security in embedded systems - amazon s3s3.eu-central-1.amazonaws.com/cancia-de/documents/... ·...
TRANSCRIPT
CA
N
© CiA
Security in Embedded Systems
A short journey into the rough and evil world
Thilo Schumann CAN in Automation (CiA)
CA
N
© CiA
Alice
CA
N
© CiA
Alice
CA
N
© CiA
Bob
CA
N
© CiA
Alice want’s to message Bob
CA
N
© CiA
Alice want’s to message Bob
CA
N
© CiA
Alice sends postcard to Bob
CA
N
© CiA
Alice sends postcard to Bob
CA
N
© CiA
Alice sends postcard to Bob
CA
N
© CiA
Alice sends postcard to Bob
✔ Public ✔ Broadcast ? Authentic
✘ Private ✘ Peer to peer ✘ Denial of service
CA
N
© CiA
Alice sends letter to Bob
CA
N
© CiA
Alice sends letter to Bob
CA
N
© CiA
Alice sends letter to Bob
CA
N
© CiA
Alice sends letter to Bob
✔ Private ✔ Peer to peer ✘ Denial of service
✘ Public ✘ Broadcast ✔ Authentic
CA
N
© CiA
Embedded network
CA
N
© CiA
CAN (FD)
CAN-ID DATA
CA
N
© CiA
Properties CAN (FD)
CAN-ID DATA
! Broadcast ! Public
CA
N
© CiA
Threat models
CAN-ID DATA
CA
N
© CiA
Threat models
CAN-ID DATA
✔ Broadcast ✔ Public ✔ Data integrity ✘ Authentic ✘ Privacy ✘ Denial of service
CA
N
© CiA
Improve security
CAN-ID DATA SIG
! Hash algorithm
✔ Broadcast ✔ Public ✔ Data integrity ✘ Authentic ✘ Privacy ✘ Denial of service
CA
N
© CiA
SECRET SECRET SECRET
Improve security (II)
CAN-ID DATA SIG
SECRET SECRET SECRET
✔ Broadcast ✔ Public ✔ Data integrity ✔ Authentic ✘ Privacy ✘ Denial of service
! Hash algorithm ! Shared secret
CA
N
© CiA
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
Improve security (III)
SIG
! Asymmetric crypto algorithm ! Shared secret
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
CAN-ID DATA
✔ Broadcast ✔ Public ✔ Data integrity ✔ Authentic ✘ Privacy ✘ Denial of service
CA
N
© CiA
SECRET SECRET SECRET
Improve security (IV)
CAN-ID DATA SIG
! Symmetric crypto algorithm ! Shared secret
SECRET SECRET SECRET
✔ Broadcast ✘ Public ✔ Data integrity ✔ Authentic ✔ Privacy ✘ Denial of service
CA
N
© CiA
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
Improve security (V)
CAN-ID DATA SIG
! Asymmetric crypto algorithm ! Shared secret
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
✔ Broadcast ✘ Public ✔ Data integrity ✔ Authentic ✔ Privacy ✘ Denial of service
CA
N
© CiA
Device A TPDO Device auth mechanism
Device crypt key
Device session token
Session crypt key
PDO auth mechanism
PDO crypt key
Device B RPDO Device auth mechanism
Device crypt key
Device session token
Session crypt key
PDO auth mechanism
PDO crypt key
PDO session token
Security Manager
Device auth mechanism
Device crypt key
Session crypt key
Session crypt key
Device session token PDO session token
PDO session token PDO session token
PDO auth mechanism
PDO crypt key
Device crypt key
Device session token
Device auth mechanism
Session crypt key PDO session token
PDO crypt key
PDO auth mechanism
CANopen security
DATA SIG
CA
N
© CiA
PDO definition Sub-Index Description Data type
00 Highest supported sub-index Unsigned8
01 COB-ID Unsigned32 02 Transmission type Unsigned8 03 Inhibit time Unsigned16 04 reserved Unsigned8 05 Event timer Unsigned16 06 SYNC start value Unsigned8 07 PDO authentication mechanism Unsigned16 08 PDO cryptographic key Unsigned128 09 PDO session token Unsigned128
Cryptographic key in RPDO has to be set to the public key of the corresponding TPDO.
Cryptographic key in RPDO can only be set, when device is unprotected.
PDO cryptographic key and PDO session token can only be read and written, when Device is unprotected.
CA
N
© CiA
Identity object
Sub-Index Description Data type 00 Highest supported sub-index Unsigned8 01 Vendor-ID Unsigned32 02 Product code Unsigned32 03 Revision number Unsigned32 04 Serial number Unsigned32 05 Identity session token Unsigned128 06 Identity cryptographic signature Unsigned128
CA
N
© CiA
Authentication object Sub-Index Description Data type
00 Highest supported sub-index Unsigned8 01 Status Unsigned8 02 Command Unsigned8 03 Device authentication mechanism Unsigned16 04 Device password Unsigned128 05 System password Unsigned128 06 Device session token Unsigned128 07 Device cryptographic key Unsigned128 08 Session cryptographic key Unsigned128
Commands • Set device/session password • Generate (private/public) keys • Protect/unprotect device/session • …
RND has to change with every password write. Cryptographic key in RPDO can only be set, when device is unprotected.
CA
N
© CiA
Authentication state machine
Initial cleared
Device secure
First time set Device password
System secure
Set System password with Device password Configuration Secured
Cleared
Device password only
CA
N
© CiA
Security is not that difficult. It just need to be implemented
and improved over.
CA
N
© CiA
CAN-ID DATA