autosar keym – certificate handling

V2.01.00 | 2019-11-19

Security Webinar November 2019

AUTOSAR KeyM – Certificate Handling

2

Importance of Cryptographic Material

KeyM Module

Certificate Structure

KeyM Interfaces for Certificate Handling

KeyM Configuration for Certificate Handling

Summary

Agenda

3

Cryptographic keys are the foundation for technical security mechanismsImportance of Cryptographic Material

Connectivity Gateway

CU

Instrument

ClusterDSRC 4G

LTE

Laptop

Tablet

Smart-phone

Central Gateway

ADAS DC

Smart Charging

Powertrain DC

ChassisDC

BodyDC

Head Unit

Diagnostic Interface

For security reasons different keys are used for different security related use cases, e.g.

Secure flashing of ECUs (a.k.a code signing, secure reprogramming)

Secure boot of ECUs

Diagnostic access control

Secured communication between the ECUs of a vehicle (e.g. via SECOC)

Secure communication from the ECU to external services (e.g. via TLS)

SW update over the air (SOTA)

Remote feature activation

Component theft protection

Immobilizer

Mobile online services

…

The affected ECUs require a considerable number of cryptographic keys

4


KeyM Module




Summary

Agenda

5

OverviewKeyM Module

Goal: Simplifies typical and common key lifecycle

management tasks

Basic Functions and Key Aspects: Receives new cryptographic material (keys,

certificates) via diagnostic routines Verifies authenticity, integrity and freshness of

cryptographic material Provides callouts to integrate with business logic for

different typical key lifecycle phases (production, initialization, update, repair, replacement)

Supports onboard key agreement protocols Supports secure distribution of shared secret keys Logs security events to security event memory

(SEM)

Microcontroller

RTE

CRYPTO

CAN

COM

ETH

MCAL

DIAG

CSM

CRYPTO (HW)

CRYIF

CRYPTO (SW)

ApplicationApp

SYS

KEYM

SEM

Hardware Trust Anchor (HTA)

DCM

6

SubmodulesKeyM Module

KeyM consists of: Key Submodule and Certificate Submodule

Key Submodule: initialize, update and maintain cryptographic key material

Certificate Submodule:

• Allow BSW modules and SWCs to perform operations with

certificates on a central point within AUTOSAR software architecture

• Verication of single certificates as well as complete certificate chain

• Retrieving and verification of elements from a certificate

• Cryprographic operations are performed by associated crypto jobs,

defined in CSM

• Secure storage in key storage locations of the CSM or NVM

7


KeyM Module




Summary

Agenda

8

Public Key CertificatesCertificate Structure

Certificate Public Key Subject

Valid since… until…

Additional content

Signature

Content

Private Key

9

Chain of trust with digital certificatesCertificate Structure

Public Key CA Certificate

Public Key

Subject


Additional content

Signature

Private Key

Signature of root certificate cannot be verified (it is self-signed)

Certificate Authority (CA) can issue new certificates by signing them with itsprivate key.

User certificates reside at the bottom level of this trust chain hirarchy.

Public Key CA Certificate

Public Key

Subject


Additional content

Signature

Private Key sign

sign

Public Key Certificate

Public Key

Subject


Additional content

Signature

End User Certificate

Private Key

verify

10

Standardization: Structure of X.509 certificatesCertificate Structure

11

Certificate HandlingKeyM Interfaces for Certificate Handling

KeyM_ServiceCertificate()

KeyM_SetCertificate()

KeyM_GetCertificate()

KeyM_CertElementGet()

KeyM_CertGetStatus()

KeyM_VerifyCertificates()

KeyM_VerifyCertificate()

KeyM_VerifyCertificateChain()

KeyM_CertElementGetFirst()

KeyM_CertElementGetNext()

Set Root or Intermediate Certificate, Update, StoreSet Working Certificate

Retrieve Certificate Information

Verification

Retrieve Data from Certificates

with Iteratable Elements

12


KeyM Module




Summary

Agenda

13

Configuration – Verification Job and Key DependenciesKeyM Configuration for Certificate Handling

Mdl Certificate Configuration

Root

Signature Verify Job Ref

Signature Verify Key Ref

Job 1

Job Key Ref

Job 3

Job Key Ref

Key 1

Key 2

Key 3

Intermediate

Working Certificate





Job 2

Job Key Ref

«use forverification»



14

Configuration – Algorithm FamilyKeyM Configuration for Certificate Handling

Additional parameter: used to give more information about the used algorithm

Needs to be set for KeyMCertAlgorithmType ECC

15

Configuration – Public Key ConfigurationKeyM Configuration for Certificate Handling

CertificateSubjectPublicKeyInfo_PublicKeyAlgorithm: element for object identifier of public key

CertificateSubjectPublicKeyInfo_SubjectPublicKey: element for plain data of public key

16


KeyM Module




Summary

Agenda

17

Importance of cryptographic material (keys, certificates)

Certificate handling is covered by KeyM (AUTOSAR 4.4)

Functions provided by KeyM for certificate handling

Configuration of certificate properties

Topic for next webinar: AUTOSAR concept for distributed onboard Intrusion Detection System (IDS)

Key PointsSummary

18 © 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V2.01.00 | 2019-11-19

Author:Dr. Eduard MetzkerVector Informatik GmbH

For more information about Vectorand our products please visit

www.vector.com

autosar keym – certificate handling

Documents