vector cyber security solution vhsm firmware · cyber security in automotive overview cyber...

25
V1.01.03 | 2018-10-30 MICROSAR.HSM – Optimized and Flexible Software for Hardware Security Modules Vector Cyber Security Solution – vHSM Firmware

Upload: others

Post on 23-Jan-2020

316 views

Category:

Documents


11 download

TRANSCRIPT

Page 1: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

V1.01.03 | 2018-10-30

MICROSAR.HSM – Optimized and Flexible Software for Hardware Security Modules

Vector Cyber Security Solution – vHSM Firmware

Page 2: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Overview

Cryptographic Solutions

MICROSAR.HSM - Features

MICROSAR.HSM - Architecture

MICROSAR.HSM - Integration and Workflow

Summary

Agenda

2/25

Page 3: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Cyber Security in Automotive

Overview

Cyber security gains increasing importance in automotive industry due to highly connected vehicles and accessible customer interfaces. Vehicles become a part of the internet of things.

Therefore, highly complex algorithms have to be executed efficiently in an isolated portion within the ECUs. A secure storage for cryptographic secrets is needed as well.

At this, a hardware security module including its software is used to provide necessary performance and isolation with appropriate small footprints.

Vector Solution

At a glance u

3/25

Page 4: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Layered Security Concept – Defense in Depth

Overview

Secure External Communication

Secure Gateways

Secure In-Vehicle

Communication

Secure Platform

u Secure communication to services outside the vehicle via TLS

u Intrusion detection mechanisms

u Firewalls

u Key Infrastructure / Vehicle PKI

u Synchronized secure time

u Message authentication codes (MAC)

u Freshness to ensure integrity of messages

u Encryption to ensure confidentiality of messages

u Secure key storage

u Secure boot and secure flash

u Crypto algorithm library

u HW trust anchor (HTA)

u E.g. Hardware Security Modules (HSM)

Associated Security Controls

4/25

Page 5: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Firewall

Key Infrastructure

Secure On Board Com.

Secure Off Board Com.

Intrusion Detection / Prevention

Monitoring / Logging

Hypervisor

Crypto Primitives Download Manager

Connectivity Gateway

CU

Instrument

ClusterDSRC 4G LTE

Laptop

Tablet

Smart-phone

Central Gateway

ADAS DC

Smart Charging

Powertrain DC

Chassis DC

Body DC

Secure Flash/Boot

Security Mechanisms allocated in Example Architecture

Overview

Head Unit

Secure SynchronizedTime Manager

Diagnostic Interface

5/25

Page 6: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

MICROSAR.HSM: vHSM – What it actually is and does.

Overview

u Cryptographical services on secure core with isolated memory

u Large library of crypto algorithms

u Crypto Basic functions (hash, random numbers)

u Message authentication code (HMAC, CMAC)

u Symmetric and asymmetric crypto algorithms

u Providing secure key storage, update and handling

u Supporting signature generation and verification

u Providing secure boot protocol

u Supporting hardware acceleration for better performance

u Modular architecture with extensive configuration space

u Adaptable HSM firmware to match use case requirements and foot print

u Comprehensive configuration tool DaVinci Configurator

MICROSAR.HSM – Functionality MICROSAR.HSM – Configuration

vHSM is an efficient and flexible firmware for hardware security modules that is adaptable to your use case in order to improve cybersecurity.

u Secure boot in combination with flash bootloader

u Secure software update and code signing

u Secure OnBoard Communication (SecOC)

MICROSAR.HSM – Use Cases

6/25

Page 7: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Overview

u Cryptographic Solutions

MICROSAR.HSM - Features

MICROSAR.HSM - Architecture

MICROSAR.HSM - Integration and Workflow

Summary

Agenda

7/25

Page 8: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Executing cryptographic algorithms in software

u No hardware support / acceleration possible

u No isolated secure core or memory available

u May occupy many CPU resources (CPU time)

u Code size and speed highly depends on the microcontroller

Pure Software Approach

Cryptographic Solutions

Microcontroller

CPU

RAM Flash

SW Crypto

Network Interface

internal connection

vehicle network

8/25

Page 9: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Accelerating cryptographic algorithms in crypto peripheral

u Hardware support / acceleration possible

u No isolated secure core or memory available

u Secrets and application data in same memory

u No updates of crypto hardware are possible

Based on Crypto Peripheral

Cryptographic Solutions

Microcontroller

CPU

RAM FlashHW

Crypto

Network Interface

internal connection

vehicle network

9/25

Page 10: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Hardware security module (HSM)

Cryptographic Solutions

u HSM design objectives

u Harden ECUs against SW and selected HW attacks

u Provide HW acceleration for crypto functions

u EVITA HSM profiles

u HSM full:

> Support strong authentication (e.g. via RSA, ECC)

> Support complex block ciphers

> High performance, updateable

u HSM medium:

> Secure ECU 2 ECU communication

> updateable

u HSM small:

> Secure critical sensors / actuators

> Simple block ciphers

> Low cost modules, not updateable

Microcontroller

HSM

CPU

RAM FlashHW

Crypto

Network Interface

internal connection

vehicle network

Secure Memory

CPU

SW Crypto

Secure Core

10/25

Page 11: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Overview

Cryptographic Solutions

u MICROSAR.HSM - Features

MICROSAR.HSM - Architecture

MICROSAR.HSM - Integration and Workflow

Summary

Agenda

11/25

Page 12: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Core Features

u (HW accelerated*) Cryptographic basic functions and algorithms

u Streaming of crypto jobs

u Isolated secure key storage

u Secure error log

u Development error handling and debugging

u Customization and extension support

u Featured use cases:

u Secure software download and code signing support

u Secure communication support> On board (e.g. SecOC)

> Off board (e.g. V2G)

u Secure boot support

Overview vHSM Product Features

MICROSAR.HSM - Features

*Depending on available accelerators in HW

12/25

Page 13: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Basic functions and symmetric crypto algorithms

u Hash (SHA-256,…)

u Random number generation

u MAC Generate and Verify> CMAC

> HMAC

u Cipher> AES in the modes ECB, CBC, GCM

u Asymmetric crypto algorithms

u RSA (Generation and Verification of Signatures)> PKCS #1 V1.5, PKCS #1 V2.2

u RSA (Encryption and Decryption)

u ECDSA (Generation and Verification of Signatures)> Ed25519, NIST/ANSI P256 R1, SEC P256 R1,…

u Key derivation functions (KDF) and key exchange

u KDF in counter mode

u Concatenation KDF

u Key exchange protocol EC-DHE

Supported Basic Functions and Cryptographic Algorithms

MICROSAR.HSM - Features

Example: Encryption and decryption

Example: HMAC for flash programming

13/25

Page 14: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Any Keys can be passed in plaintext and stored inside the HSM

u Includes symmetric/asymmetric keys and certificates

u Any other security relevant data (e.g. mileage) can be stored as well in secure storage!

u Key Installation of symmetric keys according SHE 1.1

u Support of counter handling

u UID can be read out

u Extensive configuration options:

u Free choice if a key is stored in flash or only in RAM

u Keys can be stored redundantly and reset safe

u Keys are pre-loaded / cashed on startup to avoid loading with every use

u Number of keys only limited by available RAM and data flash of platform

u Keys can be locked until secure boot has finished

u Keys can be configured as write once

u Keys can be persisted immediately or delayed to be able to persist multiple keys at once

Key Storage

MICROSAR.HSM - Features

kprivate

kpublic

ksecret

Secure Mem

Example: Secure key, mileage and SecOC freshness value storage

Authentic I-PDU

Freshness Value

MACSecured I-

PDU Header

SecOC Message:

14/25

Page 15: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u vHSM provides an error log, which can be used to log error events which occur on the HSM

u Errors can be written to secure data flash and read out by application

u The maximum number of log entries is configurable

Host System

vHSM Error Log

MICROSAR.HSM - Features

>ERROR: Verification failed.

>ERROR: Verification failed.

>ERROR: Verification failed.

>ERROR: Verification failed.

>ERROR: Verification failed.

>ERROR: Verification failed.

>ERROR: Verification failed.

> …

RTE

SYS COM

SWC / Application

vHSM

Error Log

15/25

Page 16: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Reporting of Det Errors on vHSM

u Can be treated as error and logged

u Can be forwarded to application

u Det of vHSM works as proxy of the host DET> Errors are forwarded and reported on the host

u For some compilers (e.g. Greenhills / MULTI), trace messages are displayed on the console window if enabled

u Due to source code delivery, vHSM is fully debuggable

Development Error Handling and Debugging

MICROSAR.HSM - Features

16/25

Page 17: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Prevent execution of tampered ECU software by means of a chain of trust

u Integrity check is performed at ECU startup

u Each software unit involved in the boot process validates the integrity of the subsequent software unit, forming a chain of trust

u Validation can be done via checking signature / MAC

u Keys and MAC must be stored in a secure area

vHSM supports Secure Boot in:

u Secure key and MAC storage

u Signature / MAC verification

u 1..n secure boot slots with

u Configurable keys

u Configurable sanctions

u Configurable performance improvement options

u Sequential or parallel secure boot

u Isolation of host and secure domains

Example Use Case: Secure Boot

MICROSAR.HSM - Features

vHSM

FBL

App

FBL Code CMAC

App Code CMAC

Start

Start

17/25

Page 18: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Overview

Cryptographic Solutions

MICROSAR.HSM - Features

u MICROSAR.HSM - Architecture

MICROSAR.HSM - Integration and Workflow

Summary

Agenda

18/25

Page 19: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Internal Architecture of the vHSM

MICROSAR.HSM - Architecture

u The vHSM firmware consists of vHSM dedicated and Vector standard modules

u Modular and configurable architecture

u In analogy to AUTOSAR Crypto stack

u CryIf channels

u CryDrv driver objects

u Crypto primitives

u Keys, key types and key elements

u Communication between host and vHSM is done by IPC / shared memory

u Synchronous and asynchronous job processing supported

u Notification about job completion by polling or interrupts on host side

Microcontroller

HSM

vHSM Firmware

FlsDrv

Crypto(Sw)

vHsm_SecUpd

vHsm_Hal

vHsm_Custom

CryIf

Det

vHsm

Fee

MemIf

Crc

vSecPrim

HSM-SYS HSM-LIBSHSM-MEM

HSM-CRYPTO

HSM-MCAL

HSM-OS

19/25

Page 20: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Internal Architecture of the vHSM

MICROSAR.HSM - Architecture

Microcontroller

vHSM

vHSM CryIfvHSM KeyM

Crypto Hardware

Accelerator

Crypto Software Library

Custom Crypto Job

Secure Memory

vHSM Job Processor

RAMHSM Channel

HSM Channel

HSM Channel

HSM Channel

AUTOSAR 4.3BSW

Flash Bootloader

Secure Boot and Update

Support

HSM Channel

RTE

SYS

COM

MCAL

SWC / Application

Crypto(vHSM)

OS

20/25

Application core subsystem

HSM subsystem

Shared memory

Page 21: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Overview

Cryptographic Solutions

MICROSAR.HSM - Features

MICROSAR.HSM - Architecture

u MICROSAR.HSM - Integration and Workflow

Summary

Agenda

21/25

Page 22: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

u Comprehensive configuration with DaVinci Configurator Pro

u DaVinci Configurator Pro provides pre-config file to sync vHSM configuration with MICROSAR configuration including:

u Available primitives

u Available and configured keys

Configuration of vHSM: Synchronization

MICROSAR.HSM - Integration and Workflow

Developer 1

DaVinci Cfg5

vHSM config

Developer 2

DaVinci Cfg5

MSR config

*.arxml

Generate pre-config file as output

Input asAdditional Definitions

- Available primitives

- Available and configured Keys

22/25

Page 23: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Overview

Cryptographic Solutions

MICROSAR.HSM - Features

MICROSAR.HSM - Architecture

MICROSAR.HSM - Integration and Workflow

u Summary

Agenda

23/25

Page 24: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

MICROSAR.HSM – vHSM Solution

Summary

u Cryptographical services on secure core with isolated memory

u Large library of crypto algorithms

u Crypto Basic functions (hash, random numbers)

u Message authentication code (HMAC, CMAC)

u Symmetric and asymmetric crypto algorithms

u Providing secure key storage, update and handling

u Supporting signature generation and verification

u Providing secure boot protocol

u Supporting hardware acceleration for better performance

u Modular architecture with extensive configuration space

u Adaptable HSM firmware to match customer requirements and foot print

u Comprehensive configuration tool DaVinci Configurator

MICROSAR.HSM – Functionality MICROSAR.HSM – Configuration

vHSM is Vectors solution to improve security by providing an efficient firmwarefor hardware security modules that is adaptable to your use case.

u Secure boot in combination with flash bootloader

u Secure software update and code signing

u Secure OnBoard Communication (SecOC)

MICROSAR.HSM – Use Cases

24/25

Page 25: Vector Cyber Security Solution vHSM Firmware · Cyber Security in Automotive Overview Cyber security gains increasing importance in automotive industry due to highly connected vehicles

© 2018. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.01.03 | 2018-10-30

Author:Dr.-Ing. Falco BappDr. Eduard MetzkerVector Germany

For more information about Vectorand our products please visit

www.vector.com