vehicle key management status of standardization · 2018-11-15 · u vehicle key management != key...
TRANSCRIPT
![Page 1: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/1.jpg)
V2.01.00 | 2016-05-09
Webinar
Vehicle Key Management – Status of Standardization
![Page 2: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/2.jpg)
2
u Importance of cryptographic material
Vehicle key management != key storage
Challenges for standardization
Example: Initial keying at OEM for SecOC
Status of standardization
Summary
Agenda
![Page 3: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/3.jpg)
3
Cryptographic keys are the foundation for technical security mechanisms
Importance of cryptographic material
Connectivity Gateway
CU
Instrument
ClusterDSRC
4G LTE
Laptop
Tablet
Smart-phone
Central Gateway
ADAS DC
Smart Charging
Powertrain DC
ChassisDC
BodyDC
Head Unit
Diagnostic Interface
u For security reasons different keys are used for different security related use cases, e.g.
u Secure flashing of ECUs (a.k.a code signing, secure reprogramming)
u Secure boot of ECUs
u Diagnostic access control
u Secured communication between the ECUs of a vehicle (e.g. via SECOC)
u Secure communication from the ECU to external services (e.g. via TLS)
u SW update over the air (SOTA)
u Remote feature activation
u Component theft protection
u Immobilizer
u Mobile online services
u …
u The affected ECUs require a considerable number of cryptographic keys
![Page 4: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/4.jpg)
4
Importance of cryptographic material
u Vehicle key management != key storage
Challenges for standardization
Example: Initial keying at OEM for SecOC
Status of standardization
Summary
Agenda
![Page 5: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/5.jpg)
5
Vehicle key management in a layered security concept
Vehicle key management != key storage
Secure External Communication
Secure Gateways
Secure In-Vehicle Communication
Secure Platform
u Secure communication to services outside the vehicle
u Intrusion detection mechanisms
u Diagnostic policy manager
u Vehicle key management
u Security event memory
u Authentic synchronized time
u Authenticity of messages
u Integrity and freshness of messages
u Confidentiality of messages
u Key storage
u Secure boot and secure flash
u Crypto library
u HW trust anchor (HTA)
Security concepts
![Page 6: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/6.jpg)
6
Key storage
Vehicle key management != key storage
u Goal:
u Securely store cryptographic keys
u Basic functions and key aspects:
u Take a cryptograhic key from the application
u Securely store it in NVM or hardware trust anchor of ECU
u Supported by the crypto stack (CSM, CRYIF, CRYPTO)
u Configuration of key structures via key elements
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
CRYPTO (HW)
CRYIF
CRYPTO (SW)
ApplicationApp
SYS
HSM
![Page 7: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/7.jpg)
7
Vehicle key management in the AUTOSAR architecture
Vehicle key management != key storage
u Goal:
u Simplifies typical and common key lifecyclemanagement tasks
u Basic functions:
u Receives new cryptographic material (keys, certificates) via diagnostic routines
u Verifies authenticity, integrity and freshness of cryptographic material
u Provides callouts to integrate with business logic for different typical key lifecycle phases (production, initialization, update, repair, replacement)
u Supports on board derivation of new keys
u Supports secure distribution of shared secret keys
u Logs security events to security event memory (SEM)
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
CRYPTO (HW)
CRYIF
CRYPTO (SW)
ApplicationApp
SYS
KEYM
SEM
HSM
DCM
![Page 8: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/8.jpg)
8
Importance of cryptographic material
Vehicle key management != key storage
u Challenges for standardization
Example: Initial keying at OEM for SecOC
Status of standardization
Summary
Agenda
![Page 9: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/9.jpg)
9
Production of the ECU
u Insertion of initial keys
Key lifecycle phases
Challenges for standardization
Aftersales
u Keys can be replaced if they have become compromised
u Keys can be renewed after a certain time to improve security
u Additional keys can be inserted for new use cases
u Replaced ECUs can get appropriate keys to participate in secure vehicle communication
End of line programming
u Replacement of initial keys by OEM specific master keys
u Insertion of additional keys
u On board derivation of further keys
u Secure distribution of keys in the vehicle network
![Page 10: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/10.jpg)
10
Variation points for technical solution
Challenges for standardization
u Development-, production-, after sales processes @ Tier1 & OEM
u Existing backend key management processes and IT infrastructure (e.g. PKI)
u Security goals (based on assumptions about the security of the development / production / service environment)
u Performance goals (based on end of line programming requirements)
u Vehicle security architecture / vehicle key management paradigm (centralized / decentralized)
u Current situation: Vector provides proprietary vehicle key management solutions to support a large number of different OEMs
u Goal for standardization: find right level of abstraction
u to provide added value compared to proprietary solutions
u Support known OEM specifics via configuration and extension interfaces
![Page 11: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/11.jpg)
11
Importance of cryptographic material
Vehicle key management != key storage
Challenges for standardization
u Example: Initial keying at OEM for SecOC
Status of standardization
Summary
Agenda
![Page 12: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/12.jpg)
12
Scenario 1: Off-board (backend) key generation
Example: Initial keying at OEM for SecOC
Diagnostic Tester KEYM KEYM
u Diagnostic Tester provides backend generated keys toeach node
u Key managers are limited to validatingbackend generated SECOC keys via
u SHE1.1 key update protocol or
u OEM specific key update containers
![Page 13: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/13.jpg)
13
Scenario 2: On-board key derivation with coordinator
Example: Initial keying at OEM for SecOC
Diagnostic Tester KEYM (Server) KEYM (Clients)
u DiagnosticTester triggersSecOC keying
u On-board KEYM servercreates and storesvehicle specific secret
u On-board KEYM servercoordinates securedistribution of secret toclients (e.g. via Diffie-Hellman)
u KEYM clients use secret and key derivation function tosecurely derive SecOC keys
![Page 14: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/14.jpg)
14
Scenario 3: On-board key generation without coordinator
Example: Initial keying at OEM for SecOC
Diagnostic Tester KEYM KEYM
u Diagnostic Tester triggers SecOCkeying
u No dedicated KEYM server whichcoordinates key negotiation (completlydecentralized)
u Group of ECUs participates in negotiation of shared secret (e.g. via Burmester-Desmedt )
u Participating nodes derive SecOC keysfrom shared secret
![Page 15: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/15.jpg)
15
Importance of cryptographic material
Vehicle key management != key storage
Challenges for standardization
Example: Initial keying at OEM for SecOC
u Status of standardization
Summary
Agenda
![Page 16: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/16.jpg)
16
Vehicle key management in a layered security concept
Status of standardization
Secure External Communication
Secure Gateways
Secure In-Vehicle
Communication
Secure Platform
u Secure communication to services outside the vehicle (TLS)
u Intrusion detection mechanisms
u Diagnostic policy manager
u Vehicle key management
u Security event memory
u Authentic synchronized time
u Authenticity of messages
u Integrity and freshness of messages
u Confidentiality of messages
u Key storage
u Secure boot and secure flash
u Crypto library
u HW trust anchor (HTA)
Security Concepts
AU CCAUTOSAR4.4
CCSecOC
CCSHE, HSM, CCTPM, TEE,…
CCCSM / CCCRYIF / CCCRYPTO
Standard
CCSecurityCCExtensionsCCAUTOSAR4.4
![Page 17: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/17.jpg)
17
u C1: Security Event Memory
u C2: Vehicle Key Management / Key Distribution
u C3: Secure Boot Status (dropped)
u C4: Authentic Synchronized Time
u C5: Dynamic Rights Management for Diagnostic Access
u C6: Improved Certificate Handling (integrated in C2)
u C7: Abstract pre-definition of Crypto Items in System Template (improves AUTOSAR tooling support for security)
AUTOSAR 4.4 Security Extensions
Status of standardization
![Page 18: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/18.jpg)
18
Timeline 2018
Status of standardization
![Page 19: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/19.jpg)
19
Importance of cryptographic material
Vehicle key management != key storage
Challenges for standardization
Example: Initial keying at OEM for SecOC
Status of standardization
u Summary
Agenda
![Page 20: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/20.jpg)
20
u Vehicle key management != key storage
u Secure management of cryptographic keys in all lifecycle phases adds an important layer of security
u Standardization has a lot of potential for cost saving but is challenging due to OEM specifics
u Vector provides OEM specific key management implementations for a number of OEMs
u AUTOSAR 4.4 Security Extensions provide KEYM module as a framework for vehicle key management
Outlook:
u Security Extensions will be continued in AUTOSAR 4.5
Important points
Summary
![Page 21: Vehicle Key Management Status of Standardization · 2018-11-15 · u Vehicle key management != key storage u Secure management of cryptographic keys in all lifecycle phases adds an](https://reader030.vdocument.in/reader030/viewer/2022040905/5e7974bb2e222d3c38747ceb/html5/thumbnails/21.jpg)
21 © 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V2.01.00 | 2016-05-09
For more information about Vectorand our products please visit
www.vector.com
Author:
Dr. Eduard Metzker
Vector Informatik GmbH