vulcan efficient component authentication and software
play

VulCAN: Efficient Component Authentication and Software Isolation - PowerPoint PPT Presentation

May 21, 2023 •352 likes •654 views

VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks Jo Van Bulck, Jan Tobias Mhlberg and Frank Piessens jo.vanbulck|jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan

  1. VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks Jo Van Bulck, Jan Tobias Mühlberg and Frank Piessens jo.vanbulck|jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium ACSAC, December 2017

  2. empty Secure Automotive Computing with VulCAN Modern cars can be hacked! • Network of more than 50 ECUs • Multiple communication networks • Remote entry points • Limited built-in security mechanisms Miller & Valasek, “Remote exploitation of an unaltered passenger vehicle”, 2015 VulCAN brings strong security to automotive computing: • Message authentication • Strong software security • Trusted Computing: software component isolation and cryptography • Applicable in ICS, IoT, . . . 2 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  3. empty Secure Automotive Computing with VulCAN VulCAN: Generic design to exploit light-weight trusted computing in CAN-based embedded control networks. Implementation: based on Sancus [NVBM + 17]; we implement, strengthen and evaluate authentication protocols, vatiCAN [NR16] and LeiA [RG16] 3 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  4. empty Attacking the CAN Complex bus system with many ECUs and gateways to other communication systems; no protection against message injection or replay attacks. → Message Authentication; specified in AUTOSAR, proposals: vatiCAN, LeiA; no efficient and cost-effective implementations yet 4 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  5. empty Attacking CAN Message Authentication What about Software Security? Lack of security mechanisms on light-weight ECUs leverages software vulnerabilities: attackers may be able to bypass encryption and authentication. → Software Component Authentication & Isolation 5 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  6. empty Overview: Vulcanising Distributed Automotive Applications • Critical application components in enclaves: software isolation + attestation 6 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  7. empty Overview: Vulcanising Distributed Automotive Applications • Critical application components in enclaves: software isolation + attestation • Authenticated CAN messages over untrusted system software/network 6 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  8. empty Overview: Vulcanising Distributed Automotive Applications • Critical application components in enclaves: software isolation + attestation • Authenticated CAN messages over untrusted system software/network • Rogue ECUs, software attackers and errors in untrusted code cannot interfere with security, but may harm availability 6 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  9. empty Sancus: Strong and Light-Weight Embedded Security [NVBM + 17] Extends TI’s MSP430 with strong security primitives • Software Component Isolation • Cryptography & Attestation • Secure I/O through isolation of MMIO ranges Efficient • Modular, ≤ 2 kLUTs • Authentication in µ s • + 6% power consumption Cryptographic key hierarchy for software attestation Isolated components are typically very small ( < 1kLOC) Sancus is Open Source: https://distrinet.cs.kuleuven.be/software/sancus/ 7 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  10. empty Sancus: Strong and Light-Weight Embedded Security [NVBM + 17] Extends TI’s MSP430 with N = Node; SP = Software Provider / Deployer strong security primitives SM = protected Software Module • Software Component Isolation SM protected data section • Cryptography & Attestation SM text section • Secure I/O through isolation Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data of MMIO ranges Efficient • Modular, ≤ 2 kLUTs K N , SP , SM SM metadata Protected • Authentication in µ s storage area • + 6% power consumption K N Layout Keys Cryptographic key hierarchy for software attestation Isolated components are typically very small ( < 1kLOC) Sancus is Open Source: https://distrinet.cs.kuleuven.be/software/sancus/ 8 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  11. empty VulCAN Security Objectives Protocol requirements 1 Message authentication ⇒ MAC(id, payload) 2 Lightweight cryptography ⇒ symmetric keys 3 Replay attack resistance ⇒ nonces and session keys 4 Backwards compatibility ⇒ MAC over separate CAN id vatiCAN [NR16] and LeiA [RG16] 9 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  12. empty VulCAN Security Objectives Protocol requirements System requirements (with Sancus PMA) 1 Message authentication 1 Real-time compliance ⇒ MAC(id, payload) ⇒ hardware-level crypto 2 Lightweight cryptography 2 Software isolation ⇒ symmetric keys ⇒ application + driver enclaves 3 Replay attack resistance 3 Software attestation ⇒ nonces and session keys ⇒ trusted in-vehicle attestation server 4 Backwards compatibility 4 Dynamic key/ECU update ⇒ MAC over separate CAN id ⇒ via attestation server 5 Secure legacy ECU integration vatiCAN [NR16] and LeiA [RG16] ⇒ CAN gateway shielding 9 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  13. empty VulCAN Demo Scenario ⇒ distributed authenticated path from keypad to shielded instrument cluster ⇒ automotive CAN is challenging – VulCAN is applicable to other domains → 10 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  14. empty Performance Evaluation: Round-Trip Time Experiment Sender Receiver p i n g Scenario Cycles Time Overhead compute Legacy 20,250 1.01 ms – compute round-trip time MAC pinд p i n g _ a u t h vatiCAN (extrapolated) 121,992 6.10 ms 502% MAC pinд Sancus+vatiCAN unprotected 35,236 1.76 ms 74% n g p o Sancus+vatiCAN protected 36,375 1.82 ms 80% compute compute Sancus+L EI A unprotected 42,929 2.15 ms 112% MAC ponд u t h g _ a Sancus+L EI A protected 43,624 2.18 ms 115% o n MAC ponд p 11 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  15. empty Performance Evaluation: Round-Trip Time Experiment Sender Receiver p i n g Scenario Cycles Time Overhead compute Legacy 20,250 1.01 ms – compute round-trip time MAC pinд p i n g _ a u t h vatiCAN (extrapolated) 121,992 6.10 ms 502% MAC pinд Sancus+vatiCAN unprotected 35,236 1.76 ms 74% n g p o Sancus+vatiCAN protected 36,375 1.82 ms 80% compute compute Sancus+L EI A unprotected 42,929 2.15 ms 112% MAC ponд u t h g _ a Sancus+L EI A protected 43,624 2.18 ms 115% o n MAC ponд p • Hardware-level crypto: +400% performance gain � 11 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  16. empty Performance Evaluation: Round-Trip Time Experiment Sender Receiver p i n g Scenario Cycles Time Overhead compute Legacy 20,250 1.01 ms – compute round-trip time MAC pinд p i n g _ a u t h vatiCAN (extrapolated) 121,992 6.10 ms 502% MAC pinд Sancus+vatiCAN unprotected 35,236 1.76 ms 74% n g p o Sancus+vatiCAN protected 36,375 1.82 ms 80% compute compute Sancus+L EI A unprotected 42,929 2.15 ms 112% MAC ponд u t h g _ a Sancus+L EI A protected 43,624 2.18 ms 115% o n MAC ponд p • Hardware-level crypto: +400% performance gain � • Modest ~5% performance impact for software isolation [VBNMP15, MNP15] 11 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  17. empty Performance Evaluation: Round-Trip Time Experiment Sender Receiver p i n g Scenario Cycles Time Overhead compute Legacy 20,250 1.01 ms – compute round-trip time MAC pinд p i n g _ a u t h vatiCAN (extrapolated) 121,992 6.10 ms 502% MAC pinд Sancus+vatiCAN unprotected 35,236 1.76 ms 74% n g p o Sancus+vatiCAN protected 36,375 1.82 ms 80% compute compute Sancus+L EI A unprotected 42,929 2.15 ms 112% MAC ponд u t h g _ a Sancus+L EI A protected 43,624 2.18 ms 115% o n MAC ponд p • Hardware-level crypto: +400% performance gain � • Modest ~5% performance impact for software isolation [VBNMP15, MNP15] • LeiA’s extended CAN id usage comes at a cost (SPI-based CAN transceiver) 11 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  18. empty VulCAN Attestation Server: Boot + Session Key Provisioning • Challenge-response attestation + encrypted session key distribution • Preserve motorist safety via secure boot + exclusive vehicle ignition 12 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

  19. empty VulCAN Attestation Server: ECU Replacement • Untrusted network connection → public key cryptography • Store software module keys for offline use 13 /19 Van Bulck, Mühlberg, Piessens VulCAN: Vehicular Component Authentication and Software Isolation

Recommend

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007 Contents EAP Re-authentication and Fast Re-authentication Requirements for low latency re-authentication

1.05k views • 27 slides
EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan ,

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan ,

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan , vidyan@qualcomm.com IETF68; March 2007 Re-auth Goals MUST be better than full EAP authentication The protocol MUST be responsive to handover

361 views • 17 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Assembling Component Frameworks What is a Component Framework? Set of individual software

Assembling Component Frameworks What is a Component Framework? Set of individual software

Assembling Component Frameworks What is a Component Framework? Set of individual software modules that perform a specific task Can range from a few components to many Must be extensible Used for various purposes i.e. scientific

171 views • 14 slides
VULCAN LAYER 4-7 VALKYRIE LAYER 2-3 ABOUT XENA XENA AND THE MARKET HARDWARE

VULCAN LAYER 4-7 VALKYRIE LAYER 2-3 ABOUT XENA XENA AND THE MARKET HARDWARE

CONTENTS VULCAN LAYER 4-7 VALKYRIE LAYER 2-3 ABOUT XENA XENA AND THE MARKET HARDWARE OVERVIEW OUR TRACK RECORD SOFTWARE HARDWARE APPLICATION OVERVIEW KEY FEATURES SOFTWARE CUSTOMERS APPLICATIONS

351 views • 32 slides
Project Halo: Towards a Knowledgeable Biology Textbook Peter Clark Vulcan Inc. Vulcan Inc .

Project Halo: Towards a Knowledgeable Biology Textbook Peter Clark Vulcan Inc. Vulcan Inc .

Project Halo: Towards a Knowledgeable Biology Textbook Peter Clark Vulcan Inc. Vulcan Inc . Paul Allens company, in Seattle, USA Includes AI research group Vulcans Project Halo AI research towards knowledgeable

981 views • 56 slides
Chapter 8 Understand the role played by each software System Software component in

Chapter 8 Understand the role played by each software System Software component in

Chapter 8 Objectives Become familiar with the functions provided by operating systems, programming tools, and database software. Chapter 8 Understand the role played by each software System Software component in maintaining the integrity

323 views • 15 slides
Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software Systems Workshop on Spontaneous Networking Rutgers University Michael Przybilski 1 10.05.2006 michael.przybilski@cs.helsinki.fi Outline

593 views • 19 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and

Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and

Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and Reliability PhD Candidate Vandana Rohokale (vmr@es.aau.dk) Supervisor Prof. Ramjee Prasad CTIF, Aalborg, Denmark Co-supervisors Assoc. Prof. Horia

372 views • 13 slides
Towards a well-founded software component model for cyber-physical control systems

Towards a well-founded software component model for cyber-physical control systems

Introduction Towards a well-founded software component model for cyber-physical control systems Conclusion The Second IEEE International Conference on Robotic Computing IRC 2018 Towards a well-founded software component model for

175 views • 14 slides
Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying

Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying

Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com IETF-67 San Diego, CA November 2006 Contents EAP keying

614 views • 15 slides
Real-Time Component Software slide credits: H. Kopetz, P. Puschner Overview OS services

Real-Time Component Software slide credits: H. Kopetz, P. Puschner Overview OS services

Real-Time Component Software slide credits: H. Kopetz, P. Puschner Overview OS services Task Structure Task Interaction Input/Output Error Detection 2 Operating System and Middleware Application Software Component API OS

834 views • 47 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance between performance /scalability

517 views • 24 slides
Knowledge Representation in Practice: Project Halo and the Semantic Web Mark Greaves Vulcan,

Knowledge Representation in Practice: Project Halo and the Semantic Web Mark Greaves Vulcan,

Knowledge Representation in Practice: Project Halo and the Semantic Web Mark Greaves Vulcan, Inc. markg@vulcan.com (206) 342-2276 Talk Outline The Halo Vision Systems AI Vulcans Halo Program The Halo Pilot: The Limits

385 views • 35 slides
Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing,

Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing,

Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing, University of Campinas September 2017, Habana, Cuba. ASCrypto 2017 Agenda 1 Efficient Software Implementations Software Efficiency Parallel

1.68k views • 124 slides
An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech,

335 views • 31 slides
SEAL Component Model ROOT/CORE Meeting 8 April 2005 P. Mato / CERN Component Model Overview

SEAL Component Model ROOT/CORE Meeting 8 April 2005 P. Mato / CERN Component Model Overview

SEAL Component Model ROOT/CORE Meeting 8 April 2005 P. Mato / CERN Component Model Overview A way of resolving software complexity A generic set of software building blocks components , services Exposing well defined interface(s)

422 views • 9 slides
Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V)

Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V)

Motivation Use Case Component-based Robotics Middleware Conclusion and Discussion Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V) Tutorial on Component-based Robotics Engineering 2010 IEEE

597 views • 37 slides
EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha

EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha

EM 3 A Introduction System Model Security Analysis Performance Evaluation Conclusions and future work EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha November 18, 2011 Sanaa Taha EM 3 A :

361 views • 24 slides
ASSURE Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories Joydeep Rakshit

ASSURE Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories Joydeep Rakshit

ASSURE Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories Joydeep Rakshit Kartik Mohanram Non-Volatile Memories Workshop March 12, 2018 San Diego, CA Electrical and Computer Engineering University of Pittsburgh

971 views • 50 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides

More recommend