Secure Software Delivery and Installation in Embedded Systems



Similar documents
Embedding Trust into Cars Secure Software Delivery and Installation

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Security in Vehicle Networks

Safety and security related features in AUTOSAR

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Using BroadSAFE TM Technology 07/18/05

Instructions on TLS/SSL Certificates on Yealink Phones

RSA Authentication for Secure Flashing of Automotive ECUs

Patterns for Secure Boot and Secure Storage in Computer Systems

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

OBM (Out of Band Management) Overview

CA Performance Center

Threat Model for Software Reconfigurable Communications Systems

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

MovieLabs Specification for Enhanced Content Protection Version 1.0

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

How To Write A Transport Layer Protocol For Wireless Networks

Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Network Security Protocols

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Introduction to Network Security Key Management and Distribution

Information Security

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Secure Data Transfer

Security for Ubiquitous and Adhoc Networks

ETHERNET ENCRYPTION MODES TECHNICAL-PAPER

MDI FAQ. Version 8.1.0a Page 1 of 16

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Local Interconnect Network Training. Local Interconnect Network Training. Overview

Chapter 17. Transport-Level Security

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Efficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

Current and Future Research into Network Security Prof. Madjid Merabti

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Q: Why security protocols?

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

Credential Management for Cloud Computing

CRYPTOGRAPHY AS A SERVICE

Cryptography and Key Management Basics

Using PI to Exchange PGP Encrypted Files in a B2B Scenario

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Updating Car ECUs Over-The-Air (FOTA) White Paper

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

Secure Data Management in Trusted Computing

Property Based TPM Virtualization

Securing MANET Using Diffie Hellman Digital Signature Scheme

Overview. SSL Cryptography Overview CHAPTER 1

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Link 2 Vehicle Maintenance System

Introduction to RACE FUELS Hans-Christian von der Wense Munich, Germany

A Survey on Optimistic Fair Digital Signature Exchange Protocols

Business Issues in the implementation of Digital signatures

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

OFTP 2 Secure Data Exchange Via the Internet

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

HP Data Protector Integration with Autonomy LiveVault

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

TPM Key Backup and Recovery. For Trusted Platforms

Security vulnerabilities in the Internet and possible solutions

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

MS-55096: Securing Data on Microsoft SQL Server 2012

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Caught in the Maze of Security Standards

Ciphire Mail. Abstract

How To Make A Trustless Certificate Authority Secure

Den Gode Webservice - Security Analysis

Digital Rights Management Demonstrator

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

Key Management and Distribution

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Cryptography and Network Security Chapter 14

DIGIPASS CertiID. Getting Started 3.1.0

Laptops on 4 wheels. New service processes for the automotive industry. Marko Weiße ProSTEP ivip Symposium

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Network Security Technology Network Management

A secure login system using virtual password

Transcription:

Secure Software Delivery and Installation in Embedded Systems André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi Horst-Görtz-Institute, Bochum, Germany ISPEC 2005 Presentation Singapore, April 13, 2005

HW* and SW* will become separate products within an embedded system, thus providing an additional revenue source to SW providers CHANGES IN THE ROLE OF SW IN AN EMBEDDED SYSTEM Current situation HW* and SW* as one product from same supplier SW updates mainly necessary for warrantybased replacement of defective SW No revenues for SW provider due to warranty obligations Expected future situation HW and SW as separate products, potentially from different suppliers In addition, SW updates attractive due to new and/or enhanced functionality Additional revenue source for SW provider due to valueadded and customers' willingness to pay * HW: hardware, SW: software 1

There are four major difficulties when a provider installs a SW update in a vehicle DIFFICULTIES WITH SW UPDATES IN A VEHICLE Service provider needs specific equipment, e.g., diagnostic tester, and skills Service providers have different skill sets Compatibility among SW components is not self-evident due to number of ECUs High economic value of vehicle and failure consequences induce tough requirements 2

The system model contains five different roles which correspond with current players in the automotive industry ROLES IN THE SYSTEM MODEL AND THEIR COUNTERPARTS IN THE AUTOMOTIVE INDUSTRY OEM* Develops and assembles the user platform in cooperation with his suppliers Automotive counterpart: car manufacturers such as Daimler Chrysler, GM, Toyota, etc. Installation Service Provider (ISP) Maintains the user platform via HW repair/replacement and SW installation with specific equipment Automotive counterpart: car dealers, garages, road service teams, etc. SW User platform (UP) Is an embedded system which consists of several components whose SW can be updated Automotive counterpart: car Installation services SW Licenses Software Application Programmer (SAP) Develops and distributes SW components for the user platform in the form of updates and/or upgrades Automotive counterpart: suppliers such as Bosch, Delphi, Denso, Siemens, Visteon, etc. Additional role: Trusted Third Party (TTP) License Provider (LP) Generates licenses for SW from OEM and SAPs, distributes them to user platforms via ISPs Automotive counterpart: not existing or assumed by OEMs and SAPs * Overall Equipment Manufacturer 3

There are many scenarios which lead to damage to an innocent party, four of which we detail FOUR EXEMPLARY SCENARIOS LEADING TO DAMAGE TO INNOCENT PARTIES EXAMPLES 1 SW is not authentic 2 ISP* is not qualified An honest garage installs a supposedly correct SW component for the ABS The adversary has replaced the SW component with a defective one The car fails, leading to an accident An unqualified garage installs SW for the airbags Due to wrong parameterization, the airbags do not trigger off properly The victim sues the OEM* 3 Innocent ISP is accused 4 SAP* is discriminated A SW component has a known error which might lead to a short circuit and set fire A malicious car owner burns his car and accuses his innocent garage of having installed the SW component An honest SAP develops a SW component The OEM has a SW component with identical functionality, but higher price The OEM configures each car such that only his SW can be installed * ISP: Installation Service Provider, OEM: Overall Equipment Manufacturer, SAP: Software Application Programmer 4

Each role in the system model has specific requirements regarding any software installation REQUIREMENTS OF ALL ROLES IN THE SYSTEM MODEL OEM Correctness Rights enforcement Compatibility enforcement ISP clearance enforcement Confidentiality Integrity Installation Service Provider (ISP) Correctness Non-repudiation Clearance enforcement Non-discrimination Frame-proofness User Correctness Non-repudiation Unique installation origin Authenticity Software Application Programmer (SAP) All OEM requirements Non-discrimination License Provider (LP) Non-repudiation 5

Three basic protocols are a prerequisite of any SW installation SYSTEM SETUP THREE BASIC PROTOCOLS PRECEDING ANY SW INSTALLATION 1 Assignment of clearance levels to ISPs ISP* TTP* ClearReq() 2 Certification of SW components OEM/SAP* SWSub() s enc =Enc PKBE (s), σ comm =PropComm() req clear ξ clear req sw ξ sw, σ integer ClearIss() TTP SWIss() Distribution of SW over broadcast channel OEM/SAP (s enc, ξ sw, σ comm, R lic ) ISPs X Message flow Party X participates in protocol SW installation protocol can start 3 Distribution of SW licenses ISP LicReq() req lic γ lic LP* LicIss() Based on asymmetric cryptography * ISP: Installation Service Provider, TTP: Trusted Third Party, SAP: Software Application Programmer, LP: License Provider 6

In the SD scheme, each receiver obtains the keys just off his key path within each subtree BROADCAST ENCRYPTION: KEYS OF AN EXEMPLARY USER IN THE SUBSET DIFFERENCE SCHEME Exemplary user U 5 Key, stored by U 5 Tree of level 0 (root) Subtrees of level i i = 0 i = 1 i = 2 i = 3 Example with n = 16 users and tree height log 2 n = 4 U 5 U 5 U 5 U 5 No. of stored keys 4 3 2 1 Σ 10 Source: The LSD Broadcast Encryption Scheme, CRYPTO 2002, LNCS 2442, pp. 47-60 7

Compared to SD*, the basic LSD** scheme significantly reduces the storage requirements of the users by slightly increasing the message header length COMPARISON OF SD* AND BASIC LSD** PERFORMANCE PARAMETERS Main difference n Number of users SD r Number of revoked users User storage : O(log 2 n) Example : 406 keys for 2 28 users Message header : O(r) User computation : O(log n) Basic LSD User storage Example Message header : O(log 3/2 n) : 146 keys for 2 28 users : O(2 r) = O(r) User computation : O(log n) * Subset difference ** Layered subset difference, not lysergic acid diethylamide Source: The LSD Broadcast Encryption Scheme, CRYPTO 2002, LNCS 2442, pp. 47-60 8

A SW installation consists of four basic steps FOUR STEPS OF A SW INSTALLATION UP* ISP* 1 SW request: SWReq(k,m,r n ) σ req 2 SW delivery: SWDel(s enc, γ lic )** 3 Installation ExtInstConf(γ lic, ind) confirmation: σ inst σ conf SW installation succeeded 4 Acknowledgment of confirmation: σ ack ConfAck (σ conf ) Based on asymmetric cryptography * UP: User Platform, ISP: Installation Service Provider ** In order to execute SWDel(), the ISP must have executed LicReq() and received γ lic 9

In each step of a SW installation, the party in charge verifies several necessary conditions NECESSARY CONDITIONS FOR EACH SW INSTALLATION STEP (1/2) 1 Conditions for a user platform to issue a SW request User platform and SW are compatible ISP* has sufficient clearance level All certificates match SW certificate ξ SW is authentic, i.e., generated by the TTP* Property commitment σ comm is authentic, i.e., generated by the SW provider Clearance level certificate is authentic, i.e., generated by the TTP Main criteria Compatibility, clearance enforcement, and authenticity 2 Conditions for an ISP to deliver a SW installation package SW request is authentic, i.e., generated by the user platform The set of requested rights is a subset of the allowed usage rights of the SW, i.e., does not violate the terms and conditions License provider issues a valid license ISP possesses the requested SW User platform has a valid ID Authenticity, rights enforcement, and soundness * ISP: Installation Service Provider, TTP: Trusted Third Party 10

In each step of a SW installation, the party in charge verifies several necessary conditions NECESSARY CONDITIONS FOR EACH SW INSTALLATION STEP (2/2) 3 Conditions for a user platform to deliver an installation confirmation SW installation package is authentic, i.e., generated by the ISP* License is authentic, i.e., generated by the LP, and grants the requested rights SW is integer, i.e., identical to the SW which the TTP certified Decryption of SW succeeds Internal installation in target component succeeds (details follow) Main criteria Authenticity, integrity and soundness 4 Conditions for an ISP to deliver an acknowledgment Installation confirmation is authentic, i.e., generated by the user platform Installation result was "success" Authenticity and soundness * Installation Service Provider 11

The user platform has an internal structure consisting of three elements: a trusted component, regular components and an internal communication network INTERNAL STRUCTURE OF THE USER PLATFORM Internal communication network User Platform OEM SAP u 0 : trusted component based on trusted computing HW u 0 UP ISP LP u 1 u 2 u n u i : regular low cost component 12

Internally, a SW installation within a user platform consists of three basic steps THREE INTERNAL STEPS OF A SW INSTALLATION WITHIN A USER PLATFORM u 0: Trusted component u i : Target component 1 i n u 0 u i 1 Installation instruction: Install_Instr(i,m,s enc ) mac 0 i 2 Installation IntInstConf(m) confirmation: mac i 0 SW installation succeeded internally 3 Usage UseInstr(i,m, p n ) instruction: mac 0 i Based on symmetric cryptography 13

The paper makes two major contributions CONCLUSION: TWO MAJOR CONTRIBUTIONS OF THE PAPER Requirements model for SW installation in embedded systems Major roles included in requirements model Compatibility of SW components and skill set of ISPs considered Basic license and DRM scheme Secure installation protocol meeting the requirements Public Key Broadcast Encryption (PKBE) for achieving non-discrimination Trusted Computing for achieving trust in user platform with little additional hardware Security analysis in Technical Report Open Problem Reduced need for TTP in setup phase by aggregating the PKBE key material bottom-up 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information