AUTOSAR Security Modules

Size: px
Start display at page:

Download "AUTOSAR Security Modules"

Transcription

1 AUTOSAR Security Modules Current Status V

2 Agenda 1. AUTOSAR 2. CAL & CSM 3. SecOC 2/40

3 AUTOSAR Introduction Automotive Open System Architecture Software for electronic control units (ECU) Software architecture SWC/Application RTE SYS COM LIB MCAL CDD Microcontroller 3/40

4 AUTOSAR Introduction Software component (SWC) / Application Implementation of functionality of ECU Runs on microcontroller Sends & receives data to and from other ECUs (in network) SWC/Application Microcontroller 4/40

5 AUTOSAR Introduction Run time environment (RTE) Provides interface to basic software (BSW) SWC/Application RTE Microcontroller 5/40

6 AUTOSAR Introduction System services (SYS) and libraries (LIB) Cryptographic modules Operating system (OS) Complex device drivers (CDD) SWC/Application RTE SYS LIB CDD Microcontroller 6/40

7 AUTOSAR Introduction Communication modules (COM) send & receive data on automotive bus systems > Controller Area Network (CAN) > Local Interconnect Network (LIN) > FlexRay > Ethernet >... SWC/Application RTE SYS COM LIB CDD Microcontroller 7/40

8 AUTOSAR Introduction Microcontroller abstraction layer (MCAL) BSW & SWC independent of microcontroller SWC/Application RTE SYS COM LIB MCAL CDD Microcontroller 8/40

9 AUTOSAR Motivation for security modules in AUTOSAR New security challenges Automotive software plays central role in car innovations Car connectivity will provide an essential part for value-added features Car security strict and secure access control to the car and its parts (ECU) sensitive car data (odometer, motor characteristic) passenger s data (GPS) intellectual property of the OEM 9/40

10 AUTOSAR AUTOSAR security modules CAL & CSM Basic cryptographic primitives for BSW and application SecOC Authenticated communication seamlessly integrated into the AUTOSAR communication stack 10/40

11 Agenda 1. AUTOSAR 2. CAL & CSM 3. SecOC 11/40

12 CAL & CSM Introduction Crypto Abstraction Library CAL BSW, CDD or SWC use CAL by inclusion Memory allocated by caller Enables re-entrance Crypto Primitive Library CPL SW implementation of cryptographic primitives Crypto Service Manager CSM CAL CPL SWC/Application RTE CSM SYS CRY CRY COM SWC use CSM through RTE LIB MCAL SHEDRV CDD BSW/CDD use CSM by inclusion Microcontroller SHE Asynchronous operation possible Callback indicates application Crypto library module CRY Implementation of cryptographic primitives Usage of SW or crypto HW possible 12/40

13 CAL & CSM Supported Cryptographic Services Abstract definition of cryptographic services No definition for a concrete cryptographic algorithm Basic Cryptography Hash Message authentication code () Generation Verification Random number generation Encryption/ Decryption Symmetric Asymmetric Signatures Key Management Key derivation function (KDF) Key generation, update*, export, import Key exchange protocols *Csm only Miscellaneous Compression/ Decompression Checksum 13/40

14 CAL & CSM Cryptographic Service Configuration AsymEncryptService AsymEncrypt_1 RSA2048 AsymEncrypt_2 RSA4096 SymEncryptService SymEncrypt_1 AES SymEncrypt_2 TwoFish HashService Individual configuration of each required service Set of distinct configurations Specific implementation for each service configuration 14/40

15 CAL & CSM Cryptographic Service Configuration AsymEncryptService AsymEncrypt_1 RSA2048 AsymEncrypt_2 RSA4096 SymEncryptService SymEncrypt_1 AES SymEncrypt_2 Serpent HashService Individual configuration of each required service Set of distinct configurations Specific implementation for each service configuration Implementations may change in future 15/40

16 CAL & CSM Cryptographic Service Configuration AsymEncryptService AsymEncrypt_1 RSA2048 ECC256 AsymEncrypt_2 RSA4096 ECC512 SymEncryptService SymEncrypt_1 AES SymEncrypt_2 Serpent HashService Individual configuration of each required service Set of distinct configurations Specific implementation for each service configuration Implementations may change in future API compatibility not ensured 16/40

17 CAL & CSM General Usage Streaming services Start Update Indefinite long data stream... Update Update... Update Finish Result Initialization with Start function (e.g. Csm_SymEncryptStart) Update function (e.g. Csm_SymEncryptUpdate) Finish function (e.g. Csm_SymEncryptFinish) Non-streaming services Example: Csm_GenerateRandom 17/40

18 CAL & CSM Hardware-based Security SWC/Application RTE CSM SYS CRY CRY LIB MCAL SHEDRV CDD Microcontroller SHE CSM services use cryptographic hardware or software implementation 18/40

19 CAL & CSM Hardware-based Security Controller Secure Zone SHE Secure Hardware Extension CPU Control Logic AES RAM + Flash + ROM Peripherals (CAN, UART,...) Secure Hardware Extension (SHE) On-chip extension to microcontroller Memory for secure storage of (cryptographic) data Hardware extension for cryptographic primitives Specified by Hersteller Initiative Software (HIS) 19/40

20 CAL & CSM SHE - Performance AES ECB Encryption: SHE vs. Software library Block 3 Blocks 6 Blocks µs SHE 64 Mhz SW 64 Mhz SHE 120 Mhz SW 120 Mhz Measured on a Freescale MPC5646C (w/ CSE), MICROSAR Stack with CSM and SHE driver with the Vector AUTOSAR Measurement and Debugging (AMD) Runtime Measurement (Rtm) Tool. 1 Block = 16 bytes 20/40

21 Agenda 1. AUTOSAR 2. CAL & CSM 3. SecOC 21/40

22 SecOC Introduction SecOC is parallel to PDUR PDUR routes PDUs PDU is a message on a bus SWC/Application RTE SecOC PDUR SYS COM LIB MCAL CDD Microcontroller 22/40

23 SecOC Introduction SecOC is parallel to PDUR PDUs are routed through SecOC PDU & authentication sent & received through IF or TP modules COM module combines data into PDUs SWC/Application RTE IF modules send & receive atomic messages TP modules manage messages longer than atomic messages SYS SecOC COM PDUR COM IF/TP LIB MCAL CDD Microcontroller 23/40

24 SecOC Introduction SecOC is parallel to PDUR PDUs are routed through SecOC PDU & authentication sent & received through IF or TP modules SecOC uses Cal or Csm RTE-interface Authentication: or signature CAL CSM SWC/Application RTE SecOC PDUR COM SYS COM IF/TP LIB MCAL CDD Microcontroller 24/40

25 SecOC Functionality ECU 1 ECU 3 Secured PDU BUS 25/40 SecOC sends & receives secured PDUs Secured PDUs are protected against Manipulation Random errors Replays

26 SecOC Sending a secured PDU ECU 1 DataID 1 Secured PDU DataID assigned to secured PDU Authentic PDU 26/40

27 SecOC Sending a secured PDU ECU 1 DataID 1 Fresh. Value Secured PDU Freshness value Monotonic counter to prevent replay attacks Implementation Timestamp Counter 27/40

28 SecOC Sending a secured PDU ECU 1 DataID 1 Fresh. Value Generator Secured PDU DataID, PDU, freshness value form input to generator Symmetric key required for generation SecOC may use C to benefit from SHE 28/40

29 SecOC Sending a secured PDU ECU 1 DataID 1 LSBs Fresh. Value Generator Fresh. Value Secured PDU MSBs PDU, truncated freshness value, truncated form secured PDU 29/40

30 SecOC Sending a secured PDU ECU 1 DataID 1 Fresh. Value Generator Fresh. Value Secured PDU MSBs NIST Special Publication B (C) Truncated length 64 bits Truncated length must be thoroughly chosen dependent on network attributes and security requirements 30/40

31 SecOC Reception of a secured PDU DataID 1 ECU 1 Fresh. Value Generator replace LSBs Fresh. Value Secured PDU ECU 3 DataID 1 Ver. Fresh. Authentic PDU is parsed DataID must be identical for sender and receiver Truncated freshness value is synchronized to form verification freshness value 31/40

32 SecOC Reception of a secured PDU Ver. Fresh = Ver. Fresh. Fresh. Value Secured PDU ECU 3 DataID 1 Ver. Fresh. Verification freshness value stored freshness value (replay attacks) If not: Increment MSBs of verification freshness value Synchronization between sender and receiver 32/40

33 SecOC Reception of a secured PDU DataID 1 ECU 1 Fresh. Value Generator Fresh. Value Secured PDU compare DataID 1 ECU 3 Fresh. Value Generator DataID, PDU, verification freshness form input to generator Symmetric key must be identical for sender and receiver MSBs of calculated are compared to truncated If successful, PDU is forwarded If not, PDU is dropped 33/40

34 SecOC System Configuration ECU 1 ECU 2 ECU 3 PDU 2 PDU 2 PDU 3 PDU 3 BUS 34/40

35 SecOC System Configuration ECU 1 ECU 2 ECU 3 PDU 2 PDU 2 PDU 3 PDU 3 BUS 35/40

36 SecOC System Configuration ECU 1 ECU 2 ECU 3 DataID 1 DataID 1 DataID 1 DataID 2 DataID 2 PDU 2 PDU 2 PDU 3 PDU 3 BUS Assignment of DataIDs to the to-be-secured PDUs 36/40

37 SecOC System Configuration ECU 1 ECU 2 ECU 3 DataID 1 DataID 1 DataID 1 Fresh. Value Fresh. Value Fresh. Value DataID 2 DataID 2 PDU 2 Fresh. Value PDU 2 Fresh. Value PDU 3 PDU 3 BUS Specification of the layout of the secured PDU 37/40

38 SecOC System configuration ECU 1 ECU 2 ECU 3 DataID 1 DataID 1 DataID 1 Fresh. Value Fresh. Value Fresh. Value DataID 2 DataID 2 PDU 2 Fresh. Value PDU 2 Fresh. Value PDU 3 PDU 3 BUS Assignment of keys to the secured PDUs Initial keying Re-keying 38/40

39 SecOC System configuration ECU 1 ECU 2 ECU 3 DataID 1 DataID 1 DataID 1 Fresh. Value Fresh. Value Fresh. Value DataID 2 DataID 2 PDU 2 Fresh. Value PDU 2 Fresh. Value PDU 3 PDU 3 ECU1_Extract ECU2_Extract ECU3_Extract 39/40

40 For more information about Vector and our products please visit Author: Philipp Werner, Armin Happel, Ralf Fritz, Steffen Keul Vector Informatik GmbH Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

From Signal Routing to complete AUTOSAR compliant CAN design with PREEvision (II)

From Signal Routing to complete AUTOSAR compliant CAN design with PREEvision (II) From Signal Routing to complete AUTOSAR compliant CAN design with PREEvision (II) RELEASED V0.01 2014-12-02 Agenda PREEvision AUTOSAR Webinar Part I AUTOSAR System and Software Design with PREEvision The

More information

Safety and security related features in AUTOSAR

Safety and security related features in AUTOSAR Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22

More information

Safety and Security Features in AUTOSAR

Safety and Security Features in AUTOSAR Safety and Security Features in AUTOSAR Nagarjuna Rao Kandimala, Michal Sojka Czech Technical University in Prague 166 27 Praha 6, Czech Republic Thursday 15 th November, 2012 Contents 1 Introduction 2

More information

AUTOSAR Configuration Process - How to handle 1000s of parameters

AUTOSAR Configuration Process - How to handle 1000s of parameters AUTOSAR Configuration Process - How to handle 1000s of parameters Webinar 2013-04-19 V2.0 2013-04-18 Agenda >Introduction AUTOSAR ECU Configuration Description ECU Configuration Workflow Multi-User Workflow

More information

Embedding Trust into Cars Secure Software Delivery and Installation

Embedding Trust into Cars Secure Software Delivery and Installation Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop

More information

SHE Secure Hardware Extension

SHE Secure Hardware Extension SHE Secure Hardware Extension Data Security for Automotive Embedded Systems Workshop on Cryptography and Embedded Security Embedded World @ Nuremberg, February 2012 Content Data Security - What does it

More information

UM0586 User manual. STM32 Cryptographic Library. Introduction

UM0586 User manual. STM32 Cryptographic Library. Introduction User manual STM32 Cryptographic Library Introduction This manual describes the API of the STM32 cryptographic library (STM32-CRYP-LIB) that supports the following cryptographic algorithms: AES-128, AES-192,

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions September 2013 Silicon Support & Professional Eng. Services Customer Experience Freescale Provided SW & Solutions Provide Valued Software, Support & Professional Engineering Services, Competitively 2 Customer

More information

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at Embedded Software for FlexRay Systems Special aspects and benefits of implementing modularized software Standardized software components will help in mastering the growing complexity of the interplay of

More information

Embedded OS. Product Information

Embedded OS. Product Information Product Information Table of Contents 1 Operating Systems for ECUs... 3 2 MICROSAR.OS The Real-Time Operating System for the AUTOSAR Standard... 3 2.1 Overview of Advantages... 3 2.2 Properties... 4 2.3

More information

SkyRecon Cryptographic Module (SCM)

SkyRecon Cryptographic Module (SCM) SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.

More information

User-friendly Configuration of AUTOSAR ECUs with Specialized Software Tools

User-friendly Configuration of AUTOSAR ECUs with Specialized Software Tools User-friendly Configuration of AUTOSAR ECUs with Specialized Software Tools The simple CAN ECU is a thing of the past. Now, a typical ECU utilizes many functions of the AUTOSAR basic software to perform

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Product Information Services for Embedded Software

Product Information Services for Embedded Software Product Information Services for Embedded Software Table of Contents 1 Technical Consulting/Engineering Services... 3 1.1 Overview of Advantages... 3 1.2 Application Areas... 3 2 Product- Services - Proficient

More information

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0 ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0 Dhanamjayan P.R. 1, Kuruvilla Jose 2, Manjusree S. 3 1 PG Scholar, Embedded Systems, 2 Specialist,

More information

Do AUTOSAR and functional safety rule each other out?

Do AUTOSAR and functional safety rule each other out? Software development Do AUTOSAR and functional safety rule each other out? While simplicity is a factor in safety-critical applications, AUTOSAR has over 6,000 configuration parameters and well over 100,000

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128 SPC5 Software Cryptography Library Data brief SHA-512 Random engine based on DRBG-AES-128 RSA signature functions with PKCS#1v1.5 ECC (Elliptic Curve Cryptography): Key generation Scalar multiplication

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems. Robert Leibinger 5 th June 2015

AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems. Robert Leibinger 5 th June 2015 AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems Robert Leibinger 5 th June 2015 Agenda Architecture requirements for ADAS ECU Overview of different architecture approaches Compare and contrast

More information

AUTOSAR Software Architecture

AUTOSAR Software Architecture AUTOSAR Software Architecture Robert Warschofsky Hasso-Plattner-Institute für Softwaresystemtechnik Abstract. AUTOSAR supports the re-use of software and hardware components of automotive electronic systems.

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009 Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer October 2009 Jennic highlights Jennic is a fabless semiconductor company providing Wireless Microcontrollers to high-growth

More information

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN By Paul Stevens, Advantech Network security has become a concern not only for large businesses,

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version 2.42. www.northropgrumman.

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version 2.42. www.northropgrumman. Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services FIPS Security Policy Version 2.42 www.northropgrumman.com/m5/ SCS Linux Kernel Cryptographic Services Security Policy Version

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

IoT Security Concerns and Renesas Synergy Solutions

IoT Security Concerns and Renesas Synergy Solutions IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

M-Shield mobile security technology

M-Shield mobile security technology Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a

More information

BMW Car IT GmbH. AUTOSAR - First Experiences and the Migration Strategy of the BMW Group

BMW Car IT GmbH. AUTOSAR - First Experiences and the Migration Strategy of the BMW Group BMW Car IT GmbH. - First Experiences and the Migration Strategy of the BMW Group Dr. Christian, BMW Car IT Page 2 - First Experiences. Overview. 1. Focus of this talk: Model based development under the

More information

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Vehicular Security Hardware The Security for Vehicular Security Mechanisms escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security

More information

Plug and Play Solution for AUTOSAR Software Components

Plug and Play Solution for AUTOSAR Software Components Plug and Play Solution for AUTOSAR Software Components The interfaces defined in the AUTOSAR standard enable an easier assembly of the ECU application out of components from different suppliers. However,

More information

In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that. plays a key role. J1939 networks are based on the CAN bus (high-speed

In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that. plays a key role. J1939 networks are based on the CAN bus (high-speed Networking Heavy-Duty Vehicles Based on SAE J1939 From Parameter Group to plug-and-play Application In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that plays a key role. J1939 networks

More information

Modeling and verification of security protocols

Modeling and verification of security protocols Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

NXP & Security Innovation Encryption for ARM MCUs

NXP & Security Innovation Encryption for ARM MCUs NXP & Security Innovation Encryption for ARM MCUs Presenters Gene Carter- International Product Manager, NXP Semiconductors Gene is responsible for marketing of the ARM7 and Cortex-M3 microcontrollers.

More information

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage

More information

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC 1 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

More information

Performance Investigations. Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015

Performance Investigations. Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015 Performance Investigations Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015 1 Motivation In we tried to provide guidance for the use of DTLS (TLS) when used in

More information

Measurement and Analysis Introduction of ISO7816 (Smart Card)

Measurement and Analysis Introduction of ISO7816 (Smart Card) Measurement and Analysis Introduction of ISO7816 (Smart Card) ISO 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, managed jointly by

More information

IPsec Details 1 / 43. IPsec Details

IPsec Details 1 / 43. IPsec Details Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS

More information

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy VASCO Data Security International, Inc. DIGIPASS GO-7 FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Security Level: 2 Version: 1.7 Date: August 12, 2015 Copyright VASCO Data Security

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Security in Vehicle Networks

Security in Vehicle Networks Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development

More information

Cyber Security Practical considerations for implementing IEC 62351

Cyber Security Practical considerations for implementing IEC 62351 1. Introduction Cyber Security Practical considerations for implementing IEC 62351 Frank Hohlbaum, Markus Braendle, Fernando Alvarez ABB frank.hohlbaum@ch.abb.com Switzerland Two trends are currently changing

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared

More information

APPLICATION NOTE. Atmel AT02333: Safe and Secure Bootloader Implementation for SAM3/4. Atmel 32-bit Microcontroller. Features.

APPLICATION NOTE. Atmel AT02333: Safe and Secure Bootloader Implementation for SAM3/4. Atmel 32-bit Microcontroller. Features. APPLICATION NOTE Atmel AT02333: Safe and Secure Bootloader Implementation for SAM3/4 Atmel 32-bit Microcontroller Features Getting familiar with the conception of in-field upgrading and bootloader Discussing

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Thanks, But No Thanks

Thanks, But No Thanks Thanks, But No Thanks Current Cryptographic Standards Are Sufficient for Software Dan Shumow MSR Security and Cryptography Group Microsoft Research Introduction Disclaimer: I am a Software Developer, so

More information

An introduction to AUTOSAR

An introduction to AUTOSAR An introduction to AUTOSAR AUTOSAR Consortium AUTOSAR What is AUTOSAR? AUTOSAR AUTomotive Open Systems ARchitecture Middleware and system-level standard, jointly developed by automobile manufacturers,

More information

Key & Data Storage on Mobile Devices

Key & Data Storage on Mobile Devices Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography

More information

Disk encryption... (not only) in Linux. Milan Brož mbroz@redhat.com

Disk encryption... (not only) in Linux. Milan Brož mbroz@redhat.com Disk encryption... (not only) in Linux Milan Brož mbroz@redhat.com FDE - Full Disk Encryption FDE (Full Disk Encryption) whole disk FVE (Full Volume Encryption) just some volumes (dis)advantages? + for

More information

Seminar Automotive Open Systems Architecture

Seminar Automotive Open Systems Architecture Seminar Automotive Open Systems Architecture Modeling and Development of AUTOSAR Systems using SystemDesk Sebastian Wätzoldt Hasso-Plattner-Institut for IT Systems Engineering at the University of Potsdam

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

isolar Integrated Solution for AUTOSAR

isolar Integrated Solution for AUTOSAR Integrated Solution for AUTOSAR isolar Integrated Solution for AUTOSAR 1 Integrated Solution for AUTOSAR An integrated solution for configuration of AUTOSAR compliant embedded software Supports configuration

More information

Deliverable D2.2: Specification of security services incl. virtualization and firewall mechanisms

Deliverable D2.2: Specification of security services incl. virtualization and firewall mechanisms Project acronym: OVERSEE Project title: Open Vehicular Secure Platform Project ID: 248333 Call ID: FP7-ICT-2009-4 Programme: 7th Framework Programme for Research and Technological Development Objective:

More information

Threat Model for Software Reconfigurable Communications Systems

Threat Model for Software Reconfigurable Communications Systems Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the

More information

AppliedMicro Trusted Management Module

AppliedMicro Trusted Management Module AppliedMicro Trusted Management Module Majid Bemanian, Sr. Director of Marketing, Applied Micro Processor Business Unit July 12, 2011 Celebrating 20 th Anniversary of Power Architecture 1 AppliedMicro

More information

Security Architecture (ASA)

Security Architecture (ASA) AppleÕs Security Architecture (ASA) Aram PŽrez Chief Security Architect aram@.com Apple Data Security Group Overview Apple Data Security Group Why provide a security architecture? Requirements Building

More information

Vehicular On-board Security: EVITA Project

Vehicular On-board Security: EVITA Project C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12. Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

15 th TF-Mobility Meeting Sensor Networks. Torsten Braun Universität Bern braun@iam.unibe.ch www.iam.unibe.ch/~rvs

15 th TF-Mobility Meeting Sensor Networks. Torsten Braun Universität Bern braun@iam.unibe.ch www.iam.unibe.ch/~rvs 15 th TF-Mobility Meeting Sensor Networks Torsten Braun Universität Bern braun@iam.unibe.ch www.iam.unibe.ch/~rvs Overview 2 Ubiquitous Computing > Vision defined by Mark Weiser in 1991 Seamless integration

More information

IBM Crypto Server Management General Information Manual

IBM Crypto Server Management General Information Manual CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.

More information

Chapter 13. PIC Family Microcontroller

Chapter 13. PIC Family Microcontroller Chapter 13 PIC Family Microcontroller Lesson 01 PIC Characteristics and Examples PIC microcontroller characteristics Power-on reset Brown out reset Simplified instruction set High speed execution Up to

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Cryptography and Key Management Basics

Cryptography and Key Management Basics Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

Security Policy for FIPS 140 2 Validation

Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise Windows Server 2012 R2 Windows Storage Server 2012 R2 Surface

More information

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG 29.10.2012, Moscow

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG 29.10.2012, Moscow PikeOS: Multi-Core RTOS for IMA Dr. Sergey Tverdyshev SYSGO AG 29.10.2012, Moscow Contents Multi Core Overview Hardware Considerations Multi Core Software Design Certification Consideratins PikeOS Multi-Core

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014 Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution

More information

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology

More information

AN3270 Application note

AN3270 Application note Application note Using the STM8L16x AES hardware accelerator Introduction The purpose of cryptography is to protect sensitive data to avoid it being read by unauthorized persons. There are many algorithms

More information

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras Cryptography & Network Security Introduction Chester Rebeiro IIT Madras The Connected World 2 Information Storage 3 Increased Security Breaches 81% more in 2015 http://www.pwc.co.uk/assets/pdf/2015-isbs-executive-summary-02.pdf

More information

Beschleunigen Sie die Entwicklung Ihrer Embedded Software mit Dienstleistungen von Vector

Beschleunigen Sie die Entwicklung Ihrer Embedded Software mit Dienstleistungen von Vector Beschleunigen Sie die Entwicklung Ihrer Embedded Software mit Dienstleistungen von Vector Vector Embedded Software 2013 V1.3.0 2013-04-04 Your Presenters Today Michael Buck Manager Product Services / Technical

More information

Secure Hardware PV018 Masaryk University Faculty of Informatics

Secure Hardware PV018 Masaryk University Faculty of Informatics Secure Hardware PV018 Masaryk University Faculty of Informatics Jan Krhovják Vašek Matyáš Roadmap Introduction The need of secure HW Basic terminology Architecture Cryptographic coprocessors/accelerators

More information

Architectures and Platforms

Architectures and Platforms Hardware/Software Codesign Arch&Platf. - 1 Architectures and Platforms 1. Architecture Selection: The Basic Trade-Offs 2. General Purpose vs. Application-Specific Processors 3. Processor Specialisation

More information

EnergyAxis System: Security for the Smart Grid

EnergyAxis System: Security for the Smart Grid Security for the Smart Grid 2010 by Elster All rights reserved. No part of this document may be reproduced, transmitted, processed or recorded by any means or form, electronic, mechanical, photographic

More information

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication 01PC-422 Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication Pascal Jost IAS, University of Stuttgart, Germany Stephan Hoffmann Vector CANtech Inc., USA Copyright

More information

KeyStone Architecture Security Accelerator (SA) User Guide

KeyStone Architecture Security Accelerator (SA) User Guide KeyStone Architecture Security Accelerator (SA) User Guide Literature Number: SPRUGY6B January 2013 Release History www.ti.com Release Date Description/Comments SPRUGY6B January 2013 Added addition engine

More information

BlackBerry Enterprise Solution

BlackBerry Enterprise Solution BlackBerry Enterprise Solution Security Technical Overview for BlackBerry Enterprise Server Version 4.1 Service Pack 5 and BlackBerry Device Software Version 4.5 2008 Research In Motion Limited. All rights

More information

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst. Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message

More information

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0 Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.0 Prepared for: Prepared

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

BroadSAFE Enhanced IP Phone Networks

BroadSAFE Enhanced IP Phone Networks White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls

More information

Configuration management in AUTOSAR

Configuration management in AUTOSAR Configuration management in AUTOSAR The need for efficient process tools for Automotive System Engineering V0.01 2008-11-02 Introduction AUTOSAR will influence the ECU SW Architecture and also the way

More information

From Diagnostic Requirements to Communication

From Diagnostic Requirements to Communication From Diagnostic Requirements to Communication Standardization is the Trend in the Development of Automotive Electronics A key aim of open architectures, configurable components and harmonized exchange

More information

Freescale Variable Key Security Protocol Transmitter User s Guide by: Ioseph Martínez and Christian Michel Applications Engineering - RTAC Americas

Freescale Variable Key Security Protocol Transmitter User s Guide by: Ioseph Martínez and Christian Michel Applications Engineering - RTAC Americas Freescale Semiconductor User s Guide VKSPTXUG Rev. 0, 06/2008 Freescale Variable Key Security Protocol Transmitter User s Guide by: Ioseph Martínez and Christian Michel Applications Engineering - RTAC

More information