AutoSAR SecOC

As we discussed before all communications protocols was developed in the past that was focus on real time and prioritize the message so they was assume that the vehicle was in safe area and the can bus will be will be in  a secure area.

So Connectivity increase -need for Security increased

SecOC not focus on the confidentiality it focus on the integrity and Authenticity of the sending messages

But nowadays the connectivity is increased and we need to protect the vehicle functionality and the driver data form the attacker that may figure out any vulnerability to malfunctioning the vehicle or break the CIA tried that we try to active in Cyber Security so AUTOSAR defined a standard way  to make the messages on the bus Confidential and tampering against editing 

So SecOC that we will take about it today help as we will discuss to protect against many type of attacks (man-in-the-middle and replay attacks) 

Spoofing : unauthorized access  

Non replay : the SecOC use  FV ( freshness value ) it may be a counter based or time based to protect even the static payload form never change also to make the message not replay 

Integrity : where the SecOC will create a MAC over the message using request job from Crypto Stack 

So to calculate the overall MAC we need (Freshness value - Authentic IP ( payload ) - Crypto Key - Data ID )

SecOC main functionality is come for

Integrity and Authenticity

 through generating MAC on the send data but not all the Calculated CMAC/HMAC will be sent to the receiver so this will effect the bandwidth also the AES-CMAC 128 is 16 byte long that will be not be sent over Standard CAN frame where support only 8 bytes of data length so we will use the truncated value that will be configured in both sender and receiver 

freshness value manager : 

here the objective to protect against the replay attacks so even if we calculated the MAC we may fail in a problem that some signals has a static values or payload so using two ways counter based (where it varies from simple counter to sophisticated counter synchronization algorithm ) and this counter in updated only when received a vailed message from the sender otherwise the tampered massage will be discured  or use time base so here we will depend on the synchronized message that sent periodically be the master ECU to sync all ECUs clock so this will help for the static payload where the generated CMAC will be different even if the payload is static for example the Door lock Signal . the synchronization between ECUs done through Synchronized message and this is done through the master ECU on the Bus as a gateway ECU

So we here add some overhead to the system overall let’s discuss them in details 

Latency : there is some latency will be added to the Secured I-PDU so we here FVM and MAC need to be calculated this will be for the sender and receiver side.

CPU load : I think this option will not affect our ECUs today as the Crypto algorithm will be run on HW as HSM so only so need Software instructions for the FVM and the request for the job from CSM 

Bus Load : and AUTOSAR handle this be give you a truncated size configuration option so you will configure it so that you will use the only available remaining size in the Can frame also truncate the MAC will protect it from guessing it by the attacker