This article is an illustration of possible Responsibility matrix ( between OEM & Suppliers) ?for meeting requirements as specified by ?UN Regulation ECE R 155 ?and depiction of an ?indicative ?vehicle level security architecture to full fill ?the regulatory ?requirements .
Before detailing out the possible vehicle level security architecture let’s take a look sample responsibility matrix
- Measures to detect and recover from a Denial of service attack shall be employed – ?Centralized PDC (Prevent Detect Cure ) controller in vehicle to shut down malicious node
- Measures to prevent and detect unauthorized access shall be employed ? - ?Individual ECU , PDC for vehicle level
- Measures to detect malicious internal messages or activity should be considered?- ?Individual?ECU , PDC for vehicle level
- The vehicle shall verify the authenticity and integrity of messages it receives ??- ?PDC
- Security controls shall be implemented for storing cryptographic keys (e.g., use of Hardware Security Modules)?? - Individual??ECU , OEM server
- Software bugs – Protection against ?stack over flow attack , return address attack – at ECU Level
- Using remainders from development (e.g. debug ports, JTAG ports, development certificates, developer passwords, …) which can permit access to ECUs or permit attackers to gain higher privileges - Individual ECU - Authorization
- Systems shall implement security by design to minimize risks? - Compliance to ISO – 21434 - ?Individual ECU – CAL 1 /2/3
- Establishment of? Cyber Security Management System which? applies to the following phases: (a) Development phase; (b) Production phase; (c) Post-production phase??- This needs to be done at every ECU level – Organization level – TIER-I , OE
- Combination of short encryption keys and long period of validity enables attacker to break encryption – ?inter ?ECU transaction management ?where every transaction exhibit ?below characteristics’ ?
- Forward Secrecy –DF Key Exchange
- Back ward Secrecy – Session Keys
- Tracking resilience
- Confidentiality ?- AES? - 128 / RSA / ECC
- Integrity – SHA/ MAC / DSA
- Authentication – MAC / DSA
- Non Repudiation – DSA
- Key Generation Framework
- Avoiding Usage of already or soon to be deprecated cryptographic algorithms – RSA / ECC – Quantum Computing?
- Provision of Secure software update – Authenticity , integrity , Confidentiality – OEM server and Individual ECU
- Secure Booting – Individual ECU
- Compliance to ISO 24089 framework for software update – Individual ECU & OEM server
- Protection against replacement of authorized electronic hardware - Centralized PDC(Prevent Detect Cure ) controller in vehicle to shut down un authorized ?hardware ?
- Protection against Manipulation of the information collected by a sensor – At Sensor and ECU level through secure communication and challenge – response authentication
- Diagnostic access (e.g. dongles in OBD port) used to facilitate an attack, e.g. manipulate vehicle parameters (directly or indirectly) – centralized PDC(Prevent Detect Cure ) controller in vehicle
- Root of Trust for certificate chain - centralized PDC(Prevent Detect Cure ) controller in vehicle
- Prevention of Extraction of cryptographic keys – HSM , SCA testing
- Protection against Illegal/unauthorized changes to vehicle’s electronic ID - Centralized PDC(Prevent Detect Cure ) controller in vehicle
- Unauthorized changes to system diagnostic data – Prevention of data manipulation ?attacks on sensors using Secure communication between critical sensors and ECU
?As it can be clearly seen from above requirements every safety critical, remotely accessible, connected & field upgradable ECU will have to be compliant with ISO 21434 & ISO 24089.The communication between sensors and ECUs needs to be end to end protected, the communication between two ECUs needs to be end to end protected as well and there needs to be a centralized PDC ECU to take care of security aspects at vehicle & V2X level and to serve as root of trust at a vehicle level . ?
This also means that implementing ??security software on top of embedded ?hardware security ?module ??supporting functions like ?secure storage , TRNG , Key generation , RSA , ECC , AES , DFKE , DSA , SHA is a must ??whether its SOC or Micro Controller .
