Marko Wolf

State of the Art: Embedding Security in Vehicles

For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high and they will increase dramatically in the future. Yet whereas safety and reliability have become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, we give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives, and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms followed by a detailed description of critical vehicular applications, business models, and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.

Reconfigurable trusted computing in hardware

Trusted Computing (TC) is an emerging technology towards building trustworthy computing platforms. The TrustedComputing Group (TCG) has proposed several specifications to implement TC functionalities by extensions to common computing platforms, particularly the underlying hardware with a Trusted Platform Module (TPM). However, actual TPMs are mostly available for workstations and servers nowadays and rather for specific domainapplications and not primarily for embedded systems. Further, the TPM specifications are becoming monolithic andmore complex while the applications demand a scalable and flexible usage of TPM functionalities. In this paper we propose a reconfigurable (hardware) architecture with TC functionalities where we focus on TPMsas proposed by the TCG specifically designed for embedded platforms. Our approach allows for (i) an efficient andscalable design and update of TPM functionalities, in particular for hardware-based crypto engines and accelerators, (ii) establishing a minimal trusted computing base in hardware, (iii) including the TPM as well as its functionalities into the chain of trust that enables to bind sensitive data to the underlying reconfigurable hardware, and (iv) designing a manufacturer independent TPM. We discuss possible implementations based on current FPGAs and point out the associated challenges, in particular with respect to protection of the internal TPM state since it must not be subject to manipulation, replay, and cloning

Enabling fairer digital rights management with trusted computing

Today, digital content is routinely distributed over the Internet, and consumed in devices based on open platforms. However, on open platforms users can run exploits, reconfigure the underlying operating system or simply mount replay attacks since the state of any (persistent) storage can easily be reset to some prior state. Faced with this difficulty, existing approaches to Digital Rights Management (DRM) are mainly based on preventing the copying of protected content thus protecting the needs of content providers. These inflexible mechanisms are not tenable in the long term since their restrictiveness prevents reasonable usage scenarios, and even honest users may be tempted to circumvent DRM systems. In this paper we present a security architecture and the corresponding reference implementation that enables the secure usage and transfer of stateful licenses (and content) on a virtualized open platform. Our architecture allows for openness while protecting security objectives of both users (flexibility, fairer usage, and privacy) and content providers (license enforcement). In particular, it prevents replay attacks that is fundamental for secure management and distribution of stateful licenses. Our main objective is to show the feasibility of secure and fairer distribution and sharing of content and rights among different devices. Our implementation combines virtualization technology, a small security kernel, trusted computing functionality, and a legacy operating system (currently Linux).

Secure In-Vehicle Communication

This work presents a study of state of the art bus systems with respect to their security against various malicious attacks. After a brief description of the most well-known and established vehicular communication systems, we present feasible attacks and potential exposures for these automotive networks. We also provide an approach for secured automotive communication based on modern cryptographic mechanisms that provide secrecy, manipulation prevention and authentication to solve most of the vehicular bus security issues.

Cryptographic component identification: enabler for secure vehicles

Modern vehicles embed several dozens of electronic control units, infotainment devices, and safety relevant components. All these devices might be manipulated, counterfeited, stolen, and illegally exchanged. Hence, a proper identification of components would be valuable. In this work we propose protocols for component identification in a vehicle. The component identification provides protection against manipulation, counterfeits, and theft by implementing a mechanism to bind security relevant components to a given system. Additionally, such component identification enables secure inter-vehicular networks as well as innovative technologies such as an electronic license plate.

Securing peer-to-peer distributions for mobile devices

Peer-to-peer (P2P) architectures offer a flexible and user-friendly way to distribute digital content (e.g., sharing, rental, or superdistribution). However, the parties involved have different interests (e.g., user privacy vs. license enforcement) that should be reflected in the P2P security architecture. We identify characteristic P2P scenarios and demonstrate how these can be realized by applying a few basic licensing operations. We present a security architecture to realize these basic license operations (i) in a generalized fashion and (ii) employing the ARM TrustZone technology, which is popular for embedded systems. Lastly, we extend existing superdistribution schemes for offline application, allowing a mobile peer to access superdistributed content without the need to first contact the actual licensor.

Establishing Chain of Trust in Reconfigurable Hardware

Facing ubiquitous threats like computer viruses, trojans and theft of intellectual property, Trusted computing (TC) is an emerging technology towards building trustworthy computing platforms. A recent initiative by the trusted computing group (TCG) specifies the use of trusted platform modules (TPM), currently implemented as dedicated, cost-effective crypto-chips mounted on the main board of computer systems. In this paper we propose implementations for TC functionalities based on more flexible and versatile approaches for reconfigurable and embedded architectures. Our approach allows for (i) a scalable design and update of TPM functionalities in embedded systems, (ii) the integration of the TPM hardware in the chain of trust to bind applications to the underlying TPM and the reconfigurable hardware, and (iii) the design of vendor independent TPMs.

Automotive Embedded Systems Applications and Platform Embedded Security Requirements

Contemporary security solutions in the automotive domain usually have been implemented only in particular applications such as electronic immobilizers, access control, secure flashing, and secure activation of functions or protection of mileage counter. With cars, which become increasingly smart, automotive security will play a crucial role for the reliability and trustworthiness of modern automotive systems. In this chapter, we will introduce the topic of automotive security and provide motivation for security in embedded automotive platforms.

Sichere Botschaften – Moderne Kryptographie zum Schutz von Steuergeräten

Die Gesamtsystemsicherheit eines Fahrzeugs gelingt nur durch die zuverlassige Absicherung aller involvierten Steuergerate, der ausfuhrenden Aktuatoren und ihrer Kommunikation. Escrypt beschreibt die Anwendung und Umsetzung moderner Kryptographie zum Schutz von Steuergeraten im Automobil, um unerlaubte Eingriffe, unerlaubte Kopien oder Falschungen zu verhindern.

Introduction to Vehicular Embedded Security

For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high, and they will increase dramatically in the future. Yet whereas the area of safety and reliability has become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications, such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, this paper will give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms, followed by a detailed description of critical vehicular applications, business models and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.