Automotive Cybersecurity Engineering Handbook: The automotive engineer's roadmap to cyber-resilient vehicles

Automotive Cybersecurity Engineering Handbook
Contributors
About the author
About the reviewers
Preface
   Who this book is for
   What this book covers
   To get the most out of this book
   Download the example code files
   Conventions used
   Get in touch
   Share Your Thoughts
   Download a free PDF copy of this book
Part 1:Understanding the Cybersecurity Relevance of the Vehicle Electrical Architecture
1
Introducing the Vehicle Electrical/Electronic Architecture
   Overview of the basic building blocks of the E/E architecture
   Electronic control units
      Looking at MCU-based ECUs
      Looking at SoC-based ECUs
      Looking inside the MCU and SoC software layers
   ECU domains
      Fuel-based powertrain domain
      Electric drive powertrain domain
      Chassis safety control domain
      Interior cabin domain
      Infotainment and connectivity domain
      Cross-domain
   Exploring the in-vehicle network
      CAN
      FlexRay
      LIN
      UART
      SENT
      GMSL
      I2C
      Ethernet
      J1939
   Sensors and actuators
      Sensor types
      Actuators
   Exploring the vehicle architecture types
      Highly distributed E/E architecture
      Domain-centralized E/E architecture
      Zone architecture
      Commercial truck architecture types
   Summary
   Answers to discussion points
   Further reading
2
Cybersecurity Basics for Automotive Use Cases
   Exploring the attack classes
      Passive attacks
      Active attacks
   Identifying security objectives
      Integrity
      Authenticity
      Confidentiality
      Accountability
      Availability
   Cryptography applied to automotive use cases
      Building blocks
      One-way hash functions
      Message authentication code algorithms
      Random number generators
      Public key cryptography
      Key management
      NIST defined security strength
      Chinese cryptography
      PQC algorithms
   Security principles
      Defense in depth
      Domain separation
      Least privilege
      Least sharing
      Mediated access
      Protective defaults
      Anomaly detection
      Distributed privilege
      Hierarchical protection and zero trust
      Minimal trusted elements
      Least persistence
      Protective failure
      Continuous protection
      Redundancy
      Use of standardized cryptography
   Summary
   Further reading
3
Threat Landscape against Vehicle Components
   Threats against external vehicle interfaces
      Backend-related threats
      Connectivity threats
   Threats against the E/E topology
      Highly distributed E/E architecture
      Domain-centralized E/E architecture
      Central vehicle computer architecture
   Threats against in-vehicle networks
      CAN
      FlexRay
      Ethernet
      The Unified Diagnostic Services (UDS) protocol
      SAE J1939 protocols
      SAE J2497 (PLC4TRUCKS)
   Threats against sensors
   Common ECU threats
      Debug ports
      Flash programming
      Power and mode manipulation
      Tampering with machine learning algorithms
      Software attacks
      Disclosure and tampering of cryptographic keys
   Summary
   References
Part 2: Understanding the Secure Engineering Development Process
4
Exploring the Landscape of Automotive Cybersecurity Standards
   Primary standards
      UNECE WP.29
      Chinese regulation and standardization
   Secondary standards
      IATF 16949:2016
      Automotive SPICE (ASPICE)
      Trusted Information Security Assessment Exchange (TISAX)
      SAE J3101 – hardware-protected security for ground vehicles
      Coding and software standards
      NIST cryptographic standards
   Supporting standards and resources
      MITRE Common Weakness Enumeration (CWE)
      US DoT NHTSA Cybersecurity Best Practices for the Safety of Modern Vehicles
      ENISA good practices for the security of smart cars
      SAE J3061 – cybersecurity guidebook for cyber-physical vehicle systems
      ISO/IEC 27001
      NIST SP 800-160
      Uptane
   Summary
   References
5
Taking a Deep Dive into ISO/SAE21434
   Notations
   At a glance – the ISO 21434 standard
   Organizational cybersecurity management
      Management systems
      Intersection of cybersecurity with other disciplines
      Tool management
   Planning
   Acquisition and integration of supplier components
      Supplier capability assessment and the role of the CSIA
   The concept phase
      Item-level concept
      Cybersecurity concept
      Implications to component-level development
   Design and implementation
      Post-development requirements
      Configuration and calibration
      Weakness analysis
      Unit implementation
   Verification testing
   Validation testing
   Product release
      Cybersecurity case
      Cybersecurity assessment
   Production planning
   Operations and maintenance
      Monitoring
      Vulnerability analysis
      Vulnerability management
      Updates
   End of life
   Summary
6
Interactions Between Functional Safety and Cybersecurity
   A tale of two standards
   A unified versus integrated approach
   Establishing a foundational understanding of functional safety and cybersecurity
      Understanding the unique aspects and interdependencies between the two domains
      Differences between safety and security scope
      Differences in the level of interdependence between safety and security requirements
      Conflict resolution
   Extending the safety and quality supporting processes
      Planning
      Supplier management
      Concept
      Design
      Implementation
      Testing and validation
      Release
      Production
      End of life
   Creating synergies in the concept phase
      Item functions
      Item boundaries and operational environments
      Damage scenarios and hazards
      Safety and security goals
      Safety and security requirements
   Finding synergies and conflicts in the design phase
      Leveraging safety and security mechanisms
      Self-tests across safety and security
      Leveraging error detection safety mechanisms
      Eliminating inconsistencies in the error response
      Parallels in design principles
   Secure coding practices versus safe coding techniques
   Synergies and differences in the testing phase
   Summary
   References
Part 3: Executing the Process to Engineer a Secure Automotive Product
7
A Practical Threat Modeling Approach for Automotive Systems
   The fundamentals of performing an effective TARA
      Assets
      Damage scenarios
      Threat scenarios
      Attacker model and threat types
      Attack paths
      Risk assessment methods
      Risk treatment
   Common pitfalls when preparing a TARA
   Defining the appropriate TARA scope
   The practical approach
      Know your system
      Make your assumptions known
      Use case-driven analysis
      Prepare context and data flow diagrams
      Damages versus assets – where to start
      Identifying assets with the help of asset categories
      Building threat catalogs
      Creating attack paths using a system flow diagram
      Risk prioritization
      Defining cybersecurity goals
      Choosing security controls and operational environment (OE) requirements
      Tracking shared and accepted risks
      Review and signoff
   Case study using a digital video recorder (DVR)
      Assumptions
      Context diagram
      Identifying the assets
      Damage scenarios
      Cybersecurity requirements and controls
   Summary
   References
8
Vehicle-Level Security Controls
   Choosing cybersecurity controls
      Challenging areas
   Vehicle-level versus ECU-level controls
   Policy controls
   Secure manufacturing
      Challenges
   Secure off-board network communication
      Wi-Fi
      Bluetooth
      Cellular
   Host-based intrusion detection
   Network intrusion detection and prevention (NIDP)
   Domain separation and filtering
   Sensor authentication
   Secure software updates
   In-vehicle network protection
      CAN message authentication
      Ethernet
   Securing diagnostic abilities
      Security access control via UDS service 0x27
      Role-based access control via UDS service 0x29
      Securing flash programming services
   Secure decommissioning
   Summary
   Further reading
9
ECU-Level Security Controls
   Understanding control actions and layers
   Exploring policy controls
   Exploring hardware controls
      RoT
      OTP memory
      Hardware-protected keystore
      Secure Universal Flash Storage
      Cryptographic accelerators
      Lockable hardware configuration
      CPU security
      Isolation through MMUs and MPUs
      Encrypted volatile memories
      Debug access management
   Exploring software security controls
      Software debug and configuration management
      Secure manufacturing
      Key management policies
      Multi-stage secure boot
      Trusted runtime configuration
      TEEs
      Secure update
      Spatial isolation
      Temporal isolation
      Encrypted and authenticated filesystems
      Runtime execution hardening
      Security monitors
   Exploring physical security controls
      Tamper detection and prevention
      Printed circuit board layout pin and trace hiding
      Concealment and shielding
   Summary
   Further reading
Index
   Why subscribe?
Other Books You May Enjoy
   Packt is searching for authors like you
   Share Your Thoughts
   Download a free PDF copy of this book