autosar keym – certificate handling
TRANSCRIPT
V2.01.00 | 2019-11-19
Security Webinar November 2019
AUTOSAR KeyM – Certificate Handling
2
Importance of Cryptographic Material
KeyM Module
Certificate Structure
KeyM Interfaces for Certificate Handling
KeyM Configuration for Certificate Handling
Summary
Agenda
3
Cryptographic keys are the foundation for technical security mechanismsImportance of Cryptographic Material
Connectivity Gateway
CU
Instrument
ClusterDSRC 4G
LTE
Laptop
Tablet
Smart-phone
Central Gateway
ADAS DC
Smart Charging
Powertrain DC
ChassisDC
BodyDC
Head Unit
Diagnostic Interface
For security reasons different keys are used for different security related use cases, e.g.
Secure flashing of ECUs (a.k.a code signing, secure reprogramming)
Secure boot of ECUs
Diagnostic access control
Secured communication between the ECUs of a vehicle (e.g. via SECOC)
Secure communication from the ECU to external services (e.g. via TLS)
SW update over the air (SOTA)
Remote feature activation
Component theft protection
Immobilizer
Mobile online services
…
The affected ECUs require a considerable number of cryptographic keys
4
Importance of Cryptographic Material
KeyM Module
Certificate Structure
KeyM Interfaces for Certificate Handling
KeyM Configuration for Certificate Handling
Summary
Agenda
5
OverviewKeyM Module
Goal: Simplifies typical and common key lifecycle
management tasks
Basic Functions and Key Aspects: Receives new cryptographic material (keys,
certificates) via diagnostic routines Verifies authenticity, integrity and freshness of
cryptographic material Provides callouts to integrate with business logic for
different typical key lifecycle phases (production, initialization, update, repair, replacement)
Supports onboard key agreement protocols Supports secure distribution of shared secret keys Logs security events to security event memory
(SEM)
Microcontroller
RTE
CRYPTO
CAN
COM
ETH
MCAL
DIAG
CSM
CRYPTO (HW)
CRYIF
CRYPTO (SW)
ApplicationApp
SYS
KEYM
SEM
Hardware Trust Anchor (HTA)
DCM
6
SubmodulesKeyM Module
KeyM consists of: Key Submodule and Certificate Submodule
Key Submodule: initialize, update and maintain cryptographic key material
Certificate Submodule:
• Allow BSW modules and SWCs to perform operations with
certificates on a central point within AUTOSAR software architecture
• Verication of single certificates as well as complete certificate chain
• Retrieving and verification of elements from a certificate
• Cryprographic operations are performed by associated crypto jobs,
defined in CSM
• Secure storage in key storage locations of the CSM or NVM
7
Importance of Cryptographic Material
KeyM Module
Certificate Structure
KeyM Interfaces for Certificate Handling
KeyM Configuration for Certificate Handling
Summary
Agenda
8
Public Key CertificatesCertificate Structure
Certificate Public Key Subject
Valid since… until…
Additional content
Signature
Content
Private Key
9
Chain of trust with digital certificatesCertificate Structure
Public Key CA Certificate
Public Key
Subject
Valid since… until…
Additional content
Signature
Private Key
Signature of root certificate cannot be verified (it is self-signed)
Certificate Authority (CA) can issue new certificates by signing them with itsprivate key.
User certificates reside at the bottom level of this trust chain hirarchy.
Public Key CA Certificate
Public Key
Subject
Valid since… until…
Additional content
Signature
Private Key sign
sign
Public Key Certificate
Public Key
Subject
Valid since… until…
Additional content
Signature
End User Certificate
Private Key
verify
10
Standardization: Structure of X.509 certificatesCertificate Structure
11
Certificate HandlingKeyM Interfaces for Certificate Handling
KeyM_ServiceCertificate()
KeyM_SetCertificate()
KeyM_GetCertificate()
KeyM_CertElementGet()
KeyM_CertGetStatus()
KeyM_VerifyCertificates()
KeyM_VerifyCertificate()
KeyM_VerifyCertificateChain()
KeyM_CertElementGetFirst()
KeyM_CertElementGetNext()
Set Root or Intermediate Certificate, Update, StoreSet Working Certificate
Retrieve Certificate Information
Verification
Retrieve Data from Certificates
with Iteratable Elements
12
Importance of Cryptographic Material
KeyM Module
Certificate Structure
KeyM Interfaces for Certificate Handling
KeyM Configuration for Certificate Handling
Summary
Agenda
13
Configuration – Verification Job and Key DependenciesKeyM Configuration for Certificate Handling
Mdl Certificate Configuration
Root
Signature Verify Job Ref
Signature Verify Key Ref
Job 1
Job Key Ref
Job 3
Job Key Ref
Key 1
Key 2
Key 3
Intermediate
Working Certificate
Signature Verify Job Ref
Signature Verify Key Ref
Signature Verify Job Ref
Signature Verify Key Ref
Job 2
Job Key Ref
«use forverification»
«use forverification»
«use forverification»
14
Configuration – Algorithm FamilyKeyM Configuration for Certificate Handling
Additional parameter: used to give more information about the used algorithm
Needs to be set for KeyMCertAlgorithmType ECC
15
Configuration – Public Key ConfigurationKeyM Configuration for Certificate Handling
CertificateSubjectPublicKeyInfo_PublicKeyAlgorithm: element for object identifier of public key
CertificateSubjectPublicKeyInfo_SubjectPublicKey: element for plain data of public key
16
Importance of Cryptographic Material
KeyM Module
Certificate Structure
KeyM Interfaces for Certificate Handling
KeyM Configuration for Certificate Handling
Summary
Agenda
17
Importance of cryptographic material (keys, certificates)
Certificate handling is covered by KeyM (AUTOSAR 4.4)
Functions provided by KeyM for certificate handling
Configuration of certificate properties
Topic for next webinar: AUTOSAR concept for distributed onboard Intrusion Detection System (IDS)
Key PointsSummary
18 © 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V2.01.00 | 2019-11-19
Author:Dr. Eduard MetzkerVector Informatik GmbH
For more information about Vectorand our products please visit
www.vector.com