CA

N

© CiA

Security in Embedded Systems

A short journey into the rough and evil world

Thilo Schumann CAN in Automation (CiA)

CA

N

© CiA

Alice

CA

N

© CiA

Alice

CA

N

© CiA

Bob

CA

N

© CiA

Alice want’s to message Bob

CA

N

© CiA

Alice want’s to message Bob

CA

N

© CiA

Alice sends postcard to Bob

CA

N

© CiA

Alice sends postcard to Bob

CA

N

© CiA

Alice sends postcard to Bob

CA

N

© CiA

Alice sends postcard to Bob

✔ Public ✔ Broadcast ?  Authentic

✘ Private ✘ Peer to peer ✘ Denial of service

CA

N

© CiA

Alice sends letter to Bob

CA

N

© CiA

Alice sends letter to Bob

CA

N

© CiA

Alice sends letter to Bob

CA

N

© CiA

Alice sends letter to Bob

✔ Private ✔ Peer to peer ✘ Denial of service

✘  Public ✘  Broadcast ✔  Authentic

CA

N

© CiA

Embedded network

CA

N

© CiA

CAN (FD)

CAN-ID DATA

CA

N

© CiA

Properties CAN (FD)

CAN-ID DATA

! Broadcast ! Public

CA

N

© CiA

Threat models

CAN-ID DATA

CA

N

© CiA

Threat models

CAN-ID DATA

✔  Broadcast ✔  Public ✔  Data integrity ✘  Authentic ✘  Privacy ✘  Denial of service

CA

N

© CiA

Improve security

CAN-ID DATA SIG

!  Hash algorithm

✔  Broadcast ✔  Public ✔  Data integrity ✘  Authentic ✘  Privacy ✘  Denial of service

CA

N

© CiA

SECRET SECRET SECRET

Improve security (II)

CAN-ID DATA SIG

SECRET SECRET SECRET

✔  Broadcast ✔  Public ✔  Data integrity ✔  Authentic ✘  Privacy ✘  Denial of service

!  Hash algorithm !  Shared secret

CA

N

© CiA

PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE

Improve security (III)

SIG

!  Asymmetric crypto algorithm !  Shared secret

PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE

CAN-ID DATA

✔  Broadcast ✔  Public ✔  Data integrity ✔  Authentic ✘  Privacy ✘  Denial of service

CA

N

© CiA

SECRET SECRET SECRET

Improve security (IV)

CAN-ID DATA SIG

!  Symmetric crypto algorithm !  Shared secret

SECRET SECRET SECRET

✔  Broadcast ✘  Public ✔  Data integrity ✔  Authentic ✔  Privacy ✘  Denial of service

CA

N

© CiA

PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE

Improve security (V)

CAN-ID DATA SIG

!  Asymmetric crypto algorithm !  Shared secret

PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE

✔  Broadcast ✘  Public ✔  Data integrity ✔  Authentic ✔  Privacy ✘  Denial of service

CA

N

© CiA

Device A TPDO Device auth mechanism

Device crypt key

Device session token

Session crypt key

PDO auth mechanism

PDO crypt key

Device B RPDO Device auth mechanism

Device crypt key

Device session token

Session crypt key

PDO auth mechanism

PDO crypt key

PDO session token

Security Manager

Device auth mechanism

Device crypt key

Session crypt key

Session crypt key

Device session token PDO session token

PDO session token PDO session token

PDO auth mechanism

PDO crypt key

Device crypt key

Device session token

Device auth mechanism

Session crypt key PDO session token

PDO crypt key

PDO auth mechanism

CANopen security

DATA SIG

CA

N

© CiA

PDO definition Sub-Index Description Data type

00 Highest supported sub-index Unsigned8

01 COB-ID Unsigned32 02 Transmission type Unsigned8 03 Inhibit time Unsigned16 04 reserved Unsigned8 05 Event timer Unsigned16 06 SYNC start value Unsigned8 07 PDO authentication mechanism Unsigned16 08 PDO cryptographic key Unsigned128 09 PDO session token Unsigned128

Cryptographic key in RPDO has to be set to the public key of the corresponding TPDO.

Cryptographic key in RPDO can only be set, when device is unprotected.

PDO cryptographic key and PDO session token can only be read and written, when Device is unprotected.

CA

N

© CiA

Identity object

Sub-Index Description Data type 00 Highest supported sub-index Unsigned8 01 Vendor-ID Unsigned32 02 Product code Unsigned32 03 Revision number Unsigned32 04 Serial number Unsigned32 05 Identity session token Unsigned128 06 Identity cryptographic signature Unsigned128

CA

N

© CiA

Authentication object Sub-Index Description Data type

00 Highest supported sub-index Unsigned8 01 Status Unsigned8 02 Command Unsigned8 03 Device authentication mechanism Unsigned16 04 Device password Unsigned128 05 System password Unsigned128 06 Device session token Unsigned128 07 Device cryptographic key Unsigned128 08 Session cryptographic key Unsigned128

Commands •  Set device/session password •  Generate (private/public) keys •  Protect/unprotect device/session •  …

RND has to change with every password write. Cryptographic key in RPDO can only be set, when device is unprotected.

CA

N

© CiA

Authentication state machine

Initial cleared

Device secure

First time set Device password

System secure

Set System password with Device password Configuration Secured

Cleared

Device password only

CA

N

© CiA

Security is not that difficult. It just need to be implemented

and improved over.

CA

N

© CiA

CAN-ID DATA