12
HoliSec Holistic Approach to Improve Data Security Topic: WP2: Cryptographic support and key management Presenter: Christian Sandberg, Volvo GTT September 7, 2017. Time 13:00 – 13:20

13.00 HoliSec WP2 2017-09-07 Final - Autosec

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandberg,VolvoGTTSeptember7,2017.Time13:00 – 13:20

Page 2: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Presentation outline

2Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

• Purpose• Timeline• Tasks:

• SecOCFreshnesshandling• SecOCKeyderivation• Keymanagementlifecycle

Page 3: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Purpose

3Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

Hostandsupportotherworkpackageswithactivitiesrelatedtocryptography

Input:DerivecryptographicneedsfromWP1

Page 4: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Timeline

4Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

Deliverables

Q1/22017: ExtractingrequirementsfromD1.1CollectingOEMrequirementsonSecOCfreshnesshandling

Q3/42017: DocumentrequirementsAnalyzefreshnessalgorithmsAnalyzekeyderivationalgorithms

Page 5: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: SecOC freshness handling

5Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

• OEMtospecifyfreshnesshandlingalgorithm,notcoveredbytheAUTOSARstandard

• Freshnessascounter• IndividualcountersforeachPDU• Riskofgettingoutofsynchbetweensenderandreceiver

• Freshnessastime• Needtoensuresecureglobaltimebroadcastinthevehicle

Page 6: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: SecOC freshness handling

6Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

• Transparentgateways(repackagingmightputincreasedcertificationrequirementsongateways,e.g.ISO26262ASIL)

• J1939compliant(e.g.ForCAN8byteframes,29bitid...)• Samealgorithmformulti-protocol,e.g.CAN,Ethernet(aidgateway

transparency)• Avoidsinglepointoffailuredesigns• Considerresynchspeedtoquicklygetcommunicationrunninge.g.

followingstartup,sleep,orerroneousrestartbyacommunicatingparty.Exampleusecase:safetyapplications

• Vehiclemodeaware(e.g.keepbussilence,sleep)• Potentiallyeasiertograduallyintroducecounterbasedsolutioninlegacy

platformthanintroducesecureglobaltime

Page 7: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: Key derivation algorithms

7Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

EachPDUmayhaveauniquekey(e.g.AES128).WithmanyPDUsbeingcommunicatedtomanypeers,itwouldrequiresecurestorageofmanykeys.AwaytoaddressthisistoderivekeysfromasmallersetofmasterkeysusingKeyderivationalgorithms.

Masterkey

=f(PDUID, MasterKey)PDU1key

PDU2key

Page 8: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: Key derivation algorithms

8Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

Activities:

• Identifysuitablekeyderivationalgorithms

• Keyderivationalgorithmswillbeanalyzedforrelevantusecases

involving,amongothers,AUTOSARSecureOnboardCommunication

• Implementation

• Usage

• Evaluationofe.g.resourceneeds

Page 9: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: Key lifecycle management

9Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

Activities:

• ExtractkeylifecycleusecasesandrequirementsfromD1.1

• AnalyzehowNIST.SP.800-130/57(Part1-3)maybeusedforautomotive

keymanagementusecases

• DescribekeylifecycleprocessforselctedusecasesidentifiedfromD1.1

Page 10: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: Key lifecycle management

10Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

Example:D1.1RT-TN-10”Howtoprotectinformationheldinthevehiclefromunauthorizedmodificationanddeletion(dataatrest)”

Derivedusecases:• Securesoftwaredownload• Securestorageofdata

Exampleofhighlevelderivedsecurityrequirements:• ECU/Sensorshallusecryptographicmechanismtoensureintegrityofdata

atrest• ECU/Sensorshallusecryptographicmechanismtoensureauthenticityand

integrityofdatapackagesbeingdownloaded

Page 11: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Tasks: Key lifecycle management

11Topic:WP2:Cryptographicsupportandkeymanagement

Presenter:ChristianSandbergSeptember7,2017.Time13:00– 13:20

NIST.SP.800 Specifies,keyphases,activitiesandstates.Dependingonkeyusecases,akeymayenterthesephases/statesatdifferenttimesduringtheproductlifecycle,puttingrequirementsonhowtheyarehandledduringdevelopment,manufacturing,useinthefield,serviceworkshopsetc.

Page 12: 13.00 HoliSec WP2 2017-09-07 Final - Autosec

HoliSecHolisticApproachtoImproveDataSecurity

Thankyouforyourattention!


WP2 and GridPP UK Simulation W. H. Bell University of Glasgow EDG – WP2

WP2 and GridPP UK Simulation W. H. Bell University of Glasgow EDG – WP2

Documents
Wp2 Democracy Burma

Wp2 Democracy Burma

Documents
OPC Security WP2

OPC Security WP2

Documents
HoliSec Holistic Approach to Improve Data Security · HoliSec Holistic Approach to Improve Data Security Why is secure on-board communication necessary? • Mechanical to electrical

HoliSec Holistic Approach to Improve Data Security · HoliSec Holistic Approach to Improve Data Security Why is secure on-board communication necessary? • Mechanical to electrical

Documents
Beuth Hochschule für Technik Berlin · WP2-03 Konstruieren mit Kunststoffen Schmidt-Kretschmer WP2-04 Fördertechnik Schlenzka WP2-05 Beanspruchungsmessung und Messdatenverarbeitung,

Beuth Hochschule für Technik Berlin · WP2-03 Konstruieren mit Kunststoffen Schmidt-Kretschmer WP2-04 Fördertechnik Schlenzka WP2-05 Beanspruchungsmessung und Messdatenverarbeitung,

Documents
WP2 2nd Review

WP2 2nd Review

Technology
Safety issues for WP2 E. Baussan on behalf of WP2

Safety issues for WP2 E. Baussan on behalf of WP2

Documents
Workpackage 2: Implementation Infrastructure. WP2: Objectives Main Objective of WP2: Integrated Optique Platform Main Objective of WP2: Integrated Optique

Workpackage 2: Implementation Infrastructure. WP2: Objectives Main Objective of WP2: Integrated Optique Platform Main Objective of WP2: Integrated Optique

Documents
SAP Aris WP2

SAP Aris WP2

Documents
Advances in WP2

Advances in WP2

Documents
Data Management Expert Panel - WP2. WP2 Overview

Data Management Expert Panel - WP2. WP2 Overview

Documents
WP2 PRESENTATION

WP2 PRESENTATION

Documents
HoliSec Holistic Approach to Improve Data Security · Presenter: Kaushik Naik, Brian Katumba March 26, 2019 . HoliSec Holistic Approach to Improve Data Security Outline • Objective

HoliSec Holistic Approach to Improve Data Security · Presenter: Kaushik Naik, Brian Katumba March 26, 2019 . HoliSec Holistic Approach to Improve Data Security Outline • Objective

Documents
Wp2 English

Wp2 English

Documents
WP2 Report

WP2 Report

Documents
WP2 Progress Overview

WP2 Progress Overview

Documents
WP2 Final Report

WP2 Final Report

Documents
Exercise wp2

Exercise wp2

Documents
3.6 relazione wp2

3.6 relazione wp2

Presentations & Public Speaking
WP2-MESMA Framework

WP2-MESMA Framework

Documents
CHOReVOLUTION WP2 Enablers

CHOReVOLUTION WP2 Enablers

Software
WP2- NA2: Remote sensing of vertical aerosol distribution ... · Deliverable WP2 / D2.11 (M42) WP2- NA2: Remote sensing of vertical aerosol distribution Deliverable D2.11: Report

WP2- NA2: Remote sensing of vertical aerosol distribution ... · Deliverable WP2 / D2.11 (M42) WP2- NA2: Remote sensing of vertical aerosol distribution Deliverable D2.11: Report

Documents
wP2-55, wP2-60, wP3-65 - ВсеИнструменты · 2021. 1. 8. · wP2-55, wP2-60, wP3-65 en es pt fr pl fi ru tr MS10406 (REV. -) 2 Briggsandstratton.coM Thank you for purchasing

wP2-55, wP2-60, wP3-65 - ВсеИнструменты · 2021. 1. 8. · wP2-55, wP2-60, wP3-65 en es pt fr pl fi ru tr MS10406 (REV. -) 2 Briggsandstratton.coM Thank you for purchasing

Documents
A proTocol tO secUre Controller Area Network AutoSec 2019

A proTocol tO secUre Controller Area Network AutoSec 2019

Documents
TOPDRIM: Update WP2

TOPDRIM: Update WP2

Documents
AutoSeC : An Integrated Middleware Framework for Dynamic Service Brokering

AutoSeC : An Integrated Middleware Framework for Dynamic Service Brokering

Documents
WP2 Definition of European DCA strategy EuroVO-DCA Final Review, 29 April 2009 Franoise Genova, Coordinator, WP2 lead WP2 Definition of European Data

WP2 Definition of European DCA strategy EuroVO-DCA Final Review, 29 April 2009 Franoise Genova, Coordinator, WP2 lead WP2 Definition of European Data

Documents
Wp2บทเรียนโปรแกรมความเร็ว และความเร่ง

Wp2บทเรียนโปรแกรมความเร็ว และความเร่ง

Documents
WP2 David Beadman

WP2 David Beadman

Documents
ecobreed WP2 report

ecobreed WP2 report

Documents