Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Similar documents
Hardware Security Modules for Protecting Embedded Systems

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

Hardware Security for Trustworthy C2X Applications Marko Wolf

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Vehicular On-board Security: EVITA Project

Automotive and Industrial Data Security

Embedded Security for Modern Building Automation Systems

Embedding Trust into Cars Secure Software Delivery and Installation

SHE Secure Hardware Extension

Secure Key Management A Key Feature for Modern Vehicle Electronics

The relevance of cyber-security to functional safety of connected and automated vehicles

Security in Vehicle Networks

Automotive Software Development Challenges Virtualisation and Embedded Security

Design, Implementation, and Evaluation of a Vehicular Hardware Security Module

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Safety and security related features in AUTOSAR

Secure Data Management in Trusted Computing

Secure Hardware PV018 Masaryk University Faculty of Informatics

HOW SECURE ARE CURRENT MOBILE OPERATING SYSTEMS?

IoT Security Platform

Embedded Java & Secure Element for high security in IoT systems

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Security risk analysis approach for on-board vehicle networks

Automotive Software Engineering

Technical Brief Distributed Trusted Computing

Pervasive Computing und. Informationssicherheit

Patterns for Secure Boot and Secure Storage in Computer Systems

Using BroadSAFE TM Technology 07/18/05

Threat Model for Software Reconfigurable Communications Systems

Hardware and Software Design for Automotive Security

Trusted Platforms for Homeland Security

Cisco Trust Anchor Technologies

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Virtualization Technologies for Cars Solutions to increase safety and security of vehicular ECUs

On Security Evaluation Testing

The Reduced Address Space (RAS) for Application Memory Authentication

A Security Architecture for Multipurpose ECUs in Vehicles

Security architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015

Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

PUF Physical Unclonable Functions

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Secure Software Delivery and Installation in Embedded Systems

IoT Security Concerns and Renesas Synergy Solutions

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Problems of Security in Ad Hoc Sensor Network

Building Blocks Towards a Trustworthy NFV Infrastructure

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

M2M For industrial and automotive

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

In-Vehicle Networking

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

Credential Management for Cloud Computing

Investigation and Development of a Hypervisor-based Security Architecture utilising a State-of-the-art Hardware Trust Anchor

UNCLASSIFIED Version 1.0 May 2012

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

System Security Solutions for the connected world.

Safety and Security Features in AUTOSAR

Chapter 1: Introduction

Applied and Integrated Security. C. Eckert

Smartcard IC Platform Protection Profile

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

CS252 Project An Encrypted File System using TPM

APPLIED AND INTEGRATED SECURITY

Hardware in the Loop (HIL) Testing VU 2.0, , WS 2008/09

for Vehicle Cyber Security

Automotive Security Testing - The Digital Crash Test

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Security IC Platform Protection Profile

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

CoProcessor Design for Crypto- Applications using Hyperelliptic Curve Cryptography

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

SECURITY INFRASTRUCTURE Standards and implementation practices for protecting the privacy and security of shared genomic and clinical data

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cyber-Security in the Connected Car Age

Security in Automotive Applications

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

M-Shield mobile security technology

ELEC 5260/6260/6266 Embedded Computing Systems

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Side Channel Analysis and Embedded Systems Impact and Countermeasures

siemens.com/tolling Back-office system Sitraffic Sensus Server Supplies all front-end data. Suitable for any GNSS tolling back-office.

EMV-TT. Now available on Android. White Paper by

Transcription:

escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security in Cars Conference (escar), Hamburg, November 18 th, 2009 escrypt GmbH Lise-Meitner-Allee 4 44801 Bochum The work is co-financed by the European Commission through the 7th framework program. phone: +49(0)234 43 870 209 fax: +49(0)234 43 870 211

The need for vehicular security Possible attacks in a vehicular environment Steal the vehicle or a valuable component Circumvent restrictions in hardware or software functionality (e.g., speed locks, feature activation, software updates) Manipulate financially, legally, or warranty relevant vehicular components (e.g., toll devices, digital tachograph, chip tuning) Spy on manufacturer's expertise and intellectual property (e.g., counterfeits, industrial espionage) Violate privacy issues (e.g., contacts, last trips) Impersonate (e.g., electronic license plate) Misuse external communication (e.g., disturb, misuse, harm) Harm passengers, destroy OEM s reputation (e.g., safety attacks) Strong need for reliable security mechanisms! 18.11.2008 Folie 2 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

The security of security mechanisms Why applying standard solutions won t work Beyond standard attacks.. o Insider attacks o Offline attacks o Physical attacks Many different attackers and attacking incentives Many different attack points Vehicular IT is client/server, embedded and mobile world Standard security solutions won t work! 18.11.2008 Folie 3 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

The security of security mechanisms Trust in security mechanisms Trust SW security Hardware security System security Organizational security Organizational attacks (e.g., social engineering) can be prevented by well-thought security processes, secure infrastructures and organizational security policies Logical attacks (e.g., cryptographic weaknesses or weak APIs) can be prevented by a secure well-thought security system design and adequate security protocols Software attacks (e.g., weak OS mechanisms or malware) can be prevented by reliable software security mechanisms (e.g., secure init, secure RTEs) and the application of hardware security mechanisms that protect & enforce security of software mechanisms Hardware attacks (e.g., security artifacts manipulations/read-out, physical locks, sidechannels etc.) can be prevented by hardware tamper-protection measures 18.11.2008 Folie 4 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Vehicular Security Hardware What security hardware can help Protects software security mechanisms by Providing a trustworthy security anchor for upper SW layers Secure generation, secure storage, and secure processing of security-critical material shielded from all pot. malicious SW Prevents hardware tampering attacks by Applying tamper-protection measures Accelerates security mechanisms by Applying cryptographic accelerators Reduces security costs on high volumes by Applying highly optimized special circuitry instead of general purpose hardware 18.11.2008 Folie 5 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Engineering a Vehicular Security Hardware Quick Requirements analysis Security Requirements o High level: creation, storage, management & processing of security artifacts (e.g., keys, certificates, random numbers), authentications schemes, secure timer (e.g., clock, counter) o Low level: symmetric engine, asymmetric engine, hash function, TRNG, secure storage o Physical level: Physical coupling, tamper-evidence, tamper-resistance, tamper-response, and side-channel resistance Functional Requirements o Latency and band width o Memory, space, and performance o Interface compatibility, security updates o Physical stress Other requirements o Costs o Patents and export restrictions Security requirements Cost restrictions Functional requirements Physical requirements o Certification reg. safety (IEC 61508, SIL etc.) and security (e.g., FIPS 140, Common Criteria) 18.11.2008 Folie 6 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Vehicular Security Hardware What is the current situation? Proprietary and single-purpose hardware security solutions in vehicular environments, for example: o Immobilizer o Digital tachograph o Toll Collect OBU General-purpose hardware security modules for nonautomotive environments, for example: o IBM cryptographic coprocessor o Cryptographic smartcards o Trusted Platform Module o Mobile Trusted Module Are where any solutions for vehicular security HW? 18.11.2008 Folie 7 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

E-safety Vehicle Intrusion protected Application EVITA project objectives Powerful ECU security hardware extension that:.. aims at designing, verifying, and prototyping an architecture for automotive onboard networks where security-relevant components are protected against tampering and sensitive data are protected against compromise. Prevent or at least detect malicious malfunction of in-vehicle e- safety applications Detect manipulated information from external entities Design and verify a ECU security architecture, including o ECU hardware security extension o ECU software security components o corresponding (e-safety) security protocols Implement, demonstrate and validate ECU security architecture for practicability 18.11.2008 Folie 8 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

E-safety Vehicle Intrusion protected Application EVITA background information Objective: Automotive capable security hardware ( automotive TPM ) for enabling a vehicular security architecture protecting e-safety V2X communications (e.g., emergency break, ecall) Program: FP7-ICT-2007 of the European Community (EC) Partners: BMW, Bosch, Continental, escrypt, EURECOM, Fraunhofer, Fujitsu, Infineon, Institut TELECOM, KU Leuven, MIRA, TRIALOG from Belgium, France, Germany, Sweden, UK Duration: 36 months (July 2008 June 2011) Total cost: 6 million Further information: www.evita-project.org 18.11.2008 Folie 9 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

E-safety Vehicle Intrusion protected Application EVITA ECU security architecture E-safety application layer Security layer Microkernel and basic software layer Microcontroller abstraction layer Microcontroller hardware layer Security hardware 18.11.2008 Folie 10 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

E-safety Vehicle Intrusion protected Application EVITA microcontroller security extension Microcontroller 18.11.2008 Folie 11 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

E-safety Vehicle Intrusion protected Application EVITA project work plan / milestones Work plan o 2008: Security requirements analysis o 2009: Secure on-board architecture design o 2010: Reference implementation in SW & HW o 2010: Prototyped-based demonstration (lab car) o 2011: Publication as open specification 18.11.2008 Folie 12 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

ECU Trusted Module (ETM) Enabling a holistic vehicular sec. architecture EVITA security extension in every ECU? Surely not! Standardized, minimized ECU hardware security module o Protect simpler less security-critical ECUs such as sensor & actuators o Prevent software attacks and some hardware attacks (e.g., root artifacts) o Capable to interact securely w/ higher level security HW (e.g., EVITA) Vehicular equivalent to TCG s Mobile Trusted Module (MTM) o Hardware/software co-design for maximum on compatibility & flexibility (e.g., pure chip, hardware anchor + support software, pure software) o Secure boot for integrity protection o Protected (root) security artifacts processing and storage o Secure (in-vehicle) communication (Int. + opt. Auth./Conf.) o Unique ECU identification 18.11.2008 Folie 13 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

ECU Trusted Module (ETM) Enabling a holistic vehicular sec. architecture Security requirements o Non-detachable connected with ECU hardware o Minimal immutable core root of trust code o Minimal internal non-volatile memory for storing root security artifact(s) o Isolated security processing environment, e.g., Additional parallel environment (e.g., dedicated RAM and µc) Physical isolation mechanism (e.g., ARM TrustZone) Strictly logical isolated environment (e.g., microkernel) o Security enabled ECU processor and software stack o Only standardized, established security algorithms (e.g., NIST, FIPS, BSI) o 18.11.2008 Folie 14 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

ECU Trusted Module (ETM) Enabling a holistic vehicular sec. architecture Other requirements o Physical stress resistance and other functional demands (latency etc.) o Compatibility with other (higher-level) security modules and security mechanisms and with existing ECU microprocessor architectures o Standardized security classification according to the individual requirements to enable comprehensive flexible architectures, e.g., Security level I: Pure software application Security level II: Key security artifacts shielded Security level III: All security functionality shielded Security level IV: Tamper-protection o Open and patent free specifications for cost-effective OEM-wide application 18.11.2008 Folie 15 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Strong Vehicular Security Architectures Coupling ETM and EVITA enabled ECUs Powerful EVITA extension in 2-4 central multi-purpose ECUs o Central gateway o Immobilizer o Engine control o Front/rear module Small ETM in less, but security-critical client ECUs o Critical sensors: e.g., wheel, acceleration, pedal sensors o Critical actuator: e.g., breaks, door locks, turn signal indicator o Critical small ECU: e.g., GPS module, lighting, clock Secure cooperation of small ETM and powerful EVITA security extensions allows to create a cost-effective, flexible, and holistic vehicular security architecture 18.11.2008 Folie 16 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Strong Vehicular Security Architectures Coupling ETM and EVITA enabled ECUs Vehicular applications Cars & infrastructures ECU masters ECU clients EVITA enabled infrastructure EVITA enabled ECU ETM enabled ECU Secure V2X application EVITA enabled vehicle EVITA enabled vehicle EVITA enabled ECU ETM enabled ECU ETM enabled ECU 18.11.2008 Folie 17 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Conclusions and Outlook Standardized security hardware is essential for the security of vehicular security mechanisms Vehicular security hardware helps preventing almost all software attacks and many physical attacks Automotive proof security hardware (or even standards) currently not available (neither low-level nor high-level) However, open ETM and EVITA prototypes could be promising opportunities to act as effective, trustworthy and costeffective hardware security anchors in vehicular environments 18.11.2008 Folie 18 Marko Wolf, escrypt - Embedded Security GmbH: Vehicular Security Hardware. Embedded Security in Cars 2008.

Dr.-Ing. Marko Wolf Senior Engineer mwolf@escrypt.com Dipl.-Psych. Katrin Mannheims (MBA) Geschäftsführerin kmannheims@escrypt.com Dr.-Ing. Jan Pelzl Geschäftsführer jpelzl@escrypt.com Dr.-Ing. Thomas Wollinger Geschäftsführer twollinger@escrypt.com Dr.-Ing. André Weimerskirch CEO USA aweimerskirch@escrypt.com escrypt GmbH Lise-Meitner-Allee 4 44801 Bochum phone: +49(0)234 43 870 209 fax: +49(0)234 43 870 211

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information