D2-01 TERADA Security Study For Automotive Ethernet V07

1y ago
22 Views
2 Downloads
1.87 MB
26 Pages
Last View : 22d ago
Last Download : 2m ago
Upload by : Helen France
Transcription

Cyber Security Study for AutomotiveEthernet in Japan Automotive tureJASPAR Next Generation High-Speed Network WGArchitecture Team LeaderMikio KATAOKAHitachi Automotive Systems, Ltd.Architecture Team, Requirement Definition Sub-team LeaderKeisuke TeradaYazaki Corporation.7th IEEE-SA Ethernet & IP Automotive Technology Day, San Jose, CA, USA, Nov. 2017

Agenda1. About JASPAR- What’s JASPAR- Next Generation High-Speed Network WG- Activities of WG2. Status of the Study About In-vehicle Ethernet Security- In-vehicle Network Security- Study Results- JASPAR Supposed Configuration- Priority Consideration Items- Filtering- SSL/TLS- VLAN3. Future Activities- Documentation- Conclusion2017/11/2Japan Automotive Software Platform and Architecture2/26

Agenda1. About JASPAR- What’s JASPAR- Next Generation High-Speed Network WG- Activities of WG2. Status of the Study About In-vehicle Ethernet Security- In-vehicle Network Security- Study Results- JASPAR Supposed Configuration- Priority Consideration Items- Filtering- SSL/TLS- VLAN3. Future Activities- Documentation- Conclusion2017/11/2Japan Automotive Software Platform and Architecture3/26

1-1. What is JASPAR ?JASPAR: Japan Automotive Software Platform and ArchitectureJASPAR was established to pursue increasing development efficiencyand ensuring reliability by standardization and common use ofelectronic control system and in-vehicle network which are advancingand complexing.n Missionü Improvements in development productivity and significantly contribute tothe advancement of the world’s technology through standardization activity.ü Establish of the fair basis for competition of the whole automobile industry.n Achievementsü Represent a collective voice of the Japanese companies at the internationalstandardization bodies.ü Contribute to development of global standards.2017/11/2Japan Automotive Software Platform and Architecture4/26

1-2. JASPAR members List as of September, 732519BBoard memberHONDA R&DNissanTOYOTAToyotaTsushoDENSORegular memberISUZUMazdaSUBARUSUZUKIADVICSAISIN AWAISIN SEIKIAkebono BrakeAlpineALPSAutolivAutoliv Nissin BrakeBoschCalsonic KanseiClarionContinental AutomotiveFUJITSU TENFurukawa ElectricHitachi AMSJATCOJTEKTKeihinMitsubishi ElectricNidec ElesysNIPPON SEIKINSKPanasonicPIONEERRicohSHOWASumitomo ElectricTOKAI RIKAToyoda GoseiTOYOTA Change VisioneSOLETASFFRIFTLFUJI SOFTFUJITSUFUJITSU BSCHitachi ICSIBM JapanKPITMentor GraphicsmicwareNECNihon SynopsysOMRONOTSLSCSKSTABILITYSunny GikenToshiba Information SystemsTOYOTrend MicroVector JapanWITZHarman taNXP SemiconductorsRenesasTDKTOSHIBATyco ElectronicsDNPDTRSKDDISECOMTOPPANTOYOTA CRDLADIARMCypress InnovatesHI-LEXHitachi ULSIHosidenNTNROHMSanden lion JapanBiz3HAGIWARAKyoei SangyoMACNICANTT DOCOMOOECRENESASEASTONRyodenRyosanSANSHINShinko ShojiAssciate memberDAIHATSUHinoHYUNDAIMitsubishi MotorUD Trucks2017/11/2Delphi Automotive SystemsFujikuraKYBMagna InternationalMITSUBANGK SPARK PLUGToyodensoTRANSTRONValeo JapanYamaha MotorA&DA&W TechonologyACCEL JAPANAICAISIN COMCRUISEANRITSUArgus CyberSecurityAXEAZAPABITSBrisonCanon ITSDigital ContentsDITdSPACEEagerEiwaElektrobitGAIOHI CORPHitachi High-TechIxiaLACMamezouMITO SOFTNEC Solution InnovatorsNetagentNTT DATA MSENTT DATA SBCPCI SolutionsSystenaTakasaki KyodoTata ConsultancyTOKYO ELECTRON DEVICETrilliumTTTechUbiquitousUSEWind RiverXilinxYokogawaJapan Automotive Software Platform and Architecture5/26

1-3. JASPAR Organization ( as of September 2017)AuditorExecutive BoardAdministratorBoard MembersSteering CommitteeWorking cal: In action: Out of Action2017/11/2CyberSecurityPromotionJapan Automotive Software Platform and ArchitectureOTATechnical6/26

1-4. Next Generation High-Speed Network WGDefine in-vehicle requirements for the next-generation high-speed networktechnology.Study certification/authentication mechanisms to ensure conformance andinteroperability, as required.Keep close cooperation with associated domestic/international organizations andcompanies to accomplish stated goals.Next Generation HighSpeed Network WGLeaders MeetingHardware TeamArchitecture TeamRequirement DefinitionSub-Team2017/11/2AUTOSAR SubcommitteeOPEN SubcommitteeSoftware Switch EvaluationSub-TeamJapan Automotive Software Platform and Architecture7/26

Agenda1. About JASPAR- What’s JASPAR- Next Generation High-Speed Network WG- Activities of WG2. Status of Study About In-vehicle Ethernet Security- In-vehicle Network Security- Study Result- JASPAR Supposed Configuration- Priority Consideration Items- Filtering- SSL/TLS- VLAN3. Future Activities- Documentation- Conclusion2017/11/2Japan Automotive Software Platform and Architecture8/26

2-1-1. Case of the Car HackingHacker trendsHacking level for cars has increased year by yearFCA recall 1.4 million units Target Uconnect implemented car. Attack Control the display, steering andtransmission.(Accidents caused by a remote attackhas not occurred.) Target FCA Jeep Attack Send the maintenance commandfrom the diagnosis connector.Impersonated a regular ECU andcontrol the steering.‘15Hacking from remote(At low speed)‘16Control the car usingmaintenance mode(When driving)‘13Hacking in the car2017/11/2Japan Automotive Software Platform and Architecture9/26

2-1-2. In-vehicle Ethernet SecurityThere are the important issues that we discuss the securitymeasures against cyber attacks.Also in the Next Generation High-Speed Network WG,the in-vehicle Ethernet security has been studied from 2015.V2PV2IProtectV2V2017/11/2Malicious attackJapan Automotive Software Platform and Architecture10/26

2-2-1. JASPAR’s Presumed Security ConfigurationThe gateway separates outside and inside of vehicle as a attack surfaceand filters illegal data for intrusion prevention.Data communicated with outside of vehicle should be encrypted.Message authentication code is adapted for communication data of in-vehicle. Spoofing countermeasure Server authentication Mutual authenticationAccess Control ListCommunication monitoringMutual authenticationVLAN filteringMutual authenticationMessage authenticationData encryption (TLS) Access Control ListCommunication monitoringElectronic certificationVLAN 7/11/2:ECUFW2OBD(DoIP)End-node(Switch)TCU: Telematics Control UnitJapan Automotive Software Platform and ArchitectureFW: Firewall11/26

2-2-2. Ethernet Security TechnologiesEnumerate the security technologies related the Ethernet.2017/11/2Japan Automotive Software Platform and Architecture12/26

2-2-3. Priority Consideration ItemsPriority consideration items are selected for in-vehicle Ethernet network.Decided by the interests of participating companies.The following 3 items are selected.VLAN, Filtering, SSL/TLS.CategoryDiscussion itemsVLAN・Usage of the VLAN as the network configuration.・Routing using the VLAN. (consider domains)Filtering・Scope of filter application as the in-vehicle systems.・Performance of the automotive microcomputer / switch.Messageauthentication・This category is discussed by other WG in JASPAR.So, exclude from discuss point in this WG.SSL/TLS・Investigate the specification and the compatibility with the in-vehicle systems.・Performance applied to automotive microcomputer.DPI・Investigate the technologies. (what kind of attack can be detected)MACSec, IPSec・Feasibility based on required processing capacityPerformance in software / hardware.VLAN: Virtual LANSSL: Secure Socket Layer TLS: Transport Layer SecurityDPI: Deep Packet Inspection2017/11/2Japan Automotive Software Platform and Architecture13/26

2-3-1. Implementation Point of FilteringWe discussed the implementation points of filtering.As a result, we presume the following points as implementation points.By matching between the filtering function set for each point and the receivedpacket, it is selected whether the packet is passed or -nodeECU(Switch)InternalFilter function implementation point2017/11/2Japan Automotive Software Platform and Architecture14/26

2-3-2. Security Technologies Applied to the FilteringSelect the security technologies as a prerequisite to discuss the filtering function.Scope : Standardized or discussing technologies created byIEEE, IETF, etc.Security technologiesPort-based VLANTagged VLANPrivate VLANSub network based VLANMAC filtering, Port security, IEEE802.1X, MAC authentication bypassStatic MAC TableDynamic ARP InspectionIP Source GuardIP filteringVLAN ACLNAT(Network Address Translation)NAPT(Network Address Port Translation)DDoS Open Threat Signaling (dots)OCSP (Online Certificate Status Protocol)2017/11/2Japan Automotive Software Platform and Architecture15/26

2-3-3. Filtering Fields and Applied to In-vehicle NetworkEnumerate filtering items for each OSI layers.Implementation function.Applied to in-vehicle network.With or without hardware support.Enumerated filtering items2017/11/2Japan Automotive Software Platform and Architecture16/26

2-4-1. Implementation Point of TLSWe discussed the implementation point of TLS.As a result, we presume the following points as implementation points.Since there is a possibility that the internal ECU may become the end point of TLS,the implementation point of TLS is the entire network including gateway, ECU, andend )(Switch)DMZInternalTLS embedded software2017/11/2Japan Automotive Software Platform and Architecture17/26

2-4-2.TLS Function and Technologies Related TLSDiscuss the TLS function and technology elements.Technology overview and recommendation.Enumerated technology elements2017/11/2Japan Automotive Software Platform and Architecture18/26

2-4-3.Threat Analysis of TLS RequirementsPerform the threat analysis by the CIA.Consider Confidentiality / Integrity / Availability and related technicalelements.CIATLS RequirementsConfidentiality of session keysConfidentiality of messagesConfidentialityTransport keysSession informationServer authenticationIntegrityClient authenticationMessage authenticationConnection times (Server)AvailabilityThroughputConnection times (Client)Certificate renewal2017/11/2Japan Automotive Software Platform and Architecture19/26

2-5-1. Example of VLAN ConfigurationDiscussion of VLAN configuration based on JASPAR network configuration. Classified into two types.VLAN configurations by domain.Assign VLAN ID for each network domain.VLAN configurations by application.Assign VLAN ID for each application.4ECU15ECU26CameraxxxxxxVLAN configurations by 42TCU3IVI/NAVI45ECU1ECU2xx3xxxxx230xxxx12xPorts ECU2x20x5xx20TCUIVI/NAVIDoIP(After auth.)x10(A)2310xVLAN Membership10(B)ToolDoIP(Before auth.)41Application103μC (Gateway)VLAN20VLAN Membership1Ports ECUxxxxxxxxxxxVLAN configurations by applicationJapan Automotive Software Platform and Architecture20/26

2-5-2. Example of Firewall ApplicationIn case of applying a firewall to VLAN configurations. Configure the Firewall to forward packets only to the required ports.2. Communication between VLANs:IVI/NAVI(VLAN 3) End-node1(VLAN 1)It is preferable to filter by MAC address, IP address,port number at FW 1 and FW 3 of Gateway.μC(Gateway)xxToolxxx20FW1 internal comm.(SOME/IP)12TCUxx2xFW1 external comm.( application 1 )3IVI/NAVIxx45ECU1ECU230FW3 internal comm.( IP Video)3xFW external comm.( application 2 )3x030FW2 internal comm.(DoIP, after auth.)2x10VLAN MembershipPorts ECU20FW2 internal comm.(DoIP, before auth.)10(A)Application1010(B)1. Communication within VLAN: End-node 3 End-node 2Internal(between ECU1 and ECU2)allows filtering to pass.VLANxxxxxxxxVLAN ID 10: Port based VALNOthers:Tagged VLAN White list methodCheck the VLAN ID and the L2, L3, L4 headerspermitted for each input (physical) port, only transferthe permitted packetsExample of the firewallExample of the firewallin case of VLAN configurations by domain in case of VLAN configurations by application2017/11/2Japan Automotive Software Platform and Architecture21/26

Agenda1. About JASPAR- What’s JASPAR- Next Generation High-Speed Network WG- Activities of WG2. Status of the Study About In-vehicle Ethernet Security- In-vehicle Network Security- Study Results- JASPAR Supposed Configuration- Priority Consideration Items- Filtering- SSL/TLS- VLAN3. Future Activities- Documentation- Conclusion2017/11/2Japan Automotive Software Platform and Architecture22/26

3-1.DocumentationThese results are described for JASPAR guidelines. (within 2017)JASPAR members can obtain these documents.2017/11/2Japan Automotive Software Platform and Architecture23/26

3-2. Future ActivitiesWe are discussing the security technology verification of in-vehicle.By comparing ICT(Information Communication Technology) securityand in-vehicle security, clarifies different factors.OBD(DoIP)ToolBodyFW2InternetFW3FW1L2 SwitchChassisADASL2 SwitchTCUIVI/NaviL3 Switch (Router)Switching betweenmultiple VLANsECUECU・・・ECUConfiguration example in ICTStudy of TSN requirementsStarted by investigating specifications,under consideration of application examples.2017/11/2Japan Automotive Software Platform and Architecture24/26

3-3.ConclusionDiscuss the Ethernet security technologies applied to in-vehicle network.Enumerate the Ethernet security technologies.Select Filtering, SSL/TLS and VLAN for the priority consideration items.Discussed itemsOutputFiltering- Enumerate the filtering items.L2 : VLAN ID, TPID, VID etc.L3 : Protocol number, Control flag (SYN) etc.- Define the implementations of hardware orsoftware.- Define the requirements ofthe filtering items.SSL/TLS- Discomposed the SSL/TLS technologies intofunctional elements.Authentication method, Encryption,Connection time and Throughput etc.- TLS technologies guideline.- Clarify the use case, usedtechnologies.VLANDefine the network architecture with VLAN.- VLAN configurations by domain.Network design (including multi-VLAN)- VLAN configurations by application.Network design (DoIP, Image transmission,Map data distribution etc.)- VLAN design guideline.- VLAN design architectureand required technologies.2017/11/2Japan Automotive Software Platform and Architecture25/26

Thank you for your attention.2017/11/2Japan Automotive Software Platform and Architecture26/26

Architecture Cyber Security Study for Automotive Ethernet in Japan Automotive Industry Architecture Team Leader Mikio KATAOKA Hitachi Automotive Systems, Ltd. Architecture Team, Requirement Definition Sub-team Leader Keisuke Terada Yazaki

Related Documents:

cieran toda una serie de plantas cuyos efectos psicotrópicos o alucinógenos fueron adoptados en rituales mágicos, medici-nales y religiosos. Los alucinógenos son un conjunto de com-puestos psicoactivos que actúan sobre el sistema nervioso central, induciendo alucinaciones o estados de conciencia al-terada.

Kumar Sharma, LaJolla Natalie Staplin, Oxford Katalin Susztak, Philadelphia Yoshio Terada,Nankoku Tetsuhiro Tanaka, Tokyo SydneyC.W. Tang,Hong Kong . S59 Chapter 5: Blood pressure management in children with CKD S62 Methods for guideline development S71

Appliance for Hadoop Aster Big Analytics Appliance SAS High Performance Analytics Scale Up to 12TB Up to 186PB Up to 1.6PB Up to 61PB Up to 10PB Up to 5PB Up to 52TB Work-loads Test / . highly scalable Terada

Hiroyuki Kawai, Fumiko Yagyu, Aki Terada, Tsukasa Matsunaga, Manabu Inobe Abstract Background: Cyclosporin A (CSA) and tacrolimus (TAC) suppress T-cell activation and subsequent proliferation by inhibiting calcineurin. Though they have the same target,

AVG Internet Security 9 ESET Smart Security 4 F-Secure Internet Security 2010 Kaspersky Internet Security 2011 McAfee Internet Security Microsoft Security Essentials Norman Security Suite Panda Internet Security 2011 Sunbelt VIPRE Antivirus Premium 4 Symantec Norton Internet Security 20

Slack’s security team, led by our Chief Security Officer (CSO), is responsible for the implementation and management of our security program. The CSO is supported by the members of Slack’s Security Team, who focus on Security Architecture, Product Security, Security Engineering and Opera

3 CONTENTS Notation 10 Preface 12 About the Author 18 PART ONE: BACKGROUND 19 Chapter 1 Computer and Network Security Concepts 19 1.1 Computer Security Concepts 21 1.2 The OSI Security Architecture 26 1.3 Security Attacks 27 1.4 Security Services 29 1.5 Security Mechanisms 32 1.6 Fundamental Security Design Principles 34 1.7 Attack Surfaces and Attack Trees 37

API Recommended Practice 2A-WSD Planning, Designing, and Constructing Fixed Offshore Platforms—Working Stress Design TWENTY-SECOND EDITION NOVEMBER 2014 310 PAGES 395.00 PRODUCT NO. G2AWSD22 This recommended practice is based on global industry best practices and serves as a guide for those who are concerned with the design and construction of new fixed offshore platforms and for the .