V1.0 | 2019-04-01
Vector Cyber Security Symposium 2019
Vector Security Manager for secure diagnostics
2
u Automotive Security Use Cases
Secure Diagnostics
Certificates
Authentication
Authentication with Vector Security Manager
Agenda
3
u Secured on Board Communication
u Message Authentication
u Message Encryption
u Replay Protection / Freshness Management
u Unique Secret Management
u Administration of keys (SecOC)
u Administration of certificates (Diagnostic)
u Support of OEM specific certificate systems
u Secure Diagnostics
u Error codes
u Variant Coding
u Software Download (Flashing)
u Unlocking of encrypted communication (Testing, Logging)
Security Use Cases
Automotive Security Use Cases
4
u ECU must only accept diagnostic services from a trusted tester
u Do not publish security critical information such as secret keys, certificates, freshness, …
u Do not accept security critical commands
> Software downloads (Flashing)
> Variant Coding
> New secret keys or certificates
Authenticity is required!
Secure Diagnostics Challenges
Secure Diagnostics
5
Authenticity
Secure Diagnostics
Tester
u Before authentication, data and diagnostic services arerestricted and locked
u Authentication unlocks specific subsets of data and services
u Each service specifies a requirement to be unlocked
u Secret function (Seed & Key)
u Certificate (PKI certificate exchange)
u An authenticated tester can only use unlocked services
Tester
Service 1
Service 2
Service m
…
6
Public Key Certificates
Certificates
Certificate
u Public Key
u Subject
u Valid since… until…
u Additional content
Signature
Content
Private Key
7
Chain of trust with digital certificates
Certificates
Public Key CA Certificate
u Public Key
u Subject
u Valid since… until…
u Additional content
Signature
Private Key
u Signature of root certificate cannot be verified.
u Certificate Authority (CA) can issue new certificates by signing them with itsprivate key.
u User certificates reside at the bottom level of this trust chain hirarchy.
Public Key CA Certificate
u Public Key
u Subject
u Valid since… until…
u Additional content
Signature
Private Keysign
sign
Public Key Certificate
u Public Key
u Subject
u Valid since… until…
u Additional content
Signature
End User Certificate
Private Key
verify
8
u Service for diagnostic tester authentication
u Currently being standardized
Unified diagnostic services (UDS): Service 2916
Authentication
Authentication (2916)
Authentication withPKI Certificate
Exchange
Authentication withChallenge-Response
AsymmetricCryptography
SymmetricCryptography
AsymmetricCryptography
9
Certificate Tree: CA, Tester, ECU
Authentication
CA
Tester ECU
10
Service 29: Authentication with PKI certificate exchange
Authentication
29 08
69 08 ARP
ARP Description
02 Authentication with PKI Certificate Exchange (APCE)(Will be supported by DEXT and AUTOSAR)
03 Authentication with Challenge-Response (ACR) and asymmetric cryptography
04 Authentication with Challenge-Response (ACR) and symmetric cryptograph
ARP = Authentication Return Parameter
PKI = Public Key Infrastructure
Tester ECU
11
Service 29: Authentication with PKI certificate exchange
Authentication
u Tester sends its public keycertificate to ECU
u ECU verifies that the certificateis valid by checking itssignature
u ECU now has public key oftester‘s certificate
u ECU has no proof of ownership
29 01 00 Tester Certificate
Public Key Certificate
u Public Key
u Diagnostic Role
u Unlocked Services
u …
Signature
Private Key
Tester ECU
12
Service 29: Authentication with PKI certificate exchange
Authentication
u Tester sends its public keycertificate to ECU
u ECU verifies that the certificateis valid by checking itssignature
u ECU now has public key oftester‘s certificate
u ECU has no proof of ownership
u ECU sends challenge to tester
29 01 00 Tester Certificate
69 01 11 ECU Challenge
Tester ECU
13
Service 29: Authentication with PKI certificate exchange
Authentication
u Tester sends its public keycertificate to ECU
u ECU verifies that the certificateis valid by checking itssignature
u ECU now has public key oftester‘s certificate
u ECU has no proof of ownership
u ECU sends challenge to tester
u Tester computes a signatureusing the certificate‘s private key and the received challenge
29 01 00 Tester Certificate
69 01 11 ECU Challenge
29 03Proof of OwnershipTester Certificate
Tester ECU
14
Service 29: Authentication with PKI certificate exchange
Authentication
u Tester sends its public keycertificate to ECU
u ECU verifies that the certificateis valid by checking itssignature
u ECU now has public key oftester‘s certificate
u ECU has no proof of ownership
u ECU sends challenge to tester
u Tester computes a signatureusing the certificate‘s private key and the received challenge
u ECU verifies signature withpublic key of tester‘s certificate
u Tester has proven that it hasownership of a certificate thatwas signed by a higher levelcertificate authority
29 01 00 Tester Certificate
69 01 11 ECU Challenge
69 03 12
29 03Proof of OwnershipTester Certificate
Tester ECU
15
Service 29: Bidirectional authentication with PKI certificate exchange
Authentication
69 03 12
29 03Proof of OwnershipTester Certificate
29 02 00 Tester Certificate Tester Challenge
69 02 11 ECU Challenge ECU CertificateProof of Ownership
ECU Certificate
Tester ECU
16
Authentication with PKI certificate exchange and OEM backend
Authentication
OEM
Backend
29 01 00DiagnosticCertificate
69 01 11 ECU Challenge
69 03 12
29 03Proof of Ownership
Diagnostic Certificate
httpDiagnosticCertificate
http ECU Challenge
httpProof of Ownership
Diagnostic Certificate
Tester ECU
17
Deauthentication
Authentication
29 00
69 00 ARP
Tester ECU
18
u OEM can specify individual implementations
u Uni- / Bidirectional
u Backend
u Encryption (ECDH)
u Multiple certificates required
u Vector Security Manager offers OEM specific Security Sources
u OEM specific Authentication sequences available
u Easy configuration with a GUI
Authentication with Vector Security Manager and CANoe
Authentication with Vector Security Manager
19
Authentication with Vector Security Manager and CANoe
Authentication with Vector Security Manager
20
Authentication with Vector Security Manager and CANoe
Authentication with Vector Security Manager
21
Authentication with Vector Security Manager and CANoe
Authentication with Vector Security Manager
22
u Service 2916 is an UDS standardized authentication procedure
u PKI Certificate Authority to form chain of trust for certificates
u Validity and proof of ownership check of diagnostic certificate
ECU does not need knowledge of specific diagnostic certificates
u Role based authorization through ownership of diagnostic certificates
u Temporal restriction via certificate validity period
u OEM specific authentication sequences
u Vector Security Manager implements complete sequence as a single operation
Summary
23 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-04-01
Author:Lohmann, MaxVector Germany
For more information about Vectorand our products please visit
www.vector.com
Top Related