownership of a certificate thatwas signed by a higher levelcertificate authority



69 03 12


Tester ECU

15

Service 29: Bidirectional authentication with PKI certificate exchange

Authentication

69 03 12


29 02 00 Tester Certificate Tester Challenge

69 02 11 ECU Challenge ECU CertificateProof of Ownership

ECU Certificate

Tester ECU

16

Authentication with PKI certificate exchange and OEM backend

Authentication

OEM

Backend

29 01 00DiagnosticCertificate


69 03 12

29 03Proof of Ownership

Diagnostic Certificate

httpDiagnosticCertificate

http ECU Challenge

httpProof of Ownership

Diagnostic Certificate

Tester ECU

17

Deauthentication

Authentication

29 00

69 00 ARP

Tester ECU

18

u OEM can specify individual implementations

u Uni- / Bidirectional

u Backend

u Encryption (ECDH)

u Multiple certificates required

u Vector Security Manager offers OEM specific Security Sources

u OEM specific Authentication sequences available

u Easy configuration with a GUI

Authentication with Vector Security Manager and CANoe


19



20



21



22

u Service 2916 is an UDS standardized authentication procedure

u PKI Certificate Authority to form chain of trust for certificates

u Validity and proof of ownership check of diagnostic certificate

ECU does not need knowledge of specific diagnostic certificates

u Role based authorization through ownership of diagnostic certificates

u Temporal restriction via certificate validity period

u OEM specific authentication sequences

u Vector Security Manager implements complete sequence as a single operation

Summary

23 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-04-01

Author:Lohmann, MaxVector Germany

For more information about Vectorand our products please visit

www.vector.com

http://www.vector.com/

Vector Cybersecurtiy Symposium 2019 - Vector Security ...

Documents

Transcript of Vector Cybersecurtiy Symposium 2019 - Vector Security ...