Slide 1© Fraunhofer | C. Krauß

TPM 2.0 TO PROTECT EMBEDDED VEHICLE SYSTEMS

Prof. Dr. Christoph Krauß September 4th, 2019

Webinar presentation on AutoISAC Community Call

Slide 2© Fraunhofer | C. Krauß

Fraunhofer Institute for Secure Information Technology SITLeading Institution for Applied Cybersecurity Research in Germany

Founded: 1961

Employees: 179

Annual budget: 11 m€

Chair at TU Darmstadt: 1

Additional Professorship at

TU Darmstadt: 1

Professorships at h_da: 1

Main Locations: 3 (Darmstadt,

Birlinghoven, Mittweida)

Additional locations: 2

(Jerusalem, Singapore)

Fields of Expertise

• Automotive Security

• Cloud Computing

• Cyber-Physical Systems

• Identity & Privacy

• Industry 4.0

• Mobile Systems & Networks

• Secure Engineering

• Security Management

• Security Test Lab

• …

Engaged in

• CRISP

• Fraunhofer-Competence Centre “Privacy & Data Protection in the Digital World”

• Learning Laboratory Cybersecurity

• Digital Hub Cybersecurity Darmstadt

Slide 3© Fraunhofer | C. Krauß

Introduction I

The Connected Car enables new applications

Driver Assistance (e.g., hazard warning, parking spot detection)

Infotainment (e.g., audio/video streaming, route optimization, POI)

Value-added services (e.g., charge point reservation, predictive maintenance)

Business models (e.g., “Pay how you drive” insurance tariffs)

Services for OEMs (e.g., quality control, product improvement, over-the-air updates)

etc.

Source: Car2Car Communication ConsortiumSource: ADAC Source: sijox

Slide 4© Fraunhofer | C. Krauß

Introduction II

However, new security and privacy threats arise

Threats to the functionality of (safety-critical) systems

Threats to live and limb of passengers

Influence brakes, engine, ADAS etc.

Monetary threats

Turn back odometer

Illegal function activation or chip tuning

Vehicle theft

Privacy threats

Movement and driving behavior profiles

Driver identification

Appropriate security and privacy mechanisms required!

So

urc

e: fo

rbe

s.co

m

So

urc

e: w

ired

.co

mSo

urc

e: Fra

un

ho

fer

SIT

Slide 5© Fraunhofer | C. Krauß

Benefits of using Hardware Security

SOFTWARE ONLYProtects against limited attackers and basic software attacks

HARDWARE SECURITYProtects against hardware attacks and hardens against software attacks

Reading Software easily readableProtection against unauthorized reading

CopyingSoftware can easily be copied and distributed

Secure hardware cannot be easily copied

AnalyzingSoftware easily analyzable using standard tools

Secure hardware implements mechanisms to impede analyzes

Root of Trust No "Root of Trust""Root of Trust" which provides detection, recoverability …

Pictures: Alpha Stock Images and ImageCreator, Nick Youngson, CC BY-SA 3.0

Slide 6© Fraunhofer | C. Krauß

Trusted Platform Module (TPM) 2.0

TPM 2.0 Library Specification defines functionalities how to build TPMs for different platforms

Standardized by the Trusted Computing Group (TCG)

Applicable in industrial, automotive, network equipment, and other applications

TPM 2.0 provides (amongst others)

Device identification

Secure generation, storage, and usage of keys (asymmetric and symmetric)

Root of trust for storage and reporting

Cryptographic agility

Enhanced authorization

Flexibility (TPM library profiles, dedicated hardware chip vs. firmware TPM …)

Encrypted communication between TPM and host or even backend systems© Infineon

Slide 7© Fraunhofer | C. Krauß

TPM Software Stack 2.0 I

TPM middleware organized in different layers

Feature API (FAPI)

Enhanced System API (ESAPI)

System API (SAPI)

TPM Command Transmission Interface (TCTI)

TPM Access Broker (TAB), Resource Manager (RM)

(TPM Driver)

Lower layers provide data transport and direct access to all TPM functionalities

Applications for highly constrained systems Minimal dependencies

Upper layers provide abstractions and convenience functions

High level support for policies, key usage, crypto suite selection etc. More dependencies

ESAPI

SAPI

FAPI

TCTI

Application

TAB / RM

TPM Driver

© Infineon

Slide 8© Fraunhofer | C. Krauß

TPM Software Stack 2.0 II

TSS enables easy development of TPM 2.0 applications

TSS includes support for OpenSSL

Interface to use a TPM 2.0 as secured key store

TSS 2.0 available as Open Source

Joint development of Intel, Infineon, and Fraunhofer SIT

Packages for Linux distributions:RHEL, Suse, Debian, Ubuntu,OpenEmbedded underway

StrongSwan VPN support

BSD license

Packages for using a TPM withmicrocontrollers (e.g., Aurix 2G) underway

Slide 9© Fraunhofer | C. Krauß

TPM 2.0 vs. Programmable Secure Element (SE)

TPM Application

Basic Firmware

Hardware

SSL/TLS Library

TSS

TPM Driver

ApplicationApplication

Programmable SETPM 2.0

TPM is a standardized solution Available open source software and APIs reduce costs for development

Low development costs with standardized functions

High effort and customized functionalities

SSL/TLS Library

Middleware

Driver

SE Application

Basic Firmware

Hardware

© Infineon

Slide 10© Fraunhofer | C. Krauß

Integration of TPMs in the electrical system

Vehicle electrical systems sometimes consistof 100 Electronic Control Units (ECUs)

Not possible to equip each ECU with a TPM

We propose to use up to five TPMs in a vehicle

Basic setting: only one TPM, e.g., in the centralgateway acts as a central key server

Extended settings integrate TPMs, e.g., in

Electric Vehicle Communication Controller (EVCC)

Head Unit

Telematics Control Unit (TCU)

Automated Driving Control Unit (ADCU)

Other ECUs should use other solutions

Slide 11© Fraunhofer | C. Krauß

Use Case: Intellectual Property and Privacy protection

Goal

Provide confidentiality of intellectual property rights (IPR) and user data

Requirements

Only allow manufacturer to access IPR data

Only allow user to access user data

Result: TPM 2.0 Head Unit Demonstrator with Tizen IVI

Used TPM 2.0 Features

Measured Boot

Sealing (i.e., encrypting) external containers

Enhanced Authorization for accessing keysto unseal containers

Slide 12© Fraunhofer | C. Krauß

Use Case: Secure Over-the-Air Updates I

Goal

Address threat that attacker exploits vulnerabilities

Secure Over-the-air (OTA) update protocol for

Fixing bugs (functional, security)

Upgrading features

Requirements

Integrity of update packages

Origin authenticity of update packages

If necessary IPR protection, i.e., confidentiality and access control

Prevention of downgrade attacks

Non-repudiation and accountability based on firmware state

Slide 13© Fraunhofer | C. Krauß

Use Case: Secure Over-the-Air Updates II

Result: TPM 2.0 based Secure OTA Update Protocol

Update firmware to (only) newer versions

Allow only the original manufacturer to read / write firmware

Prevent access, if an old firmware version has been installed

Slide 14© Fraunhofer | C. Krauß

Use Case: Firmware Runtime Product Lines /Secure Remote Feature Activation

Goals

Unified firmware image for whole product line

Secure remote feature activation

Requirements

ECU can verify whether to unlock a feature or not

Prevent unauthorized upgrades / feature activations

Result: TPM 2.0 based firmware protection and control

Used TPM 2.0 Features

Measured Boot

NV counter with enhanced authorization

Protected direct access to the TPM from backend systems

Slide 15© Fraunhofer | C. Krauß

Use Case: Securing Plug-and-Charge Credentials in Electric Vehicles

Goals

Protect ISO 15118 Plug-and-Charge (PnC) credentials

Requirements

Secure storage and usage of PnC credentials in EVCC

ISO 15118 certificate extensions

Result: PnC credential protection using TPM 2.0

Slide 16© Fraunhofer | C. Krauß

Use Case: Secure and privacy-preserving electric vehicle billing

Goals

Enable secure charging and billing of electric vehicles while preserving privacy

Requirements

Prevent generation of movement profiles

Compliance with European General Data Protection Regulation (GDPR)

TPM 2.0 integration in Electric Vehicle Communication Controller (EVCC)

Result: Adapted Direct Anonymous Attestation (DAA) protocol

Used TPM 2.0 Features

Measured Boot

Sealing

TPM 2.0 DAAHMI and privacy architecture developed within the SeDaFa project

(HMI design by IAD, TU Darmstadt)

Slide 17© Fraunhofer | C. Krauß

Conclusion and Outlook

Connected car introduces new threats

Hardware security can significantly increase the security of connected cars

TPM and TSS 2.0 can complement other hardware security solutions

Use of TPMs only in ECUs with high security requirements

Development with low overhead possible (available Open Source TSS, OpenSSL integration etc.)

TPM can even complement existing microcontrollersolutions, e.g., Aurix, to increase security

Realization of many use cases possible, e.g., secure OTA update, feature activation

TPM 2.0 enabled Secure Charging Demonstrator

Slide 18© Fraunhofer | C. Krauß

References

TSS2 Github Developer Community: https://github.com/tpm2-software

Core Libraries: https://github.com/tpm2-software/tpm2-tss

Command Line Tools: https://github.com/tpm2-software/tpm2-tools

PKCS#11 interface: https://github.com/tpm2-software/tpm2-pkcs11

OpenSSL Engine: https://github.com/tpm2-software/tpm2-tss-engine

Access Broker & Resource Management: https://github.com/tpm2-software/tpm2-abrmd

Andreas Fuchs, Christoph Krauß, Jürgen Repp: Runtime Firmware Product Lines Using TPM2.0. IFIP SEC 2017

Andreas Fuchs, Christoph Krauß, Jürgen Repp: Advanced Remote Firmware Upgrades Using TPM 2.0. IFIP SEC 2016

Daniel Zelle, Markus Springer, Maria Zhdanova, Christoph Krauß: Anonymous Charging and Billing of Electric Vehicles. ARES 2018

Fraunhofer SIT, Automotive Security: https://www.sit.fraunhofer.de/de/automotive-security/

Fraunhofer SIT, Trusted Computing: https://www.sit.fraunhofer.de/de/trustedcomputing/

Fraunhofer SIT, Post-Quantum Cryptography: https://www.sit.fraunhofer.de/de/postquantum/

Slide 19© Fraunhofer | C. Krauß

Contact

Prof. Dr. Christoph Krauß

Fraunhofer Institute for Secure Information Technology SITHead of Department Cyber-Physical Systems SecurityRheinstr. 75 | 64295 Darmstadt | Germany

christoph.krauss@sit.fraunhofer.dewww.sit.fraunhofer.de