The growth in the amount of safety-related information and personal data in the automobile is making protection against intentional data manipulation and data theft increasingly more important. Security mechanisms are being used to protect the integrity, authenticity and confidentiality of information. In this area, Vector can offer you components specified in AUTOSAR and beyond the standard.
Overview of Advantages of MICROSAR Security
- Standard-conformant implementation of security functions from a single source
- Established cryptographic algorithms
- Protection against unauthorized modification of critical data
- Protection against unauthorized reading of data
- Protection against replay attacks
- Authentication of communication Tx points
Crypto Service Manager (Csm)
The Cryptographic Service Manager provides access to standardized cryptographic primitives and secure key- and certificate storage.
Crypto Interface (CryIf)
The Crypto Interface (CryIf) module makes it possible to use Csm hardware-based and software-based crypto solutions. The necessary allocation scheme is managed by the Crypto Interface.
The Crypto (SW) module provides implementations for cryptographic algorithms and functions in software which are supplied via the Csm. All computations are executed in software, and no special hardware is required to execute cryptographic operations.
Key Manager (KeyM)
The Key Manager provides standardized interfaces to implement vehicle key management procedures. Furthermore, it provides functions for verifying and parsing certificates. It uses Csm interfaces for storing keys and certificates.
Vector Security Modules (vSecMod)
The OEM-specific vSecMod includes the Freshness Value Manager (vFVM) and the Key Management (vKeyM) with the following functionalities:
- vFVM: Provides a freshness value to SecOC component to prevent replay attacks. This module is used by (and therefore requires) the Secure Onboard Communication (SecOC)
- vKeyM: Handles key exchange and key updates
The Crypto (HW) module acts as the driver for accessing security algorithms and functions, which are provided via a Hardware Trust Anchor (HTA). Different HTA types are available such as Secure Hardware Extensions (SHE) and Hardware Security Modules (HSM). Vector offers the following options for the Crypto (HW) module according to the hardware platform and the derivative used:
- Integration of a Crypto (HW) developed by Vector
- Integration of a 3rd party Crypto (HW) developed at the semiconductor manufacturer
Secure OnBoard Communication (SecOC)
The SecOC module, also called Authenticated Messaging, is used to authenticate the communication between two ECU's. This validation prevents a third party from intervening or pretending to be the correct communication partner. This prevents manipulative interventions. The SecOC interacts with the PDU router.
Ethernet Firewall (vEthFw)
The Ethernet Firewall (vEthFw) provides the implementation of a firewall for Ethernet communication. Its main task is to block undesirable incoming or outgoing data traffic to enhance the security of the overall network.
Vector Internet Security (vIpSec)
The add-on vIpSec allows to establish an IPsec communication according to IETF RfC 4301. The functionality is restricted to transport mode and the usage of Authentication Header only according to RfC 4302.
Vector Transport Layer Security (vTls (Client))
This module contains a Transport Layer Security Client. TCP-based communication is encrypted with vTls. You can select the encryption algorithm to be used.