Specification Of Secure Onboard Communication - AUTOSAR
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0Document TitleSpecification of SecureOnboard CommunicationDocument OwnerDocument ResponsibilityDocument Identification NoAUTOSARAUTOSAR654Document StatusPart of AUTOSAR StandardPart of Standard ReleaseFinalClassic Platform4.4.0Document Change HistoryDateRelease Changed 84.3.1AUTOSARReleaseManagementChange Description Handle Dynamic length PDUs Added option to send wrongAuthentication Information Provide failed verification status toapplication. Minor corrections / clarifications /editorial changes; For details pleaserefer to the Change Documentation. 2016-11-304.3.0AUTOSARReleaseManagement 2015-07-311 of 1514.2.2AUTOSARReleaseManagement Clarify new authentication datalayout with optional parameters.Clarified the details for SW-CFreshness Value Manager (Section11).Minor corrections / clarifications /editorial changes; For details pleaserefer to the Change Documentation.Handle freshness in externalfreshness managerNew feature to send authenticator inan additional messageSecured diagnostic communicationIncrease minimum value ofparameter AuthInfoTxLength to 1Changed the type of the parameterkeyID of the interfaceSecOC AssociateKey() to uint16Minor corrections / clarifications /editorial changes; For details pleaserefer to the Change DocumentationDocument ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0Document Change HistoryDateRelease Changed by2014-10-314.2.1AUTOSARReleaseManagement2 of 151Change Description Initial ReleaseDocument ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0DisclaimerThis work (specification and/or software implementation) and the material containedin it, as released by AUTOSAR, is for the purpose of information only. AUTOSARand the companies that have contributed to it shall not be liable for any use of thework.The material contained in this work is protected by copyright and other types ofintellectual property rights. The commercial exploitation of the material contained inthis work requires a license to such intellectual property rights.This work may be utilized or reproduced without any modification, in any form or byany means, for informational purposes only. For any other purpose, no part of thework may be utilized or reproduced, in any form or by any means, without permissionin writing from the publisher.The work has been developed for automotive applications only. It has neither beendeveloped, nor tested for non-automotive applications.The word AUTOSAR and the AUTOSAR logo are registered trademarks.3 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0Table of contents1Introduction and functional overview . 82Acronyms, abbreviations and definitions . 102.12.23Acronyms and abbreviations . 10Definitions. 10Related documentation . 123.13.23.34Input documents . 12Related standards and norms . 13Related specification . 13Constraints and assumptions . 144.15Applicability to car domains . 14Dependencies to other modules . 155.15.25.3Dependencies to PduR. 15Dependencies to CSM. 15Dependencies to the RTE . 156Requirements traceability . 177Functional specification . 297.1 Specification of the security solution. 297.1.1 Basic entities of the security solution . 307.1.2 Authentication of I-PDUs . 397.1.3 Verification of I-PDUs . 407.1.4 Adaptation in case of asymmetric approach . 427.2 Relationship to PduR . 437.3 Initialization . 447.4 Authentication of outgoing PDUs . 447.4.1 Authentication during direct transmission . 467.4.2 Authentication during triggered transmission . 487.4.3 Authentication during transport protocol transmission . 507.4.4 Error handling and cancelation of transmission . 517.5 Verification of incoming PDUs . 527.5.1 Verification during bus interface reception . 547.5.2 Verification during transport protocol reception . 557.5.3 Skipping Authentication for Secured I-PDUs at SecOC . 577.5.4 Error handling and discarding of reception . 577.6 Gateway functionality . 597.7 Error Classification . 597.7.1 Development Errors . 597.7.2 Runtime Errors . 597.7.3 Transient Faults . 607.7.4 Production Errors . 607.7.5 Extended Production Errors . 607.8 Error detection . 607.9 Error notification . 604 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.07.10Security Profiles . 617.10.1Secured area within a Pdu. 617.10.2Overview of security profiles . 617.10.3SecOC Profile 1 (or 24Bit-CMAC-8Bit-FV) . 627.10.4SecOC Profile 2 (or 24Bit-CMAC-No-FV) . 627.10.5SecOC Profile 3 (or JASPAR) . 638API specification . 648.1 Imported types . 648.2 Type definitions . 648.2.1 SecOC ConfigType . 648.2.2 SecOC StateType . 648.3 Function definitions. 658.3.1 SecOC Init. 658.3.2 SecOC DeInit . 658.3.3 SecOC GetVersionInfo . 668.3.4 SecOC IfTransmit . 668.3.5 SecOC TpTransmit . 668.3.6 SecOC CancelReceive . 678.3.7 SecOC IfCancelTransmit . 678.3.8 SecOC TpCancelTransmit . 688.3.9 SecOC ChangeParameter . 688.3.10Optional Interfaces. 698.4 Call-back notifications. 718.4.1 SecOC RxIndication . 718.4.2 SecOC TpRxIndication . 718.4.3 SecOC TxConfirmation . 718.4.4 SecOC TpTxConfirmation . 728.4.5 SecOC TriggerTransmit . 728.4.6 SecOC CopyRxData . 738.4.7 SecOC CopyTxData . 738.4.8 SecOC StartOfReception . 758.4.9 CSM callback interfaces . 758.5 Callout Definitions. 768.5.1 SecOC GetRxFreshness . 768.5.2 SecOC GetRxFreshnessAuthData. 778.5.3 SecOC GetTxFreshness . 778.5.4 SecOC GetTxFreshnessTruncData . 788.5.5 SecOC SPduTxConfirmation . 798.6 Scheduled functions . 798.6.1 SecOC MainFunctionRx . 798.6.2 SecOC MainFunctionTx . 808.7 Expected Interfaces . 818.7.1 Mandatory Interfaces . 818.7.2 Optional Interfaces . 818.7.3 Configurable Interfaces . 828.8 Service Interfaces . 838.8.1 Overview . 838.8.2 Sender Receiver Interfaces . 838.8.3 Client Server Interfaces . 845 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.08.8.48.8.59Ports . 91Implementation Data Types . 92Sequence diagrams . 959.1 Authentication of outgoing PDUs . 969.1.1 Authentication during direct transmission . 969.1.2 Authentication during triggered transmission . 979.1.3 Authentication during transport protocol transmission . 989.2 Verification of incoming PDUs . 1009.2.1 Verification duringdirect reception . 1009.2.2 Verification during transport protocol reception . 1019.3 Re-authentication Gateway . 1029.4 Freshness Handling. 10310Configuration specification . 10410.1Containers and configuration parameters . 10410.1.1SecOC . 10610.1.2SecOCGeneral . 10810.1.3SecOCSameBufferPduCollection . 11210.1.4SecOCRxPduProcessing. 11210.1.5SecOCRxSecuredPduLayer . 11710.1.6SecOCRxSecuredPdu . 11810.1.7SecOCRxSecuredPduCollection . 11910.1.8SecOCRxCryptographicPdu . 12010.1.9SecOCRxAuthenticPduLayer . 12010.1.10 SecOCRxAuthenticPdu . 12110.1.11 SecOCTxPduProcessing . 12210.1.12 SecOCTxAuthenticPduLayer . 12510.1.13 SecOCTxSecuredPduLayer . 12710.1.14 SecOCTxSecuredPdu . 12710.1.15 SecOCTxSecuredPduCollection . 12810.1.16 SecOCTxAuthenticPdu . 12810.1.17 SecOCTxCryptographicPdu . 12910.1.18 SecOCUseMessageLink. 13010.1.19 SecOCTxPduSecuredArea . 13110.1.20 SecOCRxPduSecuredArea . 13210.2Published Information. 13211Annex A: Application hints for the development of SW-C Freshness ValueManager . 13411.1Overview of freshness value construction . 13411.2Freshness Value Based on Single Freshness Counter . 13411.3Freshness Value Based on Single Freshness Timestamp . 13511.4Freshness Value Based on Multiple Freshness Counters . 13711.4.1Definition of Freshness Value . 13911.4.2Synchronization Message Format . 14311.4.3Processing of FV Management Master. 14311.4.4Processing of Slave ECUs . 144A Not applicable requirements. 1516 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.07 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.01 Introduction and functional overviewThis specification is the AUTOSAR Secure Onboard Communication (SecOC)module Software Specification. It is based on AUTOSAR SecOC[5] and specifieshow the requirements of the AUTOSAR SecOC SRS shall be realized. It describesthe basic security features, the functionality and the API of the AUTOSAR SecOCmodule.The SecOC module aims for resource-efficient and practicable authenticationmechanisms for critical data on the level of PDUs. The authentication mechanismsshall be seamlessly integrated with the current AUTOSAR communication systems.The impact with respect to resource consumption should be as small as possible inorder to allow protection as add-on for legacy systems. The specification is based onthe assumption that mainly symmetric authentication approaches with messageauthentication codes (MACs) are used. They achieve the same level of security withmuch smaller keys than asymmetric approaches and can be implemented compactlyand efficiently in software and in hardware. However, the specification provides thenecessary level of abstraction so that both, symmetric approaches as well asasymmetric authentication approaches can be used.The SecOC module integrates on the level of the AUTOSAR PduR. Figure 1 showsthe integration of the SecOC module as part of the Autosar communication stack.Figure 1: Integration of the SecOC BSWIn this setting,PduR is responsible to route incoming and outgoing security related IPDUs to the SecOC module. The SecOC module shall then add or process thesecurity relevant information and shall propagate the results in the form of an I-PDUback to the PduR. PduR is then responsible to further route the I-PDUs.Moreover,the SecOC module makes use of the cryptographic services provided by the CSMand interacts with the Rte to allow key and counter management. The SecOC8 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0module shall support all kind of communication paradigms and principles that aresupported by PduR, especially Multicast communications, Transport Protocols andthe PduR Gateway. The following sections provide a detailed specification of SecOCinterfaces, functionality and configuration.9 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.02 Acronyms, abbreviations and definitions2.1 Acronyms and abbreviationsAbbreviation /Acronym:CSMSecOCMACFVFMDescription:The AUTOSAR Crypto Service ManagerSecure Onboard CommunicationMessage Authentication CodeFreshness ValueFreshness Manager2.2 DefinitionsFor this document the definitions of data integrity, authentication, entityauthentication, data origin, message authentication and transaction authenticationfrom [14] are used:Term:Description:Authentic I-PDU An Authentic I-PDU is an arbitrary AUTOSAR I-PDU the content ofwhich is secured during network transmission by means of theSecured I-PDU.The secured content comprises the complete I-PDU or a part of the ticatorData integrity10 of 151Authentication is a service related to identification. This functionapplies to both entities and information itself. Two parties enteringinto a communication should identify each other. Informationdelivered over a channel should be authenticated as to origin, dateof origin, data content, time sent, etc. For these reasons, thisaspect of cryptography is usually subdivided into two major classes:entity authentication and data origin authentication. Data originauthentication implicitly provides data integrity (for if a message ismodified, the source has changed).The Authentication Information consists of a Freshness Value (or apart thereof) and an Authenticator (or a part thereof). AuthenticationInformation are the additional pieces of information that are addedby SecOC to realize the Secured I-PDUAuthenticator is data that is used to provide messageauthentication. In general, the term Message Authentication Code(MAC) is used for symmetric approaches while the term Signatureor Digital Signature refers to asymmetric approaches havingdifferent properties and constraints.Data integrity is the property whereby data has not been altered inan unauthorized manner since the time it was created, transmitted,or stored by an authorized source. To assure data integrity, oneshould have the ability to detect data manipulation by unauthorizedparties. Data manipulation includes such things as insertion,Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0Data lauthenticationEntityauthenticationdeletion, and substitution.Data origin authentication is a type of authentication whereby aparty is corroborated as the (original) source of specified datacreated at some (typically unspecified) time in the past. Bydefinition, data origin authentication includes data integrity.In unilateral authentication, one side proves identity. The requestingside is not even authenticated to the extent of proving that it isallowed to request authentication. In bilateral authentication, therequester is also authenticated at least (see below) to prove theprivilege of requesting. There is an efficient and more secure wayto authenticate both endpoints, based on the bilateralauthentication described above. Along with the authentication (inthe second message) requested initially by the receiver (in the firstmessage), the sender also requests an authentication. The receiversends a third message providing the authentication requested bythe sender. This is only three messages (in contrast to four with twounilateral messages).Entity authentication is the process whereby one party is assured(through acquisition of corroborative evidence) of the identity of asecond party involved in a protocol, and that the second hasactually participated (i.e., is active at, or immediately prior to, thetime the evidence is acquired).Note: Entity authentication means to prove presence and operational readinessof a communication endpoint. This is for example often done by proving accessto a cryptographic key and knowledge of a secret.It is necessary to do thiswithout disclosing either key or secret.Entity authentication can be used toprevent record-and-replay attacks. Freshness of messages only complicatesthem by the need to record a lifetime and corrupt either senders or receivers(real-time) clock.Entity authentication is triggered by the receiver, i.e. the one tobe convinced, while the sender has to react by convincing.Record and replay attacks on entity authentication are usually prevented byallowing the receiver some control over the authentication process.In order toprevent the receiver from using this control for steering the sender to maliciouspurposes or from determining a key or a secret ("oracle attack"), the sender canadd more randomness.If not only access to a key (implying membership to aprivileged group) but also individuality is to be proven, the sender additionallyadds and authenticates its unique identification.MessageauthenticationSecured I-PDUTransactionauthentication11 of 151Message authentication is a term used analogously with data originauthentication. It provides data origin authentication with respect tothe original message source (and data integrity, but no uniquenessand timeliness guarantees).A Secured I-PDU is an AUTOSAR I-PDU that contains Payload ofan Authentic I-PDU supplemented by additional AuthenticationInformation.Transaction authentication denotes message authenticationaugmented to additionally provide uniqueness and timelinessguarantees on data (thus preventing undetectable messagereplay).Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.03 Related documentation3.1 Input documents[1] AUTOSAR Layered Software ArchitectureAUTOSAR EXP LayeredSoftwareArchitecture.pdf[2] AUTOSAR General Requirements on Basic Software ModulesAUTOSAR SRS BSWGeneral.pdf[3] AUTOSAR General Specification for Basic Software ModulesAUTOSAR SWS BSWGeneral.pdf[4] Specification of CommunicationAUTOSAR SWS COM - Specification of Communication[5] AUTOSAR SecOC Software Requirements SpecificationAUTOSAR SRS SecureOnboardCommunication.pdf[6] Specification of I-PDU MultiplexerAUTOSAR SWS I-PDUMultiplexer.pdf[7] Specification of PDU RouterAUTOSAR SWS PduRouter.pdf[8] Specification of Crypt Service ManagerAUTOSAR SWS CryptoServiceManager.pdf[9] System Template,https://svn3.autosar.org/repos2/work/24 Sources/branches/R4.0/TPS SystemTemplate 063/AUTOSAR TPS SystemTemplate.pdf[10] Software Component Template,https://svn3.autosar.org/repos2/work/24 Sources/branches/R4.0/TPS SoftwareComponentTemplate 062/AUTOSAR TPS SoftwareComponentTemplate.pdf[11] Koscher et al: Experimental Security Analysis of a Modern Automobile, 2010IEEE Symposium on Security and Privacy[12] Checkoway et al: Comprehensive Experimental Analyses of Automotive AttackSurfaces, USENIX Security 2011[13] Auguste Kerckhoffs, ‘La cryptographie militaire’, Journal des sciencesmilitaires, vol. IX, pp. 5–38, Jan. 1883, pp. 161–191, Feb. 1883.[14] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of AppliedCryptography. CRC Press, 1996.12 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.0[15] Danny Dolev and Andrew C. Yao: On the security of public key protocols, InFoundations of Computer Science, SFCS 1981[16] M. Dworkin: Recommendation for Block Cipher Modes of Operation: TheCMAC Mode for Authentication, U.S. Department of Commerce, InformationTechnology Laboratory (ITL), National Institute of Standards and Technology(NIST), Gaithersburg, MD, USA, NIST Special Publication 800-38B, 20053.2 Related standards and norms[17]IEC 7498-1 The Basic Model, IEC Norm, 1994[18] National Institute of Standards and Technology (NIST): FIPS-180-4, SecureHash Standard (SHS), March 2012, available electronically /fips-180-4.pdf[19] FIPS Pub 197: Advanced Encryption Standard (AES), U.S. Department ofCommerce, Information Technology Laboratory (ITL), National Institute ofStandards and Technology (NIST), Gaithersburg, MD, USA, Federal InformationProcessing Standards Publication, 2001, electronically available ips-197.pdf3.3 Related specificationAUTOSAR provides a General Specification on Basic Software (SWS BSW General)[3], which is also valid for SecOC moduleThus, the SWS BSW General specification[3] shall be considered as an additionalset of requirements for the AUTOSAR SecOC module.13 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.04 Constraints and assumptionsThis document is applicable for AUTOSAR release 4.3.4.1 Applicability to car domainsThe SecOC module is used in all ECUs where secure communication is necessary.The SecOC module has not been specified to work with MOST and LINcommunication networks. With MOST not being specifically supported,theapplicability to multimedia and telematic car domains may be limited.14 of 151Document ID 654:AUTOSAR SWS SecureOnboardCommunication- AUTOSAR confidential -
Specification of Secure Onboard CommunicationAUTOSAR CP Release 4.4.05 Dependencies to other modulesThis chapter lists all the features from other modules that are used by the AUTOSARSecOC module and functionalities that are provided by the AUTOSAR SecOCmodule to other modules. Because the SecOC module deals with I-PDUs that areeither sourced or sunk by other modules, care should be taken that sharedconfiguration items are consistent between the modules.5.1 Dependencies to PduRThe SecOC module depends on the API and capabilities of the PduR. It provides theupper and lower layer API functions required by the PDU Router, namely the API of the communication interface modules,the API of the Transport Protocol Modules,the API of the upper layer modules which use transport protocol module
Specification of Secure Onboard Communication AUTOSAR CP Release 4.4.0 2 of 151 Document ID 654:AUTOSAR_SWS_SecureOnboardCommunication - AUTOSAR confidential -
A review of crime onboard cruise ships . Abstract . From the popular 1970s television show The Love Boat, the modern cruise industry was born. Today's mega-ships are the size of small cities and, as with any city, are faced with a multitude of problems and challenges. Crime onboard ship is one of these problems. Criminal activity onboard .
a speci c, commonly used, case of secure computation. To implement secure computation and secure key storage on mobile platforms hardware solutions were invented. One commonly used solution for secure computation and secure key storage is the Secure Element [28]. This is a smart card like tamper resistant
Reports are retained on the Secure FTP Server for 45 days after their creation. Programmatic Access: sFTP The PayPal Secure FTP Server is a secure File Transfer Protoc ol (sFTP) server. Programmatic access to the Secure FTP Server is by way of any sFTP client. Secure FTP Server Name The hostname of the Secure FTP Server is as follows: reports .
Digital speed controller installation direction (left)*2 DR Digital speed controller installation direction (right)*2 G5 Designated grease specification NM Non-motor end specification PN PNP specification*1 TMD2 Split motor and controller power supply specification WA Battery-less absolute encoder specification WL Wireless communication specification WL2 Wireless axis operation specification
Secure Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel.
Reflection for Secure IT Help Topics 7 Reflection for Secure IT Help Topics Reflection for Secure IT Client features ssh (Secure Shell client) ssh2_config (client configuration file) sftp (secure file transfer) scp (secure file copy) ssh-keygen (key generation utility) ssh-agent (key agent) ssh-add (add identities to the agent) ssh-askpass (X11 passphrase utility)
64. 64. Abstract. This design guide details the secure data center solution based on the Cisco Application Center Infrastructure (ACI). The Cisco Secure Firewall and Cisco Secure Application Deliver Controller (ADC) solutions are used to secure access to the workloads in an ACI data center. Target Audience.
Alfredo Lopez Austin/ Leonardo Lopeb anz Lujan,d Saburo Sugiyamac a Institute de Investigaciones Antropologicas, and Facultad de Filosofia y Letras, Universidad Nacional Autonoma de Mexico bProyecto Templo Mayor/Subdireccion de Estudios Arqueol6gicos, Instituto Nacional de Antropologia e Historia, Mexico cDepartment of Anthropology, Arizona State University, Tempe, AZ 85287-2402, USA, and .
