d2-01 terada security study for automotive …...japan automotive software platform and architecture...

JapanAutomotiveSoftwarePlatformandArchitecture

CyberSecurityStudyforAutomotiveEthernetinJapanAutomotiveIndustry

ArchitectureTeamLeaderMikioKATAOKA

HitachiAutomotiveSystems,Ltd.

ArchitectureTeam,RequirementDefinitionSub-teamLeaderKeisukeTerada

Yazaki Corporation.

JASPARNextGenerationHigh-SpeedNetworkWG

7thIEEE-SAEthernet&IPAutomotiveTechnologyDay,SanJose,CA,USA,Nov.2017

Japan Automotive Software Platform and Architecture2017/11/2 2/26

1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG

2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults

- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN

3.FutureActivities- Documentation- Conclusion

Agenda






Agenda


1-1.WhatisJASPAR?

JASPAR:JapanAutomotiveSoftwarePlatformandArchitecture

JASPARwasestablishedtopursueincreasingdevelopmentefficiencyandensuringreliabilitybystandardizationandcommonuseof

electroniccontrolsystemandin-vehiclenetworkwhichareadvancingandcomplexing.

nMissionü Improvementsindevelopmentproductivityandsignificantlycontributetotheadvancementoftheworld’stechnologythroughstandardizationactivity.

ü Establishofthefairbasisforcompetitionofthewholeautomobileindustry.

n Achievementsü RepresentacollectivevoiceoftheJapanesecompaniesattheinternational

standardizationbodies.ü Contributetodevelopmentofglobalstandards.


OEM Tier1 Soft/Tool Semicon/Electronics Others

12 42 73 25 19BBoard memberHONDA R&DNissanTOYOTA

DENSO Toyota Tsusho

Regular memberISUZUMazdaSUBARUSUZUKI

ADVICSAISIN AWAISIN SEIKIAkebono BrakeAlpineALPSAutolivAutoliv Nissin BrakeBosch Calsonic KanseiClarionContinental AutomotiveFUJITSU TENFurukawa Electric Hitachi AMSJATCOJTEKT

KeihinMitsubishi ElectricNidec ElesysNIPPON SEIKINSKPanasonicPIONEERRicohSHOWASumitomo ElectricTOKAI RIKAToyoda GoseiTOYOTA INDUSTRIESYAZAKI

ADCAPRESIA APTJATSAUBASSCadenceCATSChange VisioneSOLETASFFRIFTLFUJI SOFTFUJITSUFUJITSU BSCHitachi ICSIBM Japan

KPITMentor GraphicsmicwareNECNihon SynopsysOMRONOTSLSCSKSTABILITY Sunny GikenToshiba Information Systems TOYOTrend MicroVector JapanWITZ

Harman InternationalHRSInfineonMegaChipsMicrochipMJKKMurata NXP SemiconductorsRenesasTDKTOSHIBATyco Electronics

DNP DTRSKDDISECOM TOPPANTOYOTA CRDL

1-2.JASPARmembersListasofSeptember,2017

Assciate memberDAIHATSUHinoHYUNDAIMitsubishi MotorUD Trucks

Delphi Automotive SystemsFujikuraKYBMagna International MITSUBANGK SPARK PLUGToyodensoTRANSTRONValeo JapanYamaha Motor

A&DA&W TechonologyACCEL JAPAN AICAISIN COMCRUISEANRITSUArgus Cyber

SecurityAXEAZAPABITSBrisonCanon ITSDigital ContentsDITdSPACEEager

EiwaElektrobitGAIOHI CORPHitachi High-TechIxiaLACMamezouMITO SOFTNEC Solution InnovatorsNetagentNTT DATA MSENTT DATA SBC PCI SolutionsSystenaTakasaki KyodoTata Consultancy

TOKYO ELECTRON DEVICETrilliumTTTechUbiquitousUSEWind RiverXilinxYokogawa

ADIARMCypress Innovates HI-LEXHitachi ULSI HosidenNTNROHMSanden Automotive ComponentsSanDisk ShindengenThineYOKOWO

Allion JapanBiz3HAGIWARAKyoei Sangyo MACNICANTT DOCOMOOECRENESAS EASTON RyodenRyosanSANSHINShinko Shoji


Executive BoardAuditor

Administrator

Board Members Steering Committee

FunctionalSafety

Working Groups

IntellectualProperty

AUTOSARStandardization

In-vehicleLAN

Dynamic Vehicle

Information Sharing

Cyber Security

Promotion

BluetoothConformance

MobileDevice

Interface

Next Generation High-Speed

NETwork

: Out of Action

: In actionCyber

Security Technical

OTATechnical

1-3.JASPAROrganization(asofSeptember2017)


NextGenerationHigh-SpeedNetworkWG

HardwareTeam

LeadersMeeting

1-4.NextGenerationHigh-SpeedNetworkWG

Architecture Team AUTOSAR Subcommittee OPEN Subcommittee

Definein-vehiclerequirementsforthenext-generationhigh-speednetworktechnology.Studycertification/authenticationmechanismstoensureconformanceandinteroperability,asrequired.Keepclosecooperationwithassociateddomestic/internationalorganizationsandcompaniestoaccomplishstatedgoals.

RequirementDefinitionSub-Team

SoftwareSwitchEvaluationSub-Team



2.StatusofStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResult



Agenda


2-1-1.CaseoftheCarHacking

Hackertrends

<Target>Uconnect implementedcar.<Attack>Controlthedisplay,steeringandtransmission.(Accidentscausedbyaremoteattackhasnotoccurred.)

<Target>FCAJeep<Attack>Sendthemaintenancecommandfromthediagnosisconnector.ImpersonatedaregularECUandcontrolthesteering.

‘13Hackinginthecar

‘15Hackingfromremote(Atlowspeed)

‘16Controlthecarusingmaintenancemode(Whendriving)

FCArecall1.4million units

Hackinglevelforcarshasincreasedyearbyyear


2-1-2.In-vehicleEthernetSecurity

Therearetheimportantissuesthatwediscussthesecuritymeasuresagainstcyberattacks.

AlsointheNextGenerationHigh-SpeedNetworkWG,thein-vehicleEthernetsecurityhasbeenstudiedfrom2015.

Maliciousattack

Protect

V2V

V2IV2P

Japan Automotive Software Platform and Architecture2017/11/2 11/26VLAN

2-2-1.JASPAR’sPresumedSecurityConfiguration

Tool OBD(DoIP)

TCU

IVI/NAVIGateway

ECU（Switch）

End-node

End-node

End-node

Server

ECU（Switch）

:

Dataencryption（TLS)

External Internal

• AccessControlList• Communicationmonitoring• Electroniccertification• VLANfiltering

• AccessControlList• Communicationmonitoring• Mutualauthentication• VLANfiltering

MutualauthenticationMessageauthentication

DMZ

• Spoofing countermeasure• Serverauthentication• Mutualauthentication

FW1

FW2

FW3

TCU:TelematicsControlUnitFW:Firewall

Thegateway separatesoutsideandinsideofvehicleasaattacksurfaceandfiltersillegaldataforintrusionprevention.Datacommunicatedwithoutsideofvehicleshouldbeencrypted.Messageauthenticationcodeisadaptedforcommunicationdataofin-vehicle.


EnumeratethesecuritytechnologiesrelatedtheEthernet.

2-2-2. EthernetSecurityTechnologies


Priorityconsiderationitemsareselectedforin-vehicleEthernetnetwork.Decidedbytheinterestsofparticipatingcompanies.

Thefollowing3itemsareselected.VLAN,Filtering,SSL/TLS.

2-2-3. Priority Consideration Items

Category Discussionitems

VLAN ・Usageofthe VLANas thenetworkconfiguration.・RoutingusingtheVLAN.(considerdomains)

Filtering ・Scopeoffilterapplicationasthe in-vehiclesystems.・Performanceof theautomotivemicrocomputer/switch.

Messageauthentication

・ThiscategoryisdiscussedbyotherWGinJASPAR.So,excludefromdiscusspointinthisWG.

SSL/TLS ・Investigatethespecification andthecompatibilitywiththein-vehiclesystems.・Performanceapplied toautomotivemicrocomputer.

DPI ・Investigate thetechnologies. (whatkindofattackcanbedetected)

MACSec, IPSec ・FeasibilitybasedonrequiredprocessingcapacityPerformance insoftware/hardware.

VLAN:VirtualLAN SSL:SecureSocketLayer TLS:TransportLayerSecurityDPI:DeepPacketInspection


Wediscussedtheimplementationpointsoffiltering.Asaresult,wepresumethefollowingpointsasimplementationpoints.Bymatchingbetweenthefilteringfunctionsetforeachpointandthereceivedpacket,itisselectedwhetherthepacketispassedordiscarded

2-3-1.ImplementationPointofFiltering

Tool OBD(DoIP)

TCU

IVI/NAVIECU（Switch）

End-node

End-node

End-node

Server

ECU（Switch）

:

External InternalDMZ

Gateway(switch)

Filterfunctionimplementationpoint


Selectthesecuritytechnologiesasaprerequisitetodiscussthefilteringfunction.Scope:Standardizedordiscussingtechnologiescreatedby

IEEE,IETF,etc.

2-3-2.SecurityTechnologiesAppliedtotheFiltering

SecuritytechnologiesPort-basedVLANTaggedVLANPrivateVLANSubnetworkbasedVLANMACfiltering,Portsecurity,IEEE802.1X,MACauthenticationbypassStaticMACTableDynamicARPInspectionIPSourceGuardIPfilteringVLANACLNAT(NetworkAddressTranslation)NAPT(NetworkAddressPortTranslation)DDoSOpenThreatSignaling(dots)OCSP(OnlineCertificateStatusProtocol)


2-3-3. FilteringFields andAppliedtoIn-vehicleNetworkEnumeratefilteringitemsforeachOSIlayers.

Implementationfunction.Appliedtoin-vehiclenetwork.Withorwithouthardwaresupport.

Enumeratedfilteringitems


WediscussedtheimplementationpointofTLS.Asaresult,wepresumethefollowingpointsasimplementationpoints.SincethereisapossibilitythattheinternalECUmaybecometheendpointofTLS,theimplementationpointofTLSistheentirenetworkincludinggateway,ECU,andendnode.

2-4-1.ImplementationPointofTLS

Tool OBD(DoIP)

TCU

IVI/NAVIECU（Switch）

End-node

End-node

End-node

Server

ECU（Switch）

:

External InternalDMZ

Gateway(switch)

TLSembeddedsoftware


DiscusstheTLSfunctionandtechnologyelements.Technologyoverviewandrecommendation.

2-4-2.TLS FunctionandTechnologiesRelatedTLS

Enumeratedtechnologyelements


PerformthethreatanalysisbytheCIA.ConsiderConfidentiality/Integrity/Availabilityandrelatedtechnicalelements.

2-4-3.ThreatAnalysisofTLS Requirements

CIA TLS Requirements

Confidentiality

Confidentialityofsessionkeys

Confidentiality ofmessages

Transport keys

Session information

Integrity

Serverauthentication

Client authentication

Message authentication

Availability

Connection times(Server)

Throughput

Connection times(Client)

Certificate renewal


DiscussionofVLANconfigurationbasedonJASPARnetworkconfiguration.=>Classifiedintotwotypes.

VLANconfigurationsbydomain.AssignVLANIDforeachnetworkdomain.VLANconfigurationsbyapplication.AssignVLANIDforeachapplication.

2-5-1.ExampleofVLANConfiguration

VLANconfigurationsbydomain VLANconfigurationsbyapplication

Ports ECUVLAN Membership

1 2 3 4 5

0 μC (Gateway) x x x x

1 Tool x

2 TCU x3 IVI/NAVI x x

4 ECU1 x

5 ECU2 x

6 Camera x

VLAN Application10 DoIP(Before auth.)10 DoIP(After auth.)20 xxxx12x xxxx230 xxxx33x xxxx4

Ports ECU

VLAN Membership

10(B

)

10(A

)

20 2x 30 3x

0 μC(Gateway) x x x1 Tool x x2 TCU x x3 IVI/NAVI x x x4 ECU1 x x x5 ECU2 x x x x


IncaseofapplyingafirewalltoVLANconfigurations.=>ConfiguretheFirewalltoforwardpacketsonlytotherequiredports.

2-5-2.ExampleofFirewallApplication

ExampleofthefirewallincaseofVLANconfigurationsbydomain

• WhitelistmethodChecktheVLANIDandtheL2,L3,L4headerspermittedforeachinput(physical)port,onlytransferthepermittedpackets

1.CommunicationwithinVLAN: End-node3⇔ End-node2Internal(betweenECU1andECU2)allowsfilteringtopass.

2.CommunicationbetweenVLANs:IVI/NAVI(VLAN3)⇔ End-node1(VLAN1)

ItispreferabletofilterbyMACaddress,IPaddress,portnumberatFW1andFW3ofGateway.

ExampleofthefirewallincaseofVLANconfigurationsbyapplication

VLAN Application10 FW2 internal comm.

(DoIP, before auth.)10 FW2 internal comm.

(DoIP, after auth.)20 FW1 internal comm.

(SOME/IP)2x FW1 external comm.

( application 1 )30 FW3 internal comm.

( IP Video)3x FW external comm.

( application 2 )

Ports ECUVLAN Membership

10(B

)

10(A

)

20 2x 30 3x

0 μC(Gateway) x x x1 Tool x x2 TCU x x3 IVI/NAVI x x x4 ECU1 x x x5 ECU2 x x x x

VLANID10:PortbasedVALNOthers:TaggedVLAN






Agenda


TheseresultsaredescribedforJASPARguidelines.(within2017)JASPAR members can obtainthesedocuments.

3-1.Documentation


Wearediscussingthesecuritytechnologyverificationofin-vehicle.BycomparingICT(InformationCommunicationTechnology)securityandin-vehiclesecurity,clarifiesdifferentfactors.

3-2.FutureActivities

ConfigurationexampleinICT

Internet

FW1

L2Switch

TCU IVI/Navi

FW3

L3Switch(Router)SwitchingbetweenmultipleVLANs

Body

Chassis

ADASL2Switch

ECU

ECU

ECU

・・・

FW2

OBD(DoIP)Tool

StudyofTSNrequirementsStartedbyinvestigatingspecifications,underconsiderationofapplicationexamples.


DiscusstheEthernetsecuritytechnologiesappliedtoin-vehiclenetwork.EnumeratetheEthernetsecuritytechnologies.SelectFiltering,SSL/TLSandVLANforthepriorityconsiderationitems.

3-3.Conclusion

Discussed items Output

Filtering

- Enumeratethefilteringitems.L2:VLANID,TPID,VIDetc.L3:Protocolnumber,Controlflag(SYN)etc.

- Definetheimplementationsofhardwareorsoftware.

- Definetherequirements ofthefilteringitems.

SSL/TLS

- DiscomposedtheSSL/TLS technologiesintofunctionalelements.

Authenticationmethod,Encryption,ConnectiontimeandThroughputetc.

- TLStechnologiesguideline.- Clarifytheusecase,usedtechnologies.

VLAN

Definethe networkarchitecturewithVLAN.- VLANconfigurationsbydomain.Networkdesign(includingmulti-VLAN)

- VLANconfigurationsbyapplication.Networkdesign(DoIP,Imagetransmission,Mapdatadistributionetc.)

- VLAN designguideline.- VLANdesignarchitectureandrequired technologies.


Thankyouforyourattention.

d2-01 terada security study for automotive …...japan automotive software platform and architecture...

Documents