Testing of Security-Protected ECUs and Networks With the Security Manager

The principle of the Security Manager - with and without access to OEM-specific backends
The principle of the Security Manager - with and without access to OEM-specific backends

Security mechanisms prevent unauthorized access to vehicles and ECUs. This means that vehicle communication cannot be accessed at first, even during development. The Security Manager offers valuable services for testing ECUs anyway.

The Security Manager is the link between the Vector tools and the OEM-specific security implementations. With it, security functions can be used uniformly in the tools. No matter for which OEM you develop your control unit, you save time by only having to familiarize yourself once and then use the same "look and feel" also for different security concepts of the OEMs.

The connection to the OEM security implementations is made via add-ons, which are managed in the Security Manager. In tests and simulations, the Security Manager carries out the security-relevant operations and provides the tool with the results.

Advantages

  • Time savings through reuse: You create the security profiles only once and use them multiple times in the different Vector tools.
  • Support of OEM-specific concepts such as configuration, algorithms, backend connection, etc. through specific Security Add-ons
  • Consistent use of security functions in all Vector tools through the same neutral interface to the add-on, which centrally manages the security implementations and the detailed knowledge

Lectures

Vector Security Manager for Secure Diagnostics

Vector Automotive Cybersecurity Symposium 2019: UDS service 29 with PKI certificate exchange and authentication with the Vector Security Manager and CANoe.

On the right you can watch the recording and here are the slides for downloading (PDF).

Security from a Tool Perspective

Vector Congress 2018: Tool challenges to support Security. The conclusion is, that tool access has to be part of the whole Security concept.

On the right you can watch the recording of his lecture and here are the slides for downloading (PDF).

Efficient Testing of ECUs Despite Security

Lecture at the Vector Automotive Cybersecurity Symposium 2017 about the reasons why test tools have to manage a huge variety of security implementations. Based on this, the concept of the Vector Security Manager was presented.

Overview on Offered Services

When testing ECUs, the Security Manager makes your daily work easier by offering the following services:

Secure Onboard Communication (SecOC)

Security Manager Use Case: Simulate and test SecOC-secured communication
To simulate and test SecOC-secured communication, the Security Manager generates (left) and validates (right) the Message Authentication Codes (MACs).

SecOC secures and authenticates communication between ECUs based on Message Authentication Codes (MACs). Only based on valid MACs, simulation and test tools can communicate with the ECUs. For the Vector tools, the Security Manager, together with the OEM Security add-ons*, generates and validates the MACs. The necessary input values such as secret key and freshness values are stored in the Security Manager.

(*) OEM Security add-ons are available free of charge from Vector for some OEMs. These contain the OEM-specific Security algorithms and procedures. They simplify the application of general Security functions in the tools, since the OEM-specific behavior is outsourced in the add-ons.

Secure Diagnostics Through Authentication

Security Manager use Case: Diagnostics
The Security Manager enables authentication for Secure Diagnostics.

Diagnostic services may only be performed by trustworthy testers. With successful authentication, diagnostic services and critical operations such as flashing or variant coding can be enabled. The Security Manager executes the necessary processes together with the respective OEM Security add-ons.

Transport Layer Security (TLS/DTLS)

Sequence of TLS communication with original commands
Sequence of TLS communication with original commands

For a secure client-server communication on TCP/UDP-level, the TLS protocol (Transport Layer Security) is used. The Security Manager provides the TLS protocol stack for Ethernet communication. This allows tools to conveniently use the protocol, including parameterization, to test communication that is secured by TLS.

In addition to the required certificate hierarchy, the cipher suites to be used can also be configured. These contain the algorithms and parameters that are to be used to establish a secure data connection.

Internet Protocol Security (IPsec)

CANoe enables testing of ECUs and networks that communicate in an IPsec-protected manner.

The goal of IPsec is to secure communication based on the IP protocol. In this way, you implement the classic protection goals such as confidentiality, authenticity, and integrity. By protecting the IP layer, the protection goals of all layers above are achieved. The use of the IPsec protocol enables the transparent protection of higher layer protocols such as SOME/IP, DoIP, TLS and HTTP.

The Security Manager provides an IPsec stack with the most important elements of the IPsec protocol:

  • Comprehensive protection of Ethernet communication by using the "Authentication Header" security method in Transport Mode
  • Implementation of the IKEv2 protocol (Internet Key Exchange v2) for flexible and secure generation of key material for a certificate-based session.

In addition to providing the protocol stack, the Security Manager also enables comprehensive configuration of the IPsec protocol. Security profiles are used for this purpose, which combine all the necessary configuration parameters. These include cipher suites, certificates, and security policies. Likewise, you can easily adopt existing configurations from StrongSwan descriptions to set up VPNs via IPsec.

Management and Configuration of Security Parameters

The Security Manager offers the possibility to conveniently manage parameters of security services in profiles. The profiles are used at runtime in the Security Manager to configure the algorithms used:

  • Symmetric Key Management
    Symmetric keys must be provided for secure on-board communication. The keys can be imported directly, in containers or in OEM-specific formats.
     
  • Certificate Management
    Certificate hierarchies are managed using PKI profiles (Public Key Infrastructure). File- and folder-based imports allow certificates to be used in TLS and diagnostic contexts.
     
  • Communication with a Security Backend
    For security reasons, many vehicle manufacturers do not pass on certificates and instead manage them in a backend. Development tools request the certificate-based functions (e.g. for signing) there at runtime. For the Vector tools, the Security Manager takes over the communication with the backend. In this way, complex processes can be considerably simplified for the user.

Start a Conversation

Are you interested to get more information about testing security-protected ECUs and networks with the Security Manager or would you like to try it out? Then let’s talk!

Markus Fischer

... is helping you to simplify ECU testing despite of Security.

Products Using the Security Manager

These Vector products are using the following features of the Security Manager:

Vector Product Supported Use Cases
CANoe – Testing ECUs and networks
> Communication: SecOC
> Diagnostics: Authentication
> Diagnostics: Variant Coding
> TLS: Simulation of Client and Server
> TLS: TLS Observer using Master Secret
> TLS: DoIP over TLS
> IPsec: IKEv2 support for certificate based peer authentication, dead peer detection, IKE fragmentation and IKE rekeying
> IPsec: Import of StrongSwan IPsec configurations
> IPsec: Full control of the Security Policy Database
CANalyzer – Analyzing ECUs and networks
> Communication: SecOC - with only a focus on analysis
> Diagnostics: Authentication
> Diagnostics: Variant Coding
> TLS: Simulation of Client and Server
> TLS: TLS Observer using Master Secret
> TLS: DoIP over TLS
> IPsec: IKEv2 support for certificate based peer authentication, dead peer detection, IKE fragmentation and IKE rekeying
> IPsec: Import of StrongSwan IPsec configurations
> IPsec: Full control of the Security Policy Database
CANape – Calibrating ECUs
> Diagnostics: Authentication
> Diagnostics: Variant Coding
Indigo – Testing the diagnostics
> Diagnostics: Authentication
CANoe.DiVa – Automated testing of the diagnostic protocol
The main use cases are:
> Diagnostics: Authentication
> TLS: DoIP over TLS
 
 
As CANoe.DiVa is based on CANoe, all other above mentioned use cases are available, too.
vFlash – Programming ECUs
> Diagnostics: Authentication

Related Pages

Automotive Cybersecurity Solution

Protection of whole vehicle networks and single ECUs against cyber-attacks from hackers

More Information
Automotive Cybersecurity Symposium

Industry meeting for experts from OEMs, TIER1s and research. Lectures and exhibition.

More Information