Approaches to Security

Approaches to Security - Most future vehicular applications require high end-to-end communication security as enabling environment.

It is generally important that all transferred information can be seen and received in clear only by the desired parties, that potential modifications are impossible to conceal and that unauthorized parties are not able to participate in vehicular communication.

Modern communication security mechanisms provide secrecy, manipulation prevention and authentication based on cryptographic algorithms and protocols, to solve most of the car security problems.

The uncontrolled interference of the vehicle communications networks can be prevented by a series of measurements. In the following, we show three elementary practices to achieve vehicular bus communication security.

A. Controller Authentication

Authentication of all senders is needed to ensure that only valid controllers are able to communicate within automotive bus systems. All unauthorized messages may then processed separately or just immediately discarded.

Therefore, every controller needs a certificate to authenticate itself against the gateway as a valid sender. A certificate consists of the controller identifier ID, the public key PK and the authorizations Auth of the respective controller.

The gateway in turn securely holds a list of public keys PKOEM of all accredited OEMs (Original Equipment Manufacturer) of the respective vehicle. Each controller certificate is digitally signed by the OEM with its respective secret key SKOEM.

As shown in Table 6, the gateway again uses the corresponding public key of the OEM to verify the validity of the controller certificate. If the authentication process succeeds, the respective controller is added to the gateway’s list of valid controllers.

B. Encrypted Communication

A fundamental step to improve automotive bus communication security is the encryption of all vehicular data transmission.

Due to the particular constraints of automotive bus communication systems (computing power, capacity, timing, . . .), a combination of symmetric and asymmetric encryption meets the requirements on adequate security and high performance.

Whereas fast and efficient symmetric encryption secures the bus-internal broadcast communication, asymmetric encryption is used to handle the necessary secure key distribution. In that case, all controllers of a local bus system share the same, periodically updated, symmetric key to encrypt their bus-internal communication.

Asymmetric encryption provides the acquisition of the symmetric key for newly added authorized controllers and carries out the periodic symmetric key update, as well as the required authentication process.

In our example implementation shown in Figure 2, a centralized super gateway processor connects all existing bus systems with each other. Therefore, all inter-bus communication is done exclusively only over the gateway processor.

Moreover, the gateway has a protected memory area to store securely (tamper-resistant) the secret keys and the list of valid controllers together with their respective authorizations Auth. The application of so-called trusted computing modules (TPM) can provide such particular secured memory portions.

In our example, every successful verified bus controller holds the symmetric bus group key Ki as well as its own public and secret key pair PKj , SKj and the public key of the gateway PKG.

The gateway itself stores the certificates and of every valid controller node as well as each bus-internal group key Ki for fast inter-bus communication. As all internal bus data is encrypted by Ki , only controllers that posses a valid Ki are able to decrypt and read all local broadcasted bus messages.

Since the centralized gateway holds the symmetric keys of every connected bus system, fast and secure inter-bus communication between valid controller nodes is provided.

As shown in Table 7, every controller may optionally also include a digital signature SM, to provide message integrity and sender authentication. On the other hand, it is also possible to provide message integrity utilizing an asymmetric message authentication code (MAC) [Ca99].

Table 8 shows the receipt of encrypted message C by a controller or the gateway processor. Whereas network internal controllers decrypt only the symmetric part C1 of C, gateways have to verify also the optionally enclosed signature SM .

Only if the sender verification succeeds and the sending controller has appropriate authorizations, the gateway forwards the message encrypted again into the targeted subnet. To enhance the security additionally, the gateway may initiate periodic bus group key updates.

This prevents installing unauthorized controllers using a compromised Ki . To inform all controllers of a bus system, the gateway broadcasts for each controller on its list of valid controllers a message encrypted with the respective public key PKj of each controller.

When every controller has decrypted its key update message with its secret private key SKj , a final broadcast of the gateway may activate the new symmetric bus group key.

C. Gateway Firewalls

For completing vehicular bus communication security, gateways have to implement capable firewalls. If the vehicular controllers are capable to implement digital signatures or MACs, the rules of the firewall are based on the authorizations given in the certificates of every controller.

Therefore, only authorized controllers are able to send valid messages into (high safety-relevant) car bus systems. If the vehicular controllers do not have the abilities to use digital signatures or MACs, the rules of the firewall can be established only on the authorizations of each subnet.

However, controllers of lower restricted networks such as LIN or MOST should generally be prevented from sending messages into high safety-relevant bus systems as CAN or FlexRay.

Moreover, diagnostic functions and messages as well as all diagnostic interfaces, normally used only for analyses in garages or during manufacturing, should completely be disabled by the firewall, during normal driving operation.