VulCAN: Efficient Component Authentication and … · VulCAN: Efficient Component Authentication...
31
VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks Jo Van Bulck, Jan Tobias Mühlberg and Frank Piessens jo.vanbulck|[email protected] imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium SCSC Seminar: Safety and Security Integration, April 2018
-
Upload
truongliem -
Category
Documents
-
view
223 -
download
0
Transcript of VulCAN: Efficient Component Authentication and … · VulCAN: Efficient Component Authentication...
VulCAN Efficient Component Authentication andSoftware Isolation for Automotive Control Networks
Jo Van Bulck Jan Tobias Muumlhlberg and Frank Piessensjovanbulck|jantobiasmuehlbergcskuleuvenbeimec-DistriNet KU Leuven Celestijnenlaan 200A B-3001 Belgium
SCSC Seminar Safety and Security Integration April 2018
empty
Secure Automotive Computing with VulCAN
2 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
Modern cars can be hackedbull Network of more than 50 ECUsbull Multiple communication networksbull Remote entry pointsbull Limited built-in security mechanisms Miller amp Valasek ldquoRemote exploitation of an unaltered passenger vehiclerdquo 2015
VulCAN brings strong security toautomotive computingbull Message authenticationbull Strong software securitybull Trusted Computing software component
isolation and cryptographybull Applicable in ICS IoT
empty
Secure Automotive Computing with VulCAN
VulCAN Generic design to exploit light-weight trusted computing in CAN-basedembedded control networksImplementation based on Sancus [NVBM+17] we implement strengthen andevaluate authentication protocols vatiCAN [NR16] and LeiA [RG16]
3 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacks
rarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacksrarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Secure Automotive Computing with VulCAN
2 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
Modern cars can be hackedbull Network of more than 50 ECUsbull Multiple communication networksbull Remote entry pointsbull Limited built-in security mechanisms Miller amp Valasek ldquoRemote exploitation of an unaltered passenger vehiclerdquo 2015
VulCAN brings strong security toautomotive computingbull Message authenticationbull Strong software securitybull Trusted Computing software component
isolation and cryptographybull Applicable in ICS IoT
empty
Secure Automotive Computing with VulCAN
VulCAN Generic design to exploit light-weight trusted computing in CAN-basedembedded control networksImplementation based on Sancus [NVBM+17] we implement strengthen andevaluate authentication protocols vatiCAN [NR16] and LeiA [RG16]
3 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacks
rarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacksrarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Secure Automotive Computing with VulCAN
VulCAN Generic design to exploit light-weight trusted computing in CAN-basedembedded control networksImplementation based on Sancus [NVBM+17] we implement strengthen andevaluate authentication protocols vatiCAN [NR16] and LeiA [RG16]
3 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacks
rarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacksrarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacks
rarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacksrarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking the CAN
Complex bus system with many ECUs and gateways to other communicationsystems no protection against message injection or replay attacksrarr Message Authentication specified in AUTOSAR 42++ (2015) protocolsvatiCAN LeiA no efficient and cost-effective implementations yet
4 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Integration Issues
AUTOSAR 42 ldquoSpecification of Module Secure Onboard Communicationrdquobull Requirements system components APIs interactionsbull Data formats message structure backwards compatibilitybull Cryptographic primitives key amp MAC sizes and truncation
Not covered
bull Threats system amp attacker modelbull Heterogeneous hardwarebull Implementation sizebull Real-Time guarantees on ECUbull Bus congestionbull Real-Time guarantees at network
and application levelbull Secure key management
bull Fault amp attack detection andhandling
bull Functional Safetybull Integrating OEMs and After-Market
componentsbull Component pricebull Privacybull Certification
5 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authentication
rarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Attacking CAN Message Authentication
What about Software Security [CMK+11 MV15 FS17]Lack of security mechanisms on light-weight ECUs leverages softwarevulnerabilities attackers may be able to bypass encryption and authenticationrarr Software Component Authentication amp Isolation
6 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestation
bull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetwork
bull Rogue ECUs software attackers and errors in untrusted code cannot interferewith security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Overview Vulcanising Distributed Automotive Applications
bull Critical application components in enclaves software isolation + attestationbull Authenticated CAN messages over untrusted system softwarenetworkbull Rogue ECUs software attackers and errors in untrusted code cannot interfere
with security but may harm availability
7 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
8 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Sancus Strong and Light-Weight Embedded Security [NVBM+17]Extends TIrsquos MSP430 withTrusted Computing primitivesbull Software Component
Isolationbull Cryptography amp Attestationbull Secure IO through isolation
of MMIO ranges
Efficientbull Modular le 2 kLUTsbull Authentication in microsbull + 6 power consumption
Cryptographic key hierarchyfor software attestationIsolated components are typically very small (lt 1kLOC)Sancus is Open Source httpsdistrinetcskuleuvenbesoftwaresancus
9 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
N = Node SP = Software Provider DeployerSM = protected Software Module
Unprotected
Ent
rypo
int
Code amp constants Unprotected
SM text section
Protected data
SM protected data section
Unprotected
Mem
ory
KNSPSM SM metadata
Layout Keys
ProtectedstorageareaKN
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives
AUTOSAR Protocol objectives
1 Message authenticationrArr MAC(id payload)
2 Lightweight cryptographyrArr symmetric keys
3 Replay attack resistancerArr nonces and session keys
4 Backwards compatibilityrArr MAC over separate CAN id
vatiCAN [NR16] and LeiA [RG16]
VulCAN Sancus objectives
5 Real-time compliancerArr hardware-level crypto
6 Software isolationrArr application + driver enclaves
7 Software attestationrArr trusted in-vehicle attestation server
8 Dynamic keyECU updaterArr via attestation server
9 Secure legacy ECU integrationrArr CAN gateway shielding
10 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Demo ScenariorArr distributed authenticated path from keypad to shielded instrument clusterrArr automotive CAN is challenging ndash VulCAN is applicable to other domains
rarr
11 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain
bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]
bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Performance Evaluation Round-Trip Time Experiment
Scenario Cycles Time Overhead
Legacy 20250 101 ms ndashvatiCAN (extrapolated) 121992 610 ms 502Sancus+vatiCAN unprotected 35236 176 ms 74Sancus+vatiCAN protected 36375 182 ms 80Sancus+LEIA unprotected 42929 215 ms 112Sancus+LEIA protected 43624 218 ms 115
Sender Receiverping
ping_auth
pong
pong_auth
computeMACpinд
computeMACponд
computeMACpinд
computeMACponдro
und-trip
time
bull Hardware-level crypto +400 performance gain bull Modest ~5 performance impact for software isolation [VBNMP15 MNP15]bull LeiArsquos extended CAN id usage comes at a cost (SPI-based CAN transceiver)
12 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Future Work amp Research ChallengesImplement vehicle attestation server
bull ARM TrustZone vs Intel SGX no remote networkrarr enclave integrity withstatic root-of-trust (secure boot)
bull SPONGENT crypto performs bad in softwarebull Work-in-progress Rust-SGX [DDL+17] memory-safe implementation
Availability and real-time guarantees on compromised ECUs
rarr protected scheduler [VBNMP16] network availability out of scope (or partitionvia gateways)
Formalise authentic execution [NMP17] guarantees
rarr unified framework to interactdeploy enclaves on heterogeneous networkedplatforms
13 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Summary amp Conclusions
Security is hard1 Understand the system2 Understand the (security) requirements3 Understand the attacker4 Understand and embrace change
Security is very different from safetybull We deal with adaptive attackersbull Is your system a target or the target
Trusted Computing for safety-criticalbull Simplifies implementing security by providing
strong guarantees in the execution environmentbull This may not hold tomorrow MeltdownSpectrebull Reducing complexity is key
14 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
Thank you Questionshttpsdistrinetcskuleuvenbesoftwarevulcan
httpsgithubcomsancus-pmavulcan
15 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References IAUTOSARAUTOSAR Specification 42 2015httpwwwautosarorgspecificationsrelease-42
S Checkoway D McCoy B Kantor D Anderson H Shacham and S SavageComprehensive experimental analyses of automotive attack surfacesIn USENIX Sec 2011
Y Ding R Duan L Li Y Cheng Y Zhang T Chen T Wei and H WangPOSTER Rust SGX SDK Towards memory safety in Intel SGX enclave 10 2017
S Froumlschle and A StuumlhringAnalyzing the capabilities of the CAN attackerIn ESORICS rsquo17 vol 10492 of LNCS pp 464ndash482 Heidelberg 2017 Springer
J T Muumlhlberg J Noorman and F PiessensLightweight and flexible trust assessment modules for the Internet of ThingsIn ESORICS rsquo15 vol 9326 of LNCS pp 503ndash520 Heidelberg 2015 Springer
C Miller and C ValasekRemote exploitation of an unaltered passenger vehicleBlack Hat USA 2015
J Noorman J T Muumlhlberg and F PiessensAuthentic execution of distributed event-driven applications with a small TCBIn STM rsquo17 vol 10547 of LNCS pp 55ndash71 Heidelberg 2017 Springer
16 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
References II
S Nuumlrnberger and C Rossowndash vatiCAN ndash Vetted Authenticated CAN Bus pp 106ndash124Springer Berlin Heidelberg Berlin Heidelberg 2016
J Noorman J Van Bulck J T Muumlhlberg F Piessens P Maene B Preneel I Verbauwhede J Goumltzfried T Muumlller and F FreilingSancus 20 A low-cost security architecture for IoT devicesACM Transactions on Privacy and Security (TOPS) 2071ndash733 2017
A-I Radu and F D GarciaLeiA A Lightweight Authentication Protocol for CAN pp 283ndash300Springer International Publishing Cham 2016
J Van Bulck J Noorman J T Muumlhlberg and F PiessensSecure resource sharing for embedded protected module architecturesIn WISTP rsquo15 vol 9311 of LNCS pp 71ndash87 Heidelberg 2015 Springer
J Van Bulck J Noorman J T Muumlhlberg and F PiessensTowards availability and real-time guarantees for protected module architecturesIn MASS rsquo16 MODULARITY Companion 2016 pp 146ndash151 New York 2016 ACM
17 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Security Objectives amp Summary
18 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server Boot + Session Key Provisioning
bull Challenge-response attestation + encrypted session key distributionbull Preserve motorist safety via secure boot + exclusive vehicle ignition
19 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
empty
VulCAN Attestation Server ECU Replacement
bull Untrusted network connectionrarr public key cryptographybull Store software module keys for offline use
20 20 Van Bulck Muumlhlberg Piessens VulCAN Vehicular Component Authentication and Software Isolation
![VULCAN ELECTRIC SOLId TOp OVEN RANgE...Vulcan catering equipment (ptY)ltD [ 6 ] VULCAN ELECTRIC BOILINg / SOLId TABLE WIRINg dIAgRAM VULCAN RE3 RANgE ANd OVEN 18kW, 400V, 3N Item No](https://static.fdocuments.in/doc/165x107/5e6e4129236eb200e03df048/vulcan-electric-solid-top-oven-range-vulcan-catering-equipment-ptyltd-6.jpg)
![VULCAN HIGH SPEED DEEP FAT FRYER (ELECTRIC) › vulcan-website...Vulcan catering equipment (ptY)ltD [ 2 ] VULCAN HIGH SPEED DEEP FAT FRYER (ELECTRIC) GENERAL DATA: MANUFACTURER: Vulcan](https://static.fdocuments.in/doc/165x107/60c05ae5c355355f26327394/vulcan-high-speed-deep-fat-fryer-electric-a-vulcan-website-vulcan-catering.jpg)
