Trusted Platform Modules Automotive applications and differentiation from HSM

Similar documents
Cyber security of automated vehicles

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Market Trends and Challenges in Vehicle Security

Connecting Securely to the Cloud

Cyber security mechanisms for connected vehicles

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Countermeasures against Cyber-attacks

Introducing Hardware Security Modules to Embedded Systems

How Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Creating Trust in a Highly Mobile World

Spotlight on IoT Security. Choose the right security for the Internet of Things.

Automotive Security: Challenges and Solutions

A Developer's Guide to Security on Cortex-M based MCUs

Automotive Cybersecurity: A steep learning curve

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

Provisioning secure Identity for Microcontroller based IoT Devices

Creating the Complete Trusted Computing Ecosystem:

MASP Chapter on Safety and Security

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Accelerating the implementation of trusted computing

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Atmel Trusted Platform Module June, 2014

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager

Securing the future of mobility

Resilient IoT Security: The end of flat security models

How to protect Automotive systems with ARM Security Architecture

Secure automotive on-board networks

Car2Car Forum Operational Security

Architecture concepts in Body Control Modules

MAXIMIZE YOUR IOT INVESTMENT WITH SCALABLE SOLUTIONS FROM AWS AND NXP

Development of Intrusion Detection System for vehicle CAN bus cyber security

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Windows IoT Security. Jackie Chang Sr. Program Manager

ARM Security Solutions and Numonyx Authenticated Flash

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Firmware Updates for Internet of Things Devices

Titan silicon root of trust for Google Cloud

Windows 10 IoT Core Azure Connectivity and Security

Automotive Cyber Security

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Automotive Security An Overview of Standardization in AUTOSAR

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

ARM processors driving automotive innovation

Trusted Platform Module explained

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Trustzone Security IP for IoT

Smart Meter Security. Martin Klimke, Principle of Technical Marketing Infineon Chip Card and Security

$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales

New STM32WB Series MCU with Built-in BLE 5 and IEEE

KSAR Support. for. ST s SPC5 32-bit Automotive MCUs

Cyber Security and Vehicle Diagnostics. Mark Zachos DG Technologies

Presentation's title

10 th AUTOSAR Open Conference

Arccore AB 2017, all rights reserved. Accelerating innovation

Trojan-tolerant Hardware & Supply Chain Security in Practice

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

Secure Product Design Lifecycle for Connected Vehicles

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)


PKI Credentialing Handbook

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

10 th AUTOSAR Open Conference

Security: The Key to Affordable Unmanned Aircraft Systems

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Security and Performance Benefits of Virtualization

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Open Source in Automotive Infotainment

6.857 L17. Secure Processors. Srini Devadas

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Key Protection for Endpoint, Cloud and Data Center

MIGRATING TO CAN FD. Tony Adamson. Marketing Director CAN / LIN / FlexRay

SW-Update. Thomas Fleischmann June 5 th 2015

Securing MQTT. #javaland

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Automotive Gateway: A Key Component to Securing the Connected Car

Designing Security & Trust into Connected Devices

Security in Automotive Applications

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

How Microcontrollers help GPUs in Autonomous Drive

MU2b Authentication, Authorization and Accounting Questions Set 2

Turbocharging Connectivity Beyond Cellular

Software Architecture for Secure ECUs. Rudolf Grave EB TechDay-June 2015

A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

Hardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO

SECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University

Lecture Embedded System Security Introduction to Trusted Computing

Efficient testing of ECUs despite Security

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Security in NVMe Enterprise SSDs

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Security Requirements for Crypto Devices

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Transcription:

Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies

Axiom: Whatever is connected can (and will) be attacked Remote Diagnostics Software Update Car Repair Shop ecall Payment Systems Internet Services Traffic Information Infotainment Apps CAN ATTACKER Unwanted accesses denied CAR2CLOUD ONBOARD Safety & security LIN OBD JTAG SPI Flexray Ethernet MOST CONSUMER DEVICE INTEGRATION CAR2CAR CAR2INFRASTRUCTURE Prioritization of Emergency Services Toll Control Traffic Jam Detection Accident Avoidance 2

Challenges in software security the complexity trap "Complexity is the enemy of security. As systems get more complex, they get less secure Bruce Schneier A system is only as secure as its weakest link A Bug is hard to find (attackers have time, developers don't) Only one entry point needed Security by design = essential Software (alone) can not protect software 3

Automotive security needs more IT security goals are built on three cornerstones Overall automotive security goals Secured Data Processing Secured Communication Provide functional safety Finance: Protect business & IP Operations: Meet customers quality expectation Fulfil privacy & regulation requirements Protect External Interfaces Gateway Protection & Domain Isolation Secret keys are the basic prerequisite of any secured vehicle function 4

Secret keys must be protected Key integrity is essential for system security Compromised keys = no security Hardware Trust Anchors Provide protected execution environments & tamper resistance for high-security demands Revocation of keys is expensive and takes time Key handling must be secured through the whole lifecycle Key storage & related crypto operation Key management and deployment in insecure environment 5

Benefits of hardware security NO SECURITY Open for all to see Reading Copying Analyzing SOFTWARE ONLY Secures against casual intrusion and basic software attacks Software code easily readable by attackers Software code easily copied and shared by attackers Software code easily analyzed and understood using standard tools HARDWARE SECURITY Secures against hardware attacks and hardens against software attacks Hardware chip protects itself against code reading Secured hardware cannot be easily copied. Secured hardware use proprietary designs and non-standard code Root of Trust Software has no "Root of Trust", recovery of broken system practically impossible Secured hardware provides "Root of Trust" anchor for system, providing detection, recoverability, secure updates 6

How secure is "secure"? Levels of protection ese Software + Hardware Trust Anchor + Certified Tamper Resistant Using Secure Element for tamperresistant Hardware Trust Anchor TEE Software + Hardware Extensions TEE OS runs separate from the general Rich OS but still using the same HW platform Host Purely software protection Storage and processing is done within application running on host 7

Standard microchips can be attacked by various means Logical attack e.g. protocol fuzzing Observative attack e.g. power analysis Manipulative attack e.g. probing Semi-invasive attack e.g. laser fault injection 8

Hardw are Hardware Softwa re Software Countermeasures overview Opportunities and limits Logical Attacks can be thwarted e.g. by using consistency checks in software. Often, these can be effectively utilized. Hardware features may support these countermeasures. Observative Attacks can be thwarted e.g. by using randomization in software, combined with hardware features in order to build an effective and strong barrier. Semi-invasive Attacks can be thwarted e.g. by redundant soft- and hardware, building an effective barrier. Hardware features are needed as an efficient foundation. Manipulative Attacks can be thwarted e.g. by using cryptography in both soft- and hardware, allowing to gain high resistance. The use of hardware features is absolutely essential. 9

The Trusted Platform Module (TPM) is a security controller for cryptographic operations physically separated from the main processor protecting security critical data (e.g. keys, passwords) capable to resist logical and physical attacks security evaluated by a third-party (common criteria standard) a passive device TPM Security Module Generic functions Secured hardware Crypto functions A TPM- The "safe for your platform" 10

OPTIGA TPM security functions Device Authentication One-way authentication Mutual authentication Secured Channel Encrypted Communication Key Generation User Management Password Protection User management and keys Secured Updates Remote maintenance In-field flexibility and reaction System integrity Secure Boot Remote platform verification Dedicated functions for Platform manufacturer System operators Vendor/User/Enterprises Lifecycle Management Key Backup and refurbishment Personalization and identities Supply chain tracking Secured Clock and Time Reliable clock when offline Timer and Monotonic Counter 11

Hardware security module (HSM) and Trusted platform module (TPM) overview HSM Integrated on MCU Integrated security hardware incl. Protected key & program storage, internal firewall, debug protection, crypto accelerators (AES-128/ECC256/SHA-2), AIS31 compliant True Random Number Generator (TRNG) for key generation, 32 bit CPU High performance, real-time capable Full Automotive temperature range and quality (AEC Q-100 Grade 0+, DFR), AUTOSAR compliant AURIX e.g. TC23x Eth CAN HSM TPM Discrete security hardware EAL 4+ security certified hardware & software (tamper resistant) Ca. 100 standardized crypto functions Supports multiple crypto schemes (incl. AES-256/ECC512/RSA2028) AEC-Q100 Grade 2 compatible AIS31 compliant (TRNG) for key generation Host Processor e.g. Linux- Based MPU or AURIX MCU SPI TPM Firmware Basic SW 12

HSM and TPM Comparison 1: security software HSM Integrated on MCU TPM Discrete Chip AURIX e.g. TC23x Eth CAN HSM Host Processor e.g. Linux-Based MPU or AURIX MCU TCG Software Stack (TSS) SPI TPM Firmware Basic SW Software / Functionality Implemented Software Crypt.- library SHE+ Crypt.- Lib. Basic SW ca.100 funct. Host SW ECO Syst. User programmable Standardized Functionality Crypt.- operations SHE+ Crypt.- oper. Key gmt. Authorization FW Update Secured Time 13

HSM and TPM Comparison 2: security protection HSM Integrated on MCU TPM Discrete Chip Features Secret code & data storage Code execution AURIX e.g. TC23x Eth CAN HSM Protection against read-out Separated & protected execution, internal firewall, debug protection Host Processor e.g. Linux-Based MPU or AURIX MCU TCG Software Stack (TSS) SPI Encrypted memory, encrypted data bus TPM Firmware Basic SW Encrypted data execution, self checking dual-cpu Personalization Unique chip identifier Personalized and protected processes (in development, supply and ECU lifecycle) Protection against hardware attacks N/A Maximized protection (e.g. shields, sensors etc.) Security certification N/A Common Criteria EAL4+ high certified (HW + SW)

The importance of hardware trust anchors for automotive security Integrated on MCU (HSM) Onboard security Protected com. & debug interfaces High-speed / real-time critical tasks CAR2CAR CAR2INFRASTRUCTURE CAR2CLOUD Discrete Security Controller Protected external communication Certified hardware security Protecting critical keys & certificates 15

Hardware trust anchors supporting a granular security architecture Telematics Unit Central Gateway SLI 76 SLI 97(V2V) Application Processor & Modem Central Storage OPTIGA TM TPM AURIX e.g. TC23x HSM emmc/sdio SPI OPTIGA TM TPM AURIX e.g TC3xx HSM OBD Protect External Interfaces Network and OEM backend authentication; OBD interface protection Gateway Protection & Domain Isolation Firewall, intrusion detection/ prevention system (IDS/IPS), domain isolation, SOTA, on-board key generation & management Secure Onboard Communication Message authentication, distributed intrusion detection (IDS) Domain A Domain D Target ECU Target ECU AURIX e.g. TC27x HSM Secured Data Processing Secured boot, run time integrity, SOTA updates, component protection, immobilizer 16

Example: feature activation Use case simplified overview Update Server Telematics Control Unit Setup of new parameters Loading of encrypted Enhanced Parameters TPM ~100 functions Key store Accesscontrol Central Gateway Application Processor Multiple Cores AES accelerator Program Program Enhanced Memory Memory Parameters (int./ext.) Update TPM key usage authorization to enable new enhanced parameters Usage of new parameters Request access to key Key access is granted Enhanced Parameters are decrypted and applied 17

Discrete hardware based security offers unique benefits even beyond strong security Discrete hardware-based security offer strong tamper resistance Certified hardware-based solutions create trust based on independent evaluations Security Secure implementation Strong security requires proper implementation by outsourcing security aspects to a dedicated, protected hardware, there is less room for faulty implementations Discrete hardware-based security solutions reduce complexity in the system resulting in a reduced time to market while reaching a measureable security level Time to market Scalability Scalability across various platforms for different types of applications Hardware based security offers strong performance advantages compared to software-based solutions for securely storing and calculating Performance Innovation Discrete hardware-based security solutions provide you the latest (certified) security innovations regardless of the innovation cycle of the other components of a platform Enabling the production in insecure (non-trusted third-party) environments Secured tracking of the value chain Logistical benefits Costs Reduced total cost of ownership of security based on reduced invest in secured manufacturing infrastructure & security knowhow 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback