vector cyber security solution vhsm firmware...u key derivation functions (kdf) and key exchange u...

V1.01.04 | 2019-07-11

MICROSAR.HSM – Optimized and Flexible Software for Hardware Security Modules

Vector Cyber Security Solution – vHSM Firmware

© 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.04 | 2019-07-11

u Introduction

Fundamentals

MICROSAR.HSM - Features

MICROSAR.HSM - Architecture

MICROSAR.HSM - Integration and Workflow

Summary

Agenda

2/25


Cybersecurity in Automotive

Introduction

Cybersecurity gains increasing importance in automotive industry due to highly connected vehicles and accessible customer interfaces. Vehicles become a part of the internet of things.

Therefore, highly complex algorithms have to be executed efficiently in an isolated portion within the ECUs. A secure storage for cryptographic secrets is needed as well.

At this, a hardware security module including its software is used to provide necessary performance and isolation with appropriate small footprints.

Vector Solution

At a glance u

3/25


Layered Security Concept – Defense in Depth

Introduction

Secure External Communication

Secure Gateways

Secure In-Vehicle

Communication

Secure Platform

u Secure communication to services outside the vehicle via TLS

u Intrusion detection mechanisms

u Firewalls

u Key Infrastructure / Vehicle PKI

u Synchronized secure time

u Message authentication codes (MAC)

u Freshness to ensure integrity of messages

u Encryption to ensure confidentiality of messages

u Secure key storage

u Secure boot and secure flash

u Crypto algorithm library

u HW trust anchor (HTA)

u E.g. Hardware Security Modules (HSM)

Associated Security Controls

4/25


Firewall

Key Infrastructure

Secure On Board Com.

Secure Off Board Com.

Intrusion Detection / Prevention

Monitoring / Logging

Hypervisor

Crypto Primitives Download Manager

Connectivity Gateway

CU

Instrument

ClusterDSRC 4G LTE

Laptop

Tablet

Smart-phone

Central Gateway

ADAS DC

Smart Charging

Powertrain DC

Chassis DC

Body DC

Secure Flash/Boot

Security Mechanisms allocated in Example Architecture

Introduction

Head Unit

Secure SynchronizedTime Manager

Diagnostic Interface

5/25


Introduction

u Fundamentals




Summary

Agenda

6/25


Based On Crypto Peripheral

u Accelerating cryptographic algorithms in crypto peripheral

u Hardware support / acceleration possible

u No isolated secure core or memory available

u Secrets and application data in same memory

u No updates of crypto hardware are possible

Based On Pure Software Approach

u Executing cryptographic algorithms in software

u No hardware support / acceleration possible

u No isolated secure core or memory available

u May occupy many CPU resources (CPU time)

u Code size and speed highly depends on the microcontroller

Approaches for Cryptographic Solutions

Fundamentals

Microcontroller

CPU

RAM Flash

SW Crypto

Network Interface

internal connection

vehicle network

Microcontroller

CPU

RAM FlashHW

Crypto

Network Interface

internal connection

vehicle network

7/25


Secure hardware extension (SHE)

Fundamentals

u SHE design objectives

u Provide a secure anchor

u Define basic feature set of cryptographic services

u Low cost

u On-chip extension within an MCU

u Provides a set of cryptographic services to the application layer

u Isolates the secret keys from the rest of the MCU resources

u Cryptographic services based on AES-128

u Encryption & decryption

u CMAC generation & verification

u Random number generation

u Boot loader verification

u Unique device identification

u Stores secret keys in a dedicated NVM not accessible by the application

u The keys are referenced by an index (from 0 to 14)

u Keys are updated in the secure memory with a specific procedure

Microcontroller

CPU

Peripherals (CAN, UART, ...)

SHE – Secure Hardware Extension

Control Logic

HW Crypto

Secure Memory

Secure Zone

8/25


Hardware security module (HSM)

Fundamentals

u HSM design objectives

u Harden ECUs against SW and selected HW attacks

u Provide HW acceleration for crypto functions

u Support ECU to ECU communication protection

u Standardized by EVITA

u EVITA HSM profiles

u HSM full: > Support strong authentication (e.g. via RSA, ECC)

> Support complex block ciphers

> High performance

u HSM medium: > Secure ECU 2 ECU communication

u HSM small:> Secure critical sensors / actuators

> Simple block ciphers

> Low cost modules

SHE behavior can be emulated on an HSM

Microcontroller

HSM

CPU

RAM FlashHW

Crypto

Network Interface

internal connection

vehicle network

Secure Memory

CPU

SW Crypto

Secure Zone

Target architecture for MICROSAR.HSM

9/25


Introduction

Fundamentals

u MICROSAR.HSM - Features



Summary

Agenda

10/25


MICROSAR.HSM: vHsm – What it actually is and does.


u Execution of cryptographic services in an trusted environment

u Large library of crypto algorithms/primitives

u Cryptographic basic functions (hash, random numbers)

u Message authentication code (HMAC, CMAC)

u Symmetric and asymmetric crypto ciphers

u Supporting signature generation and verification

u Providing protected storage for security assets (e.g. keys)

u Providing secure startup protocol (SecureBoot / AuthenticatedBoot / TrustedBoot)

u Supporting hardware acceleration for better performance

u Providing possibilities to securely update vHsm software

u Modular architecture with extensive configuration space

u Adaptable HSM firmware to match use case requirements and foot print

u Comprehensive configuration tool DaVinci Configurator

u Add-Ons to support OEM specific requirements

MICROSAR.HSM – Functionality MICROSAR.HSM – Configuration

vHsm is an efficient and flexible software stack for hardware security modules that is adaptable to your use case in order to improve cybersecurity.

u Secure boot in combination with flash bootloader

u Secure software update and code signing for the application

u Secure OnBoard Communication (SecOC)

MICROSAR.HSM – Exemplary Use Cases

11/25


u Basic functions and symmetric crypto algorithms

u Hash (e.g. SHA-256, SHA-384, SHA-512,…)

u Random number generation

u MAC Generation and Verification> CMAC

> HMAC

u Cipher> AES in the modes ECB, CBC, GCM

u Key derivation functions (KDF) and key exchange

u KDF in counter mode

u Concatenation KDF

u Key exchange protocol EC-DHE

u Asymmetric crypto algorithms**

u RSA (Generation and Verification of Signatures)

u RSA (Encryption and Decryption)

u ECDSA (Generation and Verification of Signatures)

u EdDSA

u RSASSA-PSS

Supported Basic Functions and Cryptographic Algorithms*


* A full list of supported algorithms can be found in the annex

** These algorithms require vHSM Add-On Asymmetric Crypto

Example: Symmetric encryption and decryption

Example: ECC signature for integrity protected flash programming

12/25


u Data can be passed in plaintext to and stored inside the HSM

u Includes symmetric/asymmetric keys and certificates

u Any other (security related) data (e.g. mileage, freshness values, certificates) can be stored as well

u Key Installation of symmetric keys according SHE 1.1

u Support of counter handling

u UID can be read out

u Extensive configuration options per key/data:

u RAM-Key or persisted Key

u Redundant and reset safe key storage

u Pre-loading / cashing of keys on startup reduce loading times

u No limitation regarding the amount of keys*

u Locking of keys until secure boot has finished

u Write once keys

u Immediate or deferred (“lazy”) persisting of Keys

Secure Key and Data Storage


kprivate

kpublic

ksecret

Secure Mem

Example: Secure key, mileage and SecOC freshness value storage

Authentic I-PDU

Freshness Value

MACSecured I-

PDU Header

SecOC Message:

*only limited by available hardware memory resources

13/25


u vHSM provides an error log, which can be used to log error events which occur on the HSM

u Errors can be written to secure data flash and read out by application

u The maximum number of log entries is configurable

u Reporting of Det Errors on vHSM

u Can be treated as error and logged

u Can be forwarded to application

u Det of vHSM works as proxy of the host DET> Errors are forwarded and reported on the host

u Source code delivery allows better debugging, code reviews and customization within custom crypto driver

vHSM Error Log, DETs and Debugging


14/25


u Support of different secure startup modes:

u Secure Boot / Sequential mode: Jobs can be executed as a sequence so that application is not started before finishing secure boot jobs

u Authenticated Boot / Parallel mode: Jobs can be executed in parallel to application start to enable fast boot times

u Trusted Boot / mixed mode: first job is started automatically before host cores are started, other jobs can than be triggered for background check

u Secure startup can be split up in several jobs/phases

u Auto-start of jobs can be configured

u e.g. for boot-manager verification

u Configurable secure boot sanctions are:

u System reset

u HSM Halt

u None

u Custom

Secure Startup Support - Basics


Example: Signatures for code signing and secure boot update

15/25


Introduction

Fundamentals


u MICROSAR.HSM - Architecture


Summary

Agenda

16/25


u The vHSM firmware consists of vHSM dedicated and Vector standard modules

u Modular architecture with configurable modules to optimally meet use case needs (footprint and latency)

u Crypto(vHSM) host driver in compliance with ISO 26262 ASIL A/B and ASIL C/D

Delivery contains:

u vHSM Software Integration Package (SIP)

u Crypto(vHSM) driver

u as part of MICROSAR SIP or

u as Mini SIP for 3rd Party Stacks

u DaVinci Configurator Pro for vHSM configuration

Available Add-Ons:

u Asymmetric Crypto

u vHsm Updater

u Certificate Handling*

u OEM specific extensions*

Delivery Content and Options of vHSM


u vHSM is independent of MICROSAR and FBL but has all necessary interfaces and modules for interaction, simplified integration, configuration and debugging!

* Please contact Vector for availability

17/25


Internal Architecture of the vHSM


Microcontroller

vHSM

vHSM CryIfvHSM KeyM

Crypto Hardware

Accelerator

Crypto Software Library

Custom Crypto Job

Secure Memory

vHSM Job Processor

RAMHSM Channel

HSM Channel

HSM Channel

HSM Channel

AUTOSAR 4.3BSW

Flash Bootloader

Secure Boot and Update

Support

HSM Channel

RTE

SYS

COM

MCAL

SWC / Application

Crypto(vHSM)

OS

Application core subsystem

HSM subsystem

Shared memory

18/25


Introduction

Fundamentals



u MICROSAR.HSM - Integration and Workflow

Summary

Agenda

19/25


Integration Scenarios with Vector Software


vHSM + MICROSAR

u Advantages> Better tool support → DaVinci Configurator

provides consistency between MSR and vHSM configurations

> Combination already in use

> Better technical support possible

> Easier debugging

vHSM + FBL*

u Advantages> Secure Startup support

> Updating SecureBoot based on segmentation table update on host

> Better tool support

> Usage of vHsm crypto primitives for secure software downloads/updates from FBL

> Using vHsm key storage from FBL

*For availability of vHsm integration in FBL and supported features please contact Vector

20/25


u Comprehensive configuration with DaVinci Configurator Pro

u DaVinci Configurator Pro provides pre-config file to sync vHSM configuration with MICROSAR configuration including:

u Available primitives

u Available and configured keys

Configuration of vHSM: Synchronization


Developer 1

DaVinci Cfg5

vHSM config

Developer 2

DaVinci Cfg5

MSR config

*.arxml

Generate pre-config file as output

Input asAdditional Definitions

- Available primitives

- Available and configured Keys

21/25


u Prevent execution of tampered ECU software by means of a chain of trust

u Integrity check is performed at ECU startup

u Each software unit involved in the boot process validates the integrity of the subsequent software unit, forming a chain of trust

u Validation can be done via checking signature / MAC

u Keys and MAC must be stored in a secure area

vHSM supports Secure Boot in:

u Secure key and MAC storage

u Signature / MAC verification

u 1..n secure boot segments with

u Configurable keys

u Configurable sanctions

u Configurable performance improvement options

u Sequential or parallel secure boot

u Isolation of host and secure domains

Example Use Case: Secure Boot


vHSM

FBL

App

FBL Code CMAC

App Code CMAC

Start

Start

22/25


Introduction

Fundamentals




u Summary

Agenda

23/25


MICROSAR.HSM: vHsm – What it actually is and does.

Summary

u Execution of cryptographic services in an trusted environment

u Large library of crypto algorithms/primitives

u Cryptographic basic functions (hash, random numbers)

u Message authentication code (HMAC, CMAC)

u Symmetric and asymmetric crypto ciphers

u Supporting signature generation and verification

u Providing protected storage for security assets (e.g. keys)

u Providing secure startup protocol (SecureBoot / AuthenticatedBoot / TrustedBoot)

u Supporting hardware acceleration for better performance

u Providing possibilities to securely update vHsm software

u Modular architecture with extensive configuration space

u Adaptable HSM firmware to match use case requirements and foot print

u Comprehensive configuration tool DaVinci Configurator

u Add-Ons to support OEM specific requirements

MICROSAR.HSM – Functionality MICROSAR.HSM – Configuration

vHsm is an efficient and flexible software stack for hardware security modules that is adaptable to your use case in order to improve cybersecurity.

u Secure boot in combination with flash bootloader

u Secure software update and code signing for the application

u Secure OnBoard Communication (SecOC)

MICROSAR.HSM – Exemplary Use Cases

24/25


Author:Dr.-Ing. Falco BappVector Germany

For more information about Vectorand our products please visit

www.vector.com

http://www.vector.com/

vector cyber security solution vhsm firmware...u key derivation functions (kdf) and key exchange u...

Documents