This document discusses automotive cyber security. It begins by outlining the evolution of automotive technology and the increased connectivity of modern vehicles. This connectivity introduces new security challenges as vehicles can be attacked remotely by hackers. The document then classifies different types of attackers and attacks, including logical and physical attacks. It discusses methods for secure component identification using cryptography and physically unclonable functions. The document also covers secure software initialization, updates, and architectures. Finally, it discusses secure vehicular communication.
4. Innovation in Automotive
Advance drive
assistant system
(ADAS)
Smart lighting
control.
Adaptive cruise
control
Collision
avoidance
Parking assist.
Smart transportation
Traffic
congestion.
Vehicle-to-
infrastructure and
vehicle-to-vehicle
communication.
Traffic line
control.
Advance flee
management
Usage and
behaviour
monitoring
Real-time
telemetric
Package
tracking
Autonomous
driving
Decisive goal is
to made
driverless cars
with zero
fatalities or
collisions.
4
5. 5
With cars incorporating up to 100 ECUs, approaching the upper boundaries of the
wiring harness, So the industry is moving towards
greater integration,
virtualization,
reducing the total number of ECUs,
increasing the number of functions,
Increasing complexity of the software.
6. 6
All these electronic functions bring great benefits to
the driver, increasing comfort, convenience, safety
and efficiency.
Wireless interfaces connect the in-vehicle systems of
these ‘Connected Cars’ to external networks
e.g. internet, enhancing consumer experience
by enabling new features and services.
Connectivity also makes the Connected Car
vulnerable to hackers who attack the vehicle
by seeking and exploiting weaknesses in its
computer systems or networks.
7. Security challenges for Automotive
New Features
ECall systems bring rapid assistance to
motorists involved in a collision
Car owners may want to chip-tune their
engine, to increase performance of the
engine.
The OBD-II port offers diagnostic and
reporting capabilities.
Autonomous Emergency Braking systems
Car sharing systems allow access to a
vehicle via a smart card or mobile device.
Automated Vehicle Identification allows
the car to identify itself for seamless
access to a parking or a toll road.
If not protected well, a thief might be able to abuse
this system to gain access to the vehicle.
Attackers may use it to gain access to the in-vehicle
network, potentially even remotely.
When not protected, hackers could steal for
example personal data including payment details.
You don’t want third parties to get access to this
personal data.
it should not be possible for hackers to activate this
system by sending fake V2X messages to a vehicle
Threats
OEMs may want to protect against such
manipulation by the vehicle owner.
8. Attacker 1
Internal
Class 1
Attacker 2
Internal
Class 2
Attacker 3
Internal
Class3
Attacker E0
External
Class 0
Exemplary
attackers
Driver,
Owner
Motor mechanics,
Backyard garage
Organized crime,
Rival, academia
Thief, V2I or V2V
mischief
Physical
Access
Limited to resp.
skills
Extensive, but not
unlimited
Virtually unlimited None or only very
limited
Technical
Resources
Generally low Medium to high Very high Varies, usually low
to medium
Knowledge
Resources
Generally low Medium to high Very high Varies, but can be
high
Financial
Resources
low Medium Very high Generally low
Reliable
Protection
Mostly feasible Varies, but still
feasible
Only by econ. Mostly feasible
Potential attackers in the automotive domain classified according to their access perimeter,
technical and knowledge resources
9. 9
According to access perimeter of attacker, vehicular attacks
can be classified in:-
1.logical attacks: Attacks via logical interface and external communication,
include active as well as passive encroachments.
2.Physical attacks: By direct attacking the hardware to-
1. Access internal secrets (Crpt. Key).
2. Disable (physically) security
measures.
3. Introduce physical signals to do
enable further attacks.
10. Logical Attacks
Cryptographic Attacks : Tried
to break the security of IT
systems while exploiting
potential conceptual
weaknesses or while just
“brute forcing” the
underlying cryptography of
cryptographic algorithms or
(cryptographic) protocols.
Software Attacks : Software
attacks particularly exploit flaws
and vulnerabilities in design or
implementation3 such as:
1. Integer
2. Heap or buffer overflows
3. Race conditions or infinite
loops
4. Corrupting input and output
data
5. Dependency corruption
6. Resources exhaustion
7. Enforcing restarts or resets.
Communication attacks:
These Attacks on vehicular
communication are probably
the primary challenge for the
most future VC-based
applications. Comprise active
and passive attacks on all
communication channels
accessible by the respective
attacker.
11. 11
Physical Attacks
Monitoring and side channel attack :Mean the passive, noninvasive interception
and examination of all channels susceptible to the attacker that allow him to breach
the security of the respective device
Denial of Service Attacks : Physical denial of service attacks refer to active, invasive
and non-invasive attacks on the physical availability while preventing or
considerably delaying access to critical resources, communication, or functionality.
Fault attacks or perturbation attacks are active, non-invasive attacks that expose
the respective attack target to an anomalous operating environment to induce
faults that could disrupt or modify the execution of some critical instructions.
Penetration Attacks : Penetration attacks are active, invasive attacks that intercept
internal communications, readout internal memories, or monitor any internal
processing behavior to discover internal structures, secrets, and functionality.
Modification Attacks Communication attacks
13. Wireless or
Wired
Communicatio
n Module
Cryptographic Component Identification
Abstract view of a vehicle in a
(Secure vehicular
communication system)
Central Processing Module
Credentials and
Cryptographic
keys
Unique Identity
Vehicle Component
Credential
Certificate
14. Cryptographic Component Identification (Procedure)
Secret Vehicle Key
Central Processing Module
Vehicle Component
Credential Certificate
(Cryptographic TAG)
Certification Check
during component
Installation
Secret Vehicle Key
Central Processing Module Vehicle Component
Credential Certificate
(Cryptographic TAG)
Secret Vehicle Key
Central Processing Module
Vehicle Component
Credential Certificate
(Cryptographic TAG)Security Key to signal
component legitimacy
Successful Certification
check
Phase Component
Installation
Vehicle Operation Component
Removal
Procedure Verification of the Establishment of the Check for the Deletion of the
15. Component Identification using (PUF)
PUF is a function that maps a set of challenges to a set of
responses based on an intractably complex physical
system.
Due to smallest individual physical differences of every physical device,
even identical circuits based on identical layouts provide a very individual
and unpredictable response for the same challenge.
16. Process for generation of Cryptographic key Using (PUF)
In initialization step,
1. An output is generated from the PUF circuit
2. The error correcting syndrome for that output is computed and saved
for later.
3. syndrome and this bit vector are public information and can be stored
anywhere (on-chip, off-chip, or remotely on a server).
17. Key Regeneration Steps using
PUF:
1. The PUF first produces an output from
the circuit.
2. the PUF uses the syndrome from the
initialization step to correct any changes in
the circuit output.
3. The output of the error correcting code
(ECC) can be simply hashed down to a
desired length and used as a cryptographic
key.
19. 1. Integrity.
2. Simple, Fast.
3. Protected
Reference.
1. Integrity.
2. Authenticity.
3. Simple, Fast.
4. Shared Secret.
1. Integrity.
2. Authenticity.
3. Non-repudiation.
4. Adequate
security.
5. Quite slow &
complex.
1. Authenticity.
2. Integrity.
3. Non-repudiation.
4. Freshness
5. Maximum
Security.
6. Most costly and
inflexible
MAC
Digital
signature
Physical
protection
Secure Software Initialization methods
non-repudiation Authenticity
unauthorized
modifications are
detectable
unauthorized
modifications are
infeasible
Hash function
Secure Software Initialization Characteristics
20. • A hash function is a mathematical, efficiently computable function that
has fixed size output:
– E.g., H : {0,1}* {0,1}160
– Input is called “message”, output is “digest”
Hash
function
MAC
Digital
signature
Physical
protection
21. Cryptographic Hash Functions & properties
Name
Digest length
Basic unit of
processing
Number of
steps
Maximum
message size
MD5
128 bits
512 bits
64 (4 rounds
of 16)
infinity
SHA-1
160 bits
512 bits
80 (4 rounds
of 20)
2^64-1 bits
RIPEMD-
160
160 bits
512 bits
160 (5 [paired
rounds of 16)
infinity
Deterministic
Quick to
compute the
hash value
Infeasible to
generate a
message from
its hash value
Small change to
a message
should change
the hash value
Infeasible to find
two different
messages with
the same hash
value
22. Message Digest 5 (MD5)
Variable length message Divided in 512 Blocks
16 *32 bit words
Padding
Original Message 1 0 0 0 0
64 bit represent length of
the message
4. Input message is "padded" (extended)
its length (in bits) equals to 448 mod 512.
2. At least one bit and at most 512
bits are appended.
1. A single "1" bit is
appended to the
message.
3. Last 64 bit represent
length of the message
23. MD5 consists of 64 of these operations,
grouped in four rounds of 16 operations.
F is a nonlinear function; one function is
used in each round.
Mi denotes a 32-bit block of the message
input, and Ki denotes a 32-bit constant,
different for each operation.
“S” denotes a left bit rotation by s places,
“S” varies for each operation. denotes
addition modulo 232.
denotes addition modulo 232.
64 bit
128 bit
MD5 Algorithm
24. Hash
function MAC Digital
signature
Physical
protection
Definition MAC defined over (K, M, T) is a pair of algorithms (E, D):E(k, m):
returns a message authentication code t which belongs to a set T
D(k, m, t): returns a value true or false depending on the correctness of
the received authentication code
Where :
M is a set of all possible messages m,
K is a set of all possible keys k,
T is a set of all possible authentication codes t
26. Hash
function MAC
Digital
signature
Physical
protection
• Used to provide
– Data integrity
– Message authentication
– Non-repudiation
RSA (Digital signature algorithm )
• Developed in 1978 by Rivest, Shamir and
Adleman (RSA)
• Most popular public key cryptosystem
• Based on the hard problem of “integer
factorization”
Key-Generation for RSA(1)
1. Generate two large random distinct primes
p and q, each roughly the same size
2. Compute n = pq and
3. Select random integer e:
2. Compute unique integer d:
2. Public key is (n, e); Private key is d.
( ) ( 1)( 1)n p qφ = − −
1 , such that gcd( , ) 1e eφ φ< < =
1 , such that 1modd edφ φ< < =
27. Alice p=5 q=7 n = 35
φ(n) = 4*6=24
e = 5; d: ed = 5d =1 mod 24 ;
=> d = 5
Public key: (n=35, e=5)
Private key: d=5
M = [0, n-1] For all m Є M
R(m)=m m = 26; R(m) = 26
s = 265 mod 35 = 31
message
Signing
algorithm
message signature
Signer’s private key
Unsecured channel
Signer
Signature
verification
algorithm
Signer’s public key
Verifier
Ok / not Ok
29. Varifiable Initialization (TCG)
Trusted Computing Group : An organization formed to develop, define,
and promote open standards for hardware-enabled trusted computing
and security technologies, including hardware building blocks and software
interfaces, across multiple platforms, peripherals, and devices.
Most Important Components of TCG is:
1. Trusted Platform Module (TPM).
2. Core Root of Trust for Measurement (CRTM), a kind of (protected pre-BIOS (Basic I/O System).
3. Trust Software Stack (TSS), which is the software interface to provide TC functionalities to the
Operating system.
TPM (Trusted Platform Module): a
tamper-resistant hardware
module mounted in a platform.
Responsible for: measurement,
root of trust, storage, reporting
and policy enforcement, No direct
memory access, Protected TPM chip
30. 3030
Execution
Engine (8-
Bit/16 Bit uC)
I/O
(33MHz LPC
bus)
Volatile
Memory
PCR
(>=16 *160 Bit)
RAM (~8kB,
secure execution)
Non-volatile
Memory
ROM (~64Kb,
Firmware,
certificate)
EEPROM
(~16kB,Owner secret,
user data, SRK, EK,
counters)
Monotonic
Counters (>=
4*32 Bit)
Tampering
Sensors (U, f,
Shield, reset)
Asymmetric
Key Generation
Asymmetric
Crypto Engine
(RSA >= 2048 Bit)
TRNG (>=256
Bit per call)
Hash Engine
(SHA-1, HMAC)
Internal Structure of a Trusted Platform Module (TPM) according to the recent TCG specification
31. The Core Root of Trust for Measurement (CRTM)
• The CRTM is the first piece of code that executes on a platform at boot time. (I.e. Bios
or Bios BootBlock in an IA-32 platform)
• It must be trusted to properly report to the TPM what software executes after it.
• Only authorized entities must be able to reflash the CRTM… (those that vouch for its
behavior)
The Authenticated boot process
CRTM and TPM
during the boot
process
32. Trusted Software Stack 32
•TSS enables application development and
interoperability
– Supply one entry point for applications to the
TPM
functionality
– Provides synchronized access to the TPM
– Hide building command streams with
appropriate
byte ordering and alignment from applications
– Manage TPM resources
• Several implementations available
– IBM
– Infineon
– NTRU
– Open Source (TrouSerS)
Application
CSP
Cryptographic API
TSS Service Services
TSS SPI
TPM Devices Driver
TSS Core Services
TSS CSI
TPM Device Driver Library
TPM DDLI
34. Software Security Architecture
• Enables a single computing
device to securely run
multiple process in parallel
by sharing of resources.
• Provide runtime isolation.
• Subsystem, components
can communicate only via
strictly controlled
communication channel.
• Different types of security
architectures are:
1. Virtualized security
architecture.
2. Hardware isolated
architecture.
3. Monolithic security
architecture.
34
35. Virtualized Security Architecture
• A small security kernel act as control instance between vehicular
hardware and actual application.
• Kernel provides strong separation of resources and implements
elementary security mechanisms.
35
Virtualized vehicular security architecture
Security Software layer
Application Layer
Separation layer
Hardware layer
36. 36
Security Software layer
Hardware layer
• Conventional hardware and dedicated cryptographic microchip
securely attached to the vehicular hardware.
• It provides fundamental security-critical functions:
1. Cryptographic operation (encryption, decryption or hashing).
2. Secure timing.
3. Secure random number generation.
•During start-up, this layer could enable the verifiable or secure
initialization by cryptography the corresponding boot strapping
process.
• Provide Strong isolation between applications, components or
subsystems.
•Communication will be only via strictly controlled communication
channel.
•Appropriate resources management interface and enforce effective
access control policy.
37. 37
Application Layer
Separation layer
•Provide security functionalities on more abstract level.
•It uses the functionality offered by separation layer.
•Provide elementary security mechanism such as secure
storage or secure communication.
•Multiple legacy operating systems can be executed concurrently,
but strongly isolated.
•Communication between applications as well as potential I/O are
depends on the conditions of the effective security policy enforced
by the underlying kernel.
•Provides all services and application that are not security critical.
38. Hardware isolated architecture.
• Relay on particular hardware isolation mechanism such as ARM trust zone
Technology.
• In this architecture additional hardware mechanism built in, it virtually provide
additional secure execution environment.
38
• Processor can switch from the legacy
environment (non secure world) to a
virtual security environment (secure
world), each world operates
independently.
• Communication between two world
only possible by calling a privileged
instruction from the non-secure
kernel.
Hardware isolated vehicular security architecture by ARM TrustZone Technology
39. Monolithic Security Architecture.
• Its for isolated security applications,
employ hardware dedicatedly.
• The security kernel only provides
only basic resources management
services.
• Monolithic applications that
themselves include all necessary
resource management and security
mechanism could even completely
omit a separate security kernel,
running on top of the monolithic
application.
39
Dedicated monolithic vehicular security architecture
41. 41
Software updates in automotive
Essential for vehicle OEMs:
• To manage the software efficiently over the lifecycle of the vehicle.
• To provide improvements in performance.
• To deliver corrections to faulty software that endanger lives or the
environment.
42. 42
OEMs is using Software OTA for software updates because:
1. Saves on recall caused by software bugs.
2. Implement into vehicle’s network with as little changes as possible.
3. Cost reduction as compared to manually recall and updating.
Challenges in OTA software update:
1. Cloud connection are active all the time
and thus OTA interfaces are potentially
accessible for hackers.
2. Provide doors for attacks to permanent
endanger the operation of vehicles like
functional changes, tuning, Trojans.
3. Potential to attack vehicles is threatening
Tier1s, OEMs and politicians.
43. Evolutionary Software OTA Flow (Software Development to Vehicle Reboot)
43
Release
new
software
version
Formatting
for update
handling
Service pack at
OEM’s update server
Transport
Via
INTERNET
Over The Air – Telematics unit TCU › Receive
and decrypt from secure wireless protocol
Download service pack ›
Check OEM authenticity ›
Setup encryption services ›
Stored in vehicles central storage ›
Verify data ›
Unpack for ECUs
Updating the vehicle i.e. using UDS ›
Start UDS programming session ›
Send service packs to ECUs in blocks using
UDS protocol.
Update inside ECUs:
Secure Flash Bootloader and HSM ›
Erase Flash ›
Decrypt and unzip blocks (E2E protection) ›
Write new code into Flash ›
Update and verify signatures (HASH)
Reboot the vehicle with new SW versions ›
Exit update mode ›
Restart all ECUs within the car.
Safety responsibility:
-Vehicle protection and
safety responsibility.
-ECU-IP protection and
safety responsibility.
-Secure update service.
-Secure Flash Boot Loader.
44. Secure Software update based on Digital Signature
44
Software Development
Digital Signature
Program code
OEM Trust Centre
Signature
PC
Secret Key
Flash Tool
OEM
Certificate
ECU
Security
Module
Public
Key
OEM’s DATABASE
Steps for secure software update by means of digital signature:
1. Software development.
2. Software is signed at the OEM’s trust, it is protected
environment, employs the OEM’s secret key to authenticate
authorized software by creating digital signature.
3. Signature is append to the software.
4. Signature and software stored in the OEM’s
database for distribution.
5. Now signed software can
be loaded into the
prospective flashing tool.
Flashing tool itself can be
authenticate.
6. ECU can verify the loaded
software for integrity and
authenticity by verifying
signature.
45. Certificate
Validation of vehicle
configuration
Secure Software update based on Trusted Computing
45
Certificate
Generation
And asymmetric key
Current vehicle
hardware and
software
configuration
Vehicle User Content Provider
Content Binding
Bound & encrypted content
Private Key
Public Key
Uses public key to
establish trusted
channel
Trusted channel
configuration
Yes
Decryption and
installation