CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules



Similar documents
Hardware Security Modules for Protecting Embedded Systems

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Embedding Trust into Cars Secure Software Delivery and Installation

M-Shield mobile security technology

SHE Secure Hardware Extension

Safety and security related features in AUTOSAR

Vehicular On-board Security: EVITA Project

Secure Key Management A Key Feature for Modern Vehicle Electronics

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

Embedded Java & Secure Element for high security in IoT systems

Side Channel Analysis and Embedded Systems Impact and Countermeasures

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

IoT Security Concerns and Renesas Synergy Solutions

Patterns for Secure Boot and Secure Storage in Computer Systems

Secure web transactions system

Pervasive Computing und. Informationssicherheit

BroadSAFE Enhanced IP Phone Networks

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Safety and Security Features in AUTOSAR

Embedded Security for Modern Building Automation Systems

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

Secure Network Communications FIPS Non Proprietary Security Policy

Secure Hardware PV018 Masaryk University Faculty of Informatics

Using BroadSAFE TM Technology 07/18/05

Technical Brief Distributed Trusted Computing

Embedded Trusted Computing on ARM-based systems

Threat Model for Software Reconfigurable Communications Systems

Security in Vehicle Networks

TPM Key Backup and Recovery. For Trusted Platforms

Automotive Software Development Challenges Virtualisation and Embedded Security

PUF Physical Unclonable Functions

Security Policy for FIPS Validation

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication

Introducing etoken. What is etoken?

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

How to Secure Infrastructure Clouds with Trusted Computing Technologies

W ith an estimated 14 billion devices connected to

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

CRYPTOGRAPHY AS A SERVICE

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Do AUTOSAR and functional safety rule each other out?

Trusted Platforms for Homeland Security

SPINS: Security Protocols for Sensor Networks

Hi and welcome to the Microsoft Virtual Academy and

Trustworthy Computing

Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions

Digital Rights Management Demonstrator

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

Secure Data Exchange Solution

Certification Report

WebSphere DataPower Release FIPS and NIST SP a support.

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

IoT Security Platform

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Key & Data Storage on Mobile Devices

Trusted Platform Module

Cyber Security Practical considerations for implementing IEC 62351

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Secure Software Delivery and Installation in Embedded Systems

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

AUTOSAR Software Architecture

Index. BIOS rootkit, 119 Broad network access, 107

PrivyLink Cryptographic Key Server *

Secure Data Management in Trusted Computing

Security in Automotive Applications

M2M For industrial and automotive

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

WIND RIVER SECURE ANDROID CAPABILITY

A Framework for Secure and Verifiable Logging in Public Communication Networks

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

OMAP platform security features

Using AES 256 bit Encryption

Cisco Trust Anchor Technologies

SENSE Security overview 2014

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

High-Performance, Highly Secure Networking for Industrial and IoT Applications

SecureDoc Disk Encryption Cryptographic Engine

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Description of the Technical Component:

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

Lecture VII : Public Key Infrastructure (PKI)

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

Pulse Secure, LLC. January 9, 2015

The Impact of Cryptography on Platform Security

Universal Flash Storage: Mobilize Your Data

SLE66CX322P or SLE66CX642P / CardOS V4.2B FIPS with Application for Digital Signature

Transcription:

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded systems that process information from different vehicle sub-systems, such as sensors or other ECUs, and control actuators to react on system events accordingly. One prominent example for ECUs is the engine control unit which is responsible for controlling a series of actuators on a combustion engine to ensure optimal engine performance. The engine's actuators are controlled based on complex system parameters, such as ignition timing, and are configured and adapted to the specific motor characteristic during vehicle production. Manipulation of these critical system parameters is an interesting attack target since manipulations may yield in modified motor characteristics which may give an attacker the ability to improve the performance of the engine. These attacks are commonly referred to as Chiptuning and are offered by an industry-wide tuning sector. The motor control unit is only one out of many ECUs which is susceptible to attacks. Other attacks on ECUs may cover the unauthorized activation of vehicle features or circumventions of the immobilizer system of a vehicle [HS11]. Due to the increased networking of ECUs and the fact that ECUs carry out more and more sensitive tasks, the attack surface and the resulting financial loss caused by a successful attack on an ECU will grow significantly in the near future. In addition, successful attacks on one ECU endanger the whole vehicle board network and can have an impact to the whole vehicle safety system, which at worst, may cause the safety-characteristics no longer being satisfied. In order to harden ECUs against attacks, security mechanisms which prevent reading out sensitive keying material and also prevent successful manipulation of the software of an ECU must be used. To provide the necessary trust primitives and resistance to physical attacks, the security mechanisms must be rooted in hardware. This approach prevents that sensitive information, e.g., cryptographic keys, are vulnerable to software attacks. Hardware Security Modules (HSM) are a promising technology to answer the requirements for such a secure hardware extensions for ECUs.

2 Automotive-qualified Hardware Security Modules Hardware Security Modules are dedicated hardware security components that encapsulate security functions and provide the necessary trust primitives. HSMs are integrated chips specifically developed and designed for security use-cases. Typically, implementations range from smart cards used for identification and authentication purposes, such as, national identification cards, to Trusted Platform Modules [Tru07] which are Hardware Security Modules for personal computers. HSMs typically consist of a CPU core, different types of data storages (e.g., RAM, ROM, Flash), a memory protection unit, a memory encryption unit, sensors, cryptographic accelerators, and further peripheral components. Most HSMs employ sophisticated countermeasures against physical attacks, such as active sensors to detect fault and glitching attacks, and also employ cryptographic implementations which are hardened against side channel attacks. However, typical Hardware Security Modules do not satisfy automotive requirements. Problematic characteristics that render integrating existing Hardware Security Modules as additional component inside of an ECU non-usable are especially: 1. High costs caused by integrating an external, additional chip inside an ECU 2. Sensitivity to attacks on the communication interface between ECU application core and HSM 3. The non-existence of debug/testing interfaces if a malfunctioned device needs to be analyzed 4. The high temperature range an automotive qualified product needs to satisfy The lack of existing technology has caused Bosch to develop an own HSM specification that satisfies automotive requirements [BGI+11]. In order to ensure a high market penetration, Bosch cooperated with the most important silicon manufacturers to ensure that the technology will be supported and implemented by a broad set of silicon manufacturers.

3 The Bosch HSM The basic architecture of the Bosch HSM is shown in Figure 1. Core of the HSM is a secure CPU where security critical tasks are executed. The HSM also possesses its own RAM, Boot ROM, AES engine as well as a True Random Number Generator (TRNG) as cryptographic peripheries. Parts of the HSM are also debug interfaces and an On-Chip Interconnect Interface which is used for communication with the host core and to access the flash. The host core is a typical automotive qualified application processor providing an execution environment for safety-critical tasks, achieved for example using additional lockstep cores. The flash is shared between host core and HSM, and the firmware both of the HSM and the host core is stored in shared flash. A memory protection unit (not shown in the figure) ensures that only the HSM is allowed to access its own HSM allocated data located in the flash. When the HSM is powered up, the local boot code is loaded from the boot ROM and the HSM is initialized with the code stored in the shared flash. The HSM provides a method to enable debugging the HSM including read out of all data stored in the flash and the internal data of the HSM (besides internal AES keys). The debug interface can only be activated internally by the HSM after a secure authentication protocol (e.g., challenge-response authentication) between the HSM and one external debugger has been performed. Figure 1: Main Components of the BOSCH HSM While the detailed realization and implementation of the HSM varies between the different silicon manufacturers, the basic concepts of providing a secure execution environment based on an additional secure core, are the same for all silicon manufacturers that provide an implementation which is compliant to the Bosch HSM.

4 HSM Security Functions The HSM implements a set of security functions which can be used to realize complex automotive security use-cases. For this purpose, the HSM offers the following primitives: AES-128 bit engine in Hardware A True Random Number Generator for secure generation of cryptographic keys Hardware-shielded protected storage for cryptographic keys or secure logging A secure system timer to realize a secure, replay protected logging Secure debug under control of the HSM 5 CycurHSM - A Secure Software Stack for Automotive HSMs The new CycurHSM product from ESCRYPT is a security firmware specifically designed for the Bosch HSM and its derivates. CycurHSM will support all available HSM implementations from the different silicon manufacturers and provides a standardized API to access the HSM. Besides making the existing HW security peripherals of the HSM available to software executed inside the HSM and applications on the host core, CycurHSM also implements a full cryptographic library with asymmetric cryptography support. CycurHSM provides all necessary interface to integrate the HSM inside of a typical automotive ECU, i.e., it consists of an AUTOSAR interfaces, required device drivers, and a PKCS#11 interface for non-autosar applications. As a result, CycurHSM fully encapsulates all required security functions needed to satisfy a broad set of automotive security requirements. The innovative design of CycurHSM is based on a real-time operating system to also ensure real-time characteristics of the HSM that will be required in future use-cases, e.g., for secure real-time critical on-board communication with the involvement of HSM technology. 5.1 Software Architecture The software architecture of CycurHSM is shown in Figure 2. Core component of CycurHSM is RTA-OS from ETAS. RTA-OS is a real-time operating system specifically designed to meet all requirements of automotive ECUs. Further, RTA-OS provides minimal runtime overheads, a very small footprint, and a MISRA C compliant implementation. RTA-OS provides a two-layer protection level to isolate trustworthy kernel tasks from non-trustworthy user tasks, thus providing an additional protection concept for the software of the HSM. Each task on the HSM is executed with the least privilege level required, as a result, potential security vulnerabilities in one task, do not cause the whole system to become insecure. The CycurLIB security library from ESCRYPT provides additional cryptographic primitives (ECC, RSA) and directly uses the cryptographic accelerators available in hardware on the HSM. CycurLIB encapsulates all cryptographic algorithms and functions and provides an interface to applications executed on top of the HSM. The software of the HSM implements customer specific security applications that directly use the provided security functions available on the HSM made available using the CycurLIB. In addition to the CycurLIB, a SHE emulation module

is executed on the HSM. This module uses the CycurLIB security library as underlying primitive and implements the SHE specification [Sof09] with additional extensions to SHE to satisfy extended automotive requirements (denoted as SHE+). The functionality is made available to applications executed on the host core using the HSM driver. The functionality of security applications can be fully implemented on top of the HSM but can also be distributed between host core and HSM if required. CycurLIB and all additional customer specific software applications are executed in user-mode on the HSM. The HSM is communicating with the host core using a specific HSM device driver which ensures secure communication between HSM and host core. The HSM driver on the host is fully compatible to AUTOSAR and provides an interface based on the AUTOSAR crypto abstraction layer (CAL). In addition, it provides a PKCS#11 compliant interface. Figure 2: Main SW Components of CycurHSM

5.2 Security Functions and Use-Cases Based on the HSM, a broad set of use-cases can be implemented. Since the HSM provides a standardized interface to security functions based on strong cryptography, security applications can be either realized on the HSM, the host core, or using a combination of both. Supported uses-cases include, but are not limited, to the following: 5.2.1 Secure Boot Secure boot ensures that the integrity of code stored in the flash has not been compromised and is in a trustworthy state. This is achieved by checking the integrity of code before being executed during the initialization of the ECU. To this end, each component in the boot chain, validates the integrity of the following component in the boot chain before handing over control to the next component in the chain. The initial component is integrated as Core Root of Trust for Measurement inside the boot ROM which is initially responsible for initiating the boot process and for triggering the boot loader. The integrity is validated by computing a cryptographic hash value of the code and comparing it with a pre-configured hash value stored in secure storage of the HSM. If the computed result does not match the pre-configured value, the HSM prevents further execution of the code on the ECU. The secure boot is initiated and completely performed by the HSM itself, i.e., without any explicit call by the host CPU. Figure 3: Secure Boot process with involvement of the HSM 5.2.2 Runtime Tuning Detection Runtime tuning detection verifies the code integrity of the flash content during the regular operation of the ECU. The goal is to detect manipulations on the original ECU flash. Runtime tuning detection takes advantage that the HSM is realized as one additional core with full access to the flash of the ECU. As a result, the HSM can independently validate the code integrity of the flash without causing any impact or delays on the safety-critical applications executed on the host core. Typically, the runtime tuning detection is a low-prioritized task implemented on top of the HSM that walks through the flash storage in regular intervals and compares the integrity of the flash code with pre-configured measurements. If the runtime tuning detection tasks detects an anomaly, a secure log entry is created that gives information about the detected anomaly. As an alternative, the runtime tuning detection may cause a specific reaction to an event, e.g., causing the ECU to go into fail-safe mode.

5.2.3 Secure Flashing Secure flashing is the process of updating the software of the ECU in a secure manner. Secure flashing supported by an HSM is typically divided into three phases. First, the authenticity of the flashing request of an external diagnosis tester is verified by the HSM. For this purpose, a challenge-response authentication protocol using symmetric or asymmetric keys is performed. After the HSM grants access, the download of the software can be initiated (step 2). Alongside to the software, a cryptographic signature is transmitted which was created by a trustworthy entity, e.g., the manufacturer of the ECU, that vouches for the trust level of the code. After the code has been transmitted, the HSM checks the signature of the code. If the signature verification succeeds and the code fits to the ECU, the internal flash structure is updated with the new code (step three).

6 Conclusion Hardware Security Modules are a necessary building block to harden embedded systems against attacks. HSMs are dedicated hardware security components that encapsulate security functions and provide the necessary trust primitives. This article gives a high-level overview of the CycurHSM product currently under development by ESCRYPT. CycurHSM is a complete software stack adapted to the available implementations of the Bosch HSM by different silicon manufacturers. In addition, it provides an own SHE(+) emulation module on a secure core. The innovative design of CycurHSM is based on a real-time operating system to satisfy future upcoming requests to also meet safety requirements. Based on CycurHSM, a broad set of security applications can be supported. CycurHSM provides the technology for fulfilling the requirements regarding a flexible HSM firmware that provides open and standardized interfaces to HSM-enhanced security applications. The full comparability of CycurHSM to AUTOSAR ensures a broad applicability and the usage of the technology in different types of ECUs. Contact & Further Information Email Web info@escrypt.com www.escrypt.com ESCRYPT GmbH Embedded Security Lise-Meitner-Allee 4 44801 Bochum, Germany Phone: +49 234 43870-219 ESCRYPT Inc. Embedded Security 315 E Eisenhower Parkway, Suite 214 Ann Arbor, MI 48108, USA Phone: +1 734 418-2797

References [BGI + 11] [HS11] Oliver Bubeck, Jens Gramm, Markus Ihle, Jamshid Shokrollahi, Robert Szerwinski, and Martin Emele. A hardware security module for engine control units. In Proceedings of the 10th ESCAR Conference, 2011. Johann Heyszl and Frederic Stumpf. Asymmetric cryptography in automotive access and immobilizer systems. In Proceedings of the 10th ESCAR Conference, 2011. [Sof09] HIS Herstellerinitiative Software. She - secure hardware extension version 1.1. Technical report, http://portal.automotive-his.de/, 2009. [Tru07] Trusted Computing Group. TCG TPM Specification, Architecture Overview. Technical report, TCG, 2007.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information