View
15
Download
0
Category
Preview:
Citation preview
JapanAutomotiveSoftwarePlatformandArchitecture
CyberSecurityStudyforAutomotiveEthernetinJapanAutomotiveIndustry
ArchitectureTeamLeaderMikioKATAOKA
HitachiAutomotiveSystems,Ltd.
ArchitectureTeam,RequirementDefinitionSub-teamLeaderKeisukeTerada
Yazaki Corporation.
JASPARNextGenerationHigh-SpeedNetworkWG
7thIEEE-SAEthernet&IPAutomotiveTechnologyDay,SanJose,CA,USA,Nov.2017
Japan Automotive Software Platform and Architecture2017/11/2 2/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
Japan Automotive Software Platform and Architecture2017/11/2 3/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
Japan Automotive Software Platform and Architecture2017/11/2 4/26
1-1.WhatisJASPAR?
JASPAR:JapanAutomotiveSoftwarePlatformandArchitecture
JASPARwasestablishedtopursueincreasingdevelopmentefficiencyandensuringreliabilitybystandardizationandcommonuseof
electroniccontrolsystemandin-vehiclenetworkwhichareadvancingandcomplexing.
nMissionü Improvementsindevelopmentproductivityandsignificantlycontributetotheadvancementoftheworld’stechnologythroughstandardizationactivity.
ü Establishofthefairbasisforcompetitionofthewholeautomobileindustry.
n Achievementsü RepresentacollectivevoiceoftheJapanesecompaniesattheinternational
standardizationbodies.ü Contributetodevelopmentofglobalstandards.
Japan Automotive Software Platform and Architecture2017/11/2 5/26
OEM Tier1 Soft/Tool Semicon/Electronics Others
12 42 73 25 19BBoard memberHONDA R&DNissanTOYOTA
DENSO Toyota Tsusho
Regular memberISUZUMazdaSUBARUSUZUKI
ADVICSAISIN AWAISIN SEIKIAkebono BrakeAlpineALPSAutolivAutoliv Nissin BrakeBosch Calsonic KanseiClarionContinental AutomotiveFUJITSU TENFurukawa Electric Hitachi AMSJATCOJTEKT
KeihinMitsubishi ElectricNidec ElesysNIPPON SEIKINSKPanasonicPIONEERRicohSHOWASumitomo ElectricTOKAI RIKAToyoda GoseiTOYOTA INDUSTRIESYAZAKI
ADCAPRESIA APTJATSAUBASSCadenceCATSChange VisioneSOLETASFFRIFTLFUJI SOFTFUJITSUFUJITSU BSCHitachi ICSIBM Japan
KPITMentor GraphicsmicwareNECNihon SynopsysOMRONOTSLSCSKSTABILITY Sunny GikenToshiba Information Systems TOYOTrend MicroVector JapanWITZ
Harman InternationalHRSInfineonMegaChipsMicrochipMJKKMurata NXP SemiconductorsRenesasTDKTOSHIBATyco Electronics
DNP DTRSKDDISECOM TOPPANTOYOTA CRDL
1-2.JASPARmembersListasofSeptember,2017
Assciate memberDAIHATSUHinoHYUNDAIMitsubishi MotorUD Trucks
Delphi Automotive SystemsFujikuraKYBMagna International MITSUBANGK SPARK PLUGToyodensoTRANSTRONValeo JapanYamaha Motor
A&DA&W TechonologyACCEL JAPAN AICAISIN COMCRUISEANRITSUArgus Cyber
SecurityAXEAZAPABITSBrisonCanon ITSDigital ContentsDITdSPACEEager
EiwaElektrobitGAIOHI CORPHitachi High-TechIxiaLACMamezouMITO SOFTNEC Solution InnovatorsNetagentNTT DATA MSENTT DATA SBC PCI SolutionsSystenaTakasaki KyodoTata Consultancy
TOKYO ELECTRON DEVICETrilliumTTTechUbiquitousUSEWind RiverXilinxYokogawa
ADIARMCypress Innovates HI-LEXHitachi ULSI HosidenNTNROHMSanden Automotive ComponentsSanDisk ShindengenThineYOKOWO
Allion JapanBiz3HAGIWARAKyoei Sangyo MACNICANTT DOCOMOOECRENESAS EASTON RyodenRyosanSANSHINShinko Shoji
Japan Automotive Software Platform and Architecture2017/11/2 6/26
Executive BoardAuditor
Administrator
Board Members Steering Committee
FunctionalSafety
Working Groups
IntellectualProperty
AUTOSARStandardization
In-vehicleLAN
Dynamic Vehicle
Information Sharing
Cyber Security
Promotion
BluetoothConformance
MobileDevice
Interface
Next Generation High-Speed
NETwork
: Out of Action
: In actionCyber
Security Technical
OTATechnical
1-3.JASPAROrganization(asofSeptember2017)
Japan Automotive Software Platform and Architecture2017/11/2 7/26
NextGenerationHigh-SpeedNetworkWG
HardwareTeam
LeadersMeeting
1-4.NextGenerationHigh-SpeedNetworkWG
Architecture Team AUTOSAR Subcommittee OPEN Subcommittee
Definein-vehiclerequirementsforthenext-generationhigh-speednetworktechnology.Studycertification/authenticationmechanismstoensureconformanceandinteroperability,asrequired.Keepclosecooperationwithassociateddomestic/internationalorganizationsandcompaniestoaccomplishstatedgoals.
RequirementDefinitionSub-Team
SoftwareSwitchEvaluationSub-Team
Japan Automotive Software Platform and Architecture2017/11/2 8/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusofStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResult
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
Japan Automotive Software Platform and Architecture2017/11/2 9/26
2-1-1.CaseoftheCarHacking
Hackertrends
<Target>Uconnect implementedcar.<Attack>Controlthedisplay,steeringandtransmission.(Accidentscausedbyaremoteattackhasnotoccurred.)
<Target>FCAJeep<Attack>Sendthemaintenancecommandfromthediagnosisconnector.ImpersonatedaregularECUandcontrolthesteering.
‘13Hackinginthecar
‘15Hackingfromremote(Atlowspeed)
‘16Controlthecarusingmaintenancemode(Whendriving)
FCArecall1.4million units
Hackinglevelforcarshasincreasedyearbyyear
Japan Automotive Software Platform and Architecture2017/11/2 10/26
2-1-2.In-vehicleEthernetSecurity
Therearetheimportantissuesthatwediscussthesecuritymeasuresagainstcyberattacks.
AlsointheNextGenerationHigh-SpeedNetworkWG,thein-vehicleEthernetsecurityhasbeenstudiedfrom2015.
Maliciousattack
Protect
V2V
V2IV2P
Japan Automotive Software Platform and Architecture2017/11/2 11/26VLAN
2-2-1.JASPAR’sPresumedSecurityConfiguration
Tool OBD(DoIP)
TCU
IVI/NAVIGateway
ECU(Switch)
End-node
End-node
End-node
Server
ECU(Switch)
:
Dataencryption(TLS)
External Internal
• AccessControlList• Communicationmonitoring• Electroniccertification• VLANfiltering
• AccessControlList• Communicationmonitoring• Mutualauthentication• VLANfiltering
MutualauthenticationMessageauthentication
DMZ
• Spoofing countermeasure• Serverauthentication• Mutualauthentication
FW1
FW2
FW3
TCU:TelematicsControlUnitFW:Firewall
Thegateway separatesoutsideandinsideofvehicleasaattacksurfaceandfiltersillegaldataforintrusionprevention.Datacommunicatedwithoutsideofvehicleshouldbeencrypted.Messageauthenticationcodeisadaptedforcommunicationdataofin-vehicle.
Japan Automotive Software Platform and Architecture2017/11/2 12/26
EnumeratethesecuritytechnologiesrelatedtheEthernet.
2-2-2. EthernetSecurityTechnologies
Japan Automotive Software Platform and Architecture2017/11/2 13/26
Priorityconsiderationitemsareselectedforin-vehicleEthernetnetwork.Decidedbytheinterestsofparticipatingcompanies.
Thefollowing3itemsareselected.VLAN,Filtering,SSL/TLS.
2-2-3. Priority Consideration Items
Category Discussionitems
VLAN ・Usageofthe VLANas thenetworkconfiguration.・RoutingusingtheVLAN.(considerdomains)
Filtering ・Scopeoffilterapplicationasthe in-vehiclesystems.・Performanceof theautomotivemicrocomputer/switch.
Messageauthentication
・ThiscategoryisdiscussedbyotherWGinJASPAR.So,excludefromdiscusspointinthisWG.
SSL/TLS ・Investigatethespecification andthecompatibilitywiththein-vehiclesystems.・Performanceapplied toautomotivemicrocomputer.
DPI ・Investigate thetechnologies. (whatkindofattackcanbedetected)
MACSec, IPSec ・FeasibilitybasedonrequiredprocessingcapacityPerformance insoftware/hardware.
VLAN:VirtualLAN SSL:SecureSocketLayer TLS:TransportLayerSecurityDPI:DeepPacketInspection
Japan Automotive Software Platform and Architecture2017/11/2 14/26
Wediscussedtheimplementationpointsoffiltering.Asaresult,wepresumethefollowingpointsasimplementationpoints.Bymatchingbetweenthefilteringfunctionsetforeachpointandthereceivedpacket,itisselectedwhetherthepacketispassedordiscarded
2-3-1.ImplementationPointofFiltering
Tool OBD(DoIP)
TCU
IVI/NAVIECU(Switch)
End-node
End-node
End-node
Server
ECU(Switch)
:
External InternalDMZ
Gateway(switch)
Filterfunctionimplementationpoint
Japan Automotive Software Platform and Architecture2017/11/2 15/26
Selectthesecuritytechnologiesasaprerequisitetodiscussthefilteringfunction.Scope:Standardizedordiscussingtechnologiescreatedby
IEEE,IETF,etc.
2-3-2.SecurityTechnologiesAppliedtotheFiltering
SecuritytechnologiesPort-basedVLANTaggedVLANPrivateVLANSubnetworkbasedVLANMACfiltering,Portsecurity,IEEE802.1X,MACauthenticationbypassStaticMACTableDynamicARPInspectionIPSourceGuardIPfilteringVLANACLNAT(NetworkAddressTranslation)NAPT(NetworkAddressPortTranslation)DDoSOpenThreatSignaling(dots)OCSP(OnlineCertificateStatusProtocol)
Japan Automotive Software Platform and Architecture2017/11/2 16/26
2-3-3. FilteringFields andAppliedtoIn-vehicleNetworkEnumeratefilteringitemsforeachOSIlayers.
Implementationfunction.Appliedtoin-vehiclenetwork.Withorwithouthardwaresupport.
Enumeratedfilteringitems
Japan Automotive Software Platform and Architecture2017/11/2 17/26
WediscussedtheimplementationpointofTLS.Asaresult,wepresumethefollowingpointsasimplementationpoints.SincethereisapossibilitythattheinternalECUmaybecometheendpointofTLS,theimplementationpointofTLSistheentirenetworkincludinggateway,ECU,andendnode.
2-4-1.ImplementationPointofTLS
Tool OBD(DoIP)
TCU
IVI/NAVIECU(Switch)
End-node
End-node
End-node
Server
ECU(Switch)
:
External InternalDMZ
Gateway(switch)
TLSembeddedsoftware
Japan Automotive Software Platform and Architecture2017/11/2 18/26
DiscusstheTLSfunctionandtechnologyelements.Technologyoverviewandrecommendation.
2-4-2.TLS FunctionandTechnologiesRelatedTLS
Enumeratedtechnologyelements
Japan Automotive Software Platform and Architecture2017/11/2 19/26
PerformthethreatanalysisbytheCIA.ConsiderConfidentiality/Integrity/Availabilityandrelatedtechnicalelements.
2-4-3.ThreatAnalysisofTLS Requirements
CIA TLS Requirements
Confidentiality
Confidentialityofsessionkeys
Confidentiality ofmessages
Transport keys
Session information
Integrity
Serverauthentication
Client authentication
Message authentication
Availability
Connection times(Server)
Throughput
Connection times(Client)
Certificate renewal
Japan Automotive Software Platform and Architecture2017/11/2 20/26
DiscussionofVLANconfigurationbasedonJASPARnetworkconfiguration.=>Classifiedintotwotypes.
VLANconfigurationsbydomain.AssignVLANIDforeachnetworkdomain.VLANconfigurationsbyapplication.AssignVLANIDforeachapplication.
2-5-1.ExampleofVLANConfiguration
VLANconfigurationsbydomain VLANconfigurationsbyapplication
Ports ECUVLAN Membership
1 2 3 4 5
0 μC (Gateway) x x x x
1 Tool x
2 TCU x3 IVI/NAVI x x
4 ECU1 x
5 ECU2 x
6 Camera x
VLAN Application10 DoIP(Before auth.)10 DoIP(After auth.)20 xxxx12x xxxx230 xxxx33x xxxx4
Ports ECU
VLAN Membership
10(B
)
10(A
)
20 2x 30 3x
0 μC(Gateway) x x x1 Tool x x2 TCU x x3 IVI/NAVI x x x4 ECU1 x x x5 ECU2 x x x x
Japan Automotive Software Platform and Architecture2017/11/2 21/26
IncaseofapplyingafirewalltoVLANconfigurations.=>ConfiguretheFirewalltoforwardpacketsonlytotherequiredports.
2-5-2.ExampleofFirewallApplication
ExampleofthefirewallincaseofVLANconfigurationsbydomain
• WhitelistmethodChecktheVLANIDandtheL2,L3,L4headerspermittedforeachinput(physical)port,onlytransferthepermittedpackets
1.CommunicationwithinVLAN: End-node3⇔ End-node2Internal(betweenECU1andECU2)allowsfilteringtopass.
2.CommunicationbetweenVLANs:IVI/NAVI(VLAN3)⇔ End-node1(VLAN1)
ItispreferabletofilterbyMACaddress,IPaddress,portnumberatFW1andFW3ofGateway.
ExampleofthefirewallincaseofVLANconfigurationsbyapplication
VLAN Application10 FW2 internal comm.
(DoIP, before auth.)10 FW2 internal comm.
(DoIP, after auth.)20 FW1 internal comm.
(SOME/IP)2x FW1 external comm.
( application 1 )30 FW3 internal comm.
( IP Video)3x FW external comm.
( application 2 )
Ports ECUVLAN Membership
10(B
)
10(A
)
20 2x 30 3x
0 μC(Gateway) x x x1 Tool x x2 TCU x x3 IVI/NAVI x x x4 ECU1 x x x5 ECU2 x x x x
VLANID10:PortbasedVALNOthers:TaggedVLAN
Japan Automotive Software Platform and Architecture2017/11/2 22/26
1.AboutJASPAR- What’sJASPAR- NextGenerationHigh-SpeedNetworkWG- ActivitiesofWG
2.StatusoftheStudyAboutIn-vehicleEthernetSecurity- In-vehicleNetworkSecurity- StudyResults
- JASPARSupposedConfiguration- PriorityConsiderationItems- Filtering- SSL/TLS- VLAN
3.FutureActivities- Documentation- Conclusion
Agenda
Japan Automotive Software Platform and Architecture2017/11/2 23/26
TheseresultsaredescribedforJASPARguidelines.(within2017)JASPAR members can obtainthesedocuments.
3-1.Documentation
Japan Automotive Software Platform and Architecture2017/11/2 24/26
Wearediscussingthesecuritytechnologyverificationofin-vehicle.BycomparingICT(InformationCommunicationTechnology)securityandin-vehiclesecurity,clarifiesdifferentfactors.
3-2.FutureActivities
ConfigurationexampleinICT
Internet
FW1
L2Switch
TCU IVI/Navi
FW3
L3Switch(Router)SwitchingbetweenmultipleVLANs
Body
Chassis
ADASL2Switch
ECU
ECU
ECU
・・・
FW2
OBD(DoIP)Tool
StudyofTSNrequirementsStartedbyinvestigatingspecifications,underconsiderationofapplicationexamples.
Japan Automotive Software Platform and Architecture2017/11/2 25/26
DiscusstheEthernetsecuritytechnologiesappliedtoin-vehiclenetwork.EnumeratetheEthernetsecuritytechnologies.SelectFiltering,SSL/TLSandVLANforthepriorityconsiderationitems.
3-3.Conclusion
Discussed items Output
Filtering
- Enumeratethefilteringitems.L2:VLANID,TPID,VIDetc.L3:Protocolnumber,Controlflag(SYN)etc.
- Definetheimplementationsofhardwareorsoftware.
- Definetherequirements ofthefilteringitems.
SSL/TLS
- DiscomposedtheSSL/TLS technologiesintofunctionalelements.
Authenticationmethod,Encryption,ConnectiontimeandThroughputetc.
- TLStechnologiesguideline.- Clarifytheusecase,usedtechnologies.
VLAN
Definethe networkarchitecturewithVLAN.- VLANconfigurationsbydomain.Networkdesign(includingmulti-VLAN)
- VLANconfigurationsbyapplication.Networkdesign(DoIP,Imagetransmission,Mapdatadistributionetc.)
- VLAN designguideline.- VLANdesignarchitectureandrequired technologies.
Japan Automotive Software Platform and Architecture2017/11/2 26/26
Thankyouforyourattention.
Recommended