没有合适的资源?快使用搜索试试~ 我知道了~
SAE J3101:2020 Hardware Protected Security for Ground Vehicles -...
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
5星 · 超过95%的资源 6 下载量 32 浏览量
2021-09-02
09:44:19
上传
评论
收藏 889KB PDF 举报
温馨提示
试读
80页
SAE J3101:2020 Hardware Protected Security for Ground Vehicles - 完整英文电子版(80页).pdf
资源详情
资源评论
资源推荐
__________________________________________________________________________________________________________________________________________
SAE Technical Standards Board Rules provide that: “This report is published by SAE to advance the state of technical and engineering sciences. The use of this report is entirely
voluntary, and its applicability and suitability for any particular use, including any patent infringement arising therefrom, is the sole responsibility of the user.”
SAE reviews each technical report at least every five years at which time it may be revised, reaffirmed, stabilized, or cancelled. SAE invites your written comments and
suggestions.
Copyright © 2020 SAE International
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying,
recording, or otherwise, without the prior written permission of SAE.
TO PLACE A DOCUMENT ORDER: Tel: 877-606-7323 (inside USA and Canada)
Tel: +1 724-776-4970 (outside USA)
Fax: 724-776-0790
Email: CustomerService@sae.org
SAE WEB ADDRESS: http://www.sae.org
SAE values your input. To provide feedback on this
Technical Report, please visit
http://standards.sae.org/J3101_202002
SURFACE VEHICLE
RECOMMENDED PRACTICE
J3101™
FEB2020
Issued 2020-02
Hardware Protected Security for Ground Vehicles
RATIONALE
Automotive computer systems are required to establish trustworthiness through device identity, sealing, attestation, data
integrity, and availability. These systems must be resilient to a wide range of attacks that cannot be thwarted through
software-only security mechanisms. A hardware root of trust and the hardware-based security primitives are fundamentally
necessary to satisfy demands of connected and highly or fully automated vehicles. This document provides a
comprehensive view of security mechanisms supported in hardware for automotive use cases, along with best practices for
using such mechanisms.
TABLE OF CONTENTS
1. INTRODUCTION ........................................................................................................................................ 4
1.1 Scope and Objective .................................................................................................................................. 4
1.2 Audience .................................................................................................................................................... 4
2. REFERENCES ........................................................................................................................................... 5
2.1 Applicable Documents ............................................................................................................................... 5
2.1.1 SAE Publications ........................................................................................................................................ 5
2.1.2 ISO Publications ......................................................................................................................................... 5
2.1.3 NIST Publications ....................................................................................................................................... 6
2.1.4 Other Publications ...................................................................................................................................... 8
3. DEFINITIONS ............................................................................................................................................ 8
4. HARDWARE PROTECTED SECURITY ENVIRONMENT ........................................................................ 9
4.1 Defined ....................................................................................................................................................... 9
4.2 Design with a Hardware Protected Security Environment ....................................................................... 10
4.3 Hardware Protected Security Abstraction Layers .................................................................................... 10
4.4 Safety Determination of a System Secured by a Hardware Protected Security Environment ................ 11
5. LIFECYCLE OF HARDWARE PROTECTED SECURITY IN A VEHICLE .............................................. 11
5.1 Engineering Development ........................................................................................................................ 11
5.2 Component Integration............................................................................................................................. 11
5.3 Manufacture/Production ........................................................................................................................... 12
5.4 Distribution ............................................................................................................................................... 12
5.5 Customer Use .......................................................................................................................................... 12
5.6 Aftermarket Alteration .............................................................................................................................. 12
5.7 Resale/Reconditioning ............................................................................................................................. 12
5.8 Disposal/Retirement ................................................................................................................................. 12
poorest
SAE INTERNATIONAL J3101™ FEB2020 Page 2 of 80
6. COMMON REQUIREMENTS .................................................................................................................. 12
6.1 Mandatory versus Optional and Required versus Conditional Presentation of Requirements ................ 13
6.2 Cryptographic Key Protection .................................................................................................................. 13
6.2.1 Cryptographic Key Management Primer .................................................................................................. 13
6.2.2 Cryptographic Key Protection Overview .................................................................................................. 14
6.2.3 Requirements ........................................................................................................................................... 15
6.2.4 Flow Examples (Informative) ................................................................................................................... 26
6.3 Cryptographic Algorithms and Protocols .................................................................................................. 27
6.3.1 Cryptographic Algorithms Overview ......................................................................................................... 27
6.3.2 Requirements ........................................................................................................................................... 28
6.3.3 Implementation Considerations (Informative) .......................................................................................... 30
6.4 Random Number Generation ................................................................................................................... 30
6.4.1 Random Number Generation Overview ................................................................................................... 30
6.4.2 Requirements ........................................................................................................................................... 30
6.4.3 Implementation Considerations (Informative) .......................................................................................... 31
6.4.4 Understanding and Managing Entropy .................................................................................................... 32
6.5 Nonvolatile Critical Security Parameters .................................................................................................. 32
6.5.1 Nonvolatile Critical Security Parameters Overview ................................................................................. 32
6.5.2 Requirements: Required .......................................................................................................................... 32
6.5.3 Implementation Considerations (Informative) .......................................................................................... 33
6.6 Cryptographic Algorithm Agility ................................................................................................................ 33
6.6.1 Cryptographic Agility Overview ................................................................................................................ 33
6.6.2 Requirements ........................................................................................................................................... 33
6.7 Interface Control ....................................................................................................................................... 34
6.7.1 Interface Control Overview ...................................................................................................................... 34
6.7.2 Requirements ........................................................................................................................................... 34
6.8 Secure Execution Environment ................................................................................................................ 36
6.8.1 Secure Execution Environment Basics: Required ................................................................................... 36
6.8.2 Requirements ........................................................................................................................................... 36
6.8.3 Implementation Considerations (Informative) .......................................................................................... 37
6.9 Self-Test ................................................................................................................................................... 38
6.9.1 Operational States: Conditional ............................................................................................................... 38
6.9.2 Self-Test Overview ................................................................................................................................... 39
6.9.3 Requirements ........................................................................................................................................... 40
7. PROFILES OF HARDWARE SECURITY COMMON REQUIREMENTS ................................................ 41
7.1 Confidentiality Profile ............................................................................................................................... 42
7.2 Integrity Profile ......................................................................................................................................... 43
7.3 Availability Profile ..................................................................................................................................... 43
7.4 Access Control Profile .............................................................................................................................. 43
7.5 Non-Repudiation Profile ........................................................................................................................... 44
7.6 Limited Use .............................................................................................................................................. 44
7.7 Assurance Level (Informative) ................................................................................................................. 44
8. VALIDATION AND VERIFICATION ......................................................................................................... 45
9. PRIMARY USE CASES ........................................................................................................................... 45
9.1 Authenticated Boot ................................................................................................................................... 45
9.1.1 Objectives ................................................................................................................................................ 45
9.1.2 Scope and Definitions .............................................................................................................................. 45
9.1.3 Illustrative Process ................................................................................................................................... 46
9.1.4 Requirements ........................................................................................................................................... 46
9.1.5 Implementation Considerations ............................................................................................................... 47
9.1.6 Recommended Profiles ............................................................................................................................ 47
9.2 Authenticated Update............................................................................................................................... 48
9.2.1 Objectives ................................................................................................................................................ 48
9.2.2 Assumptions for Delivery of Firmware ..................................................................................................... 48
9.2.3 Scope and Definitions .............................................................................................................................. 48
9.2.4 Illustrative Process ................................................................................................................................... 49
9.2.5 Requirements ........................................................................................................................................... 50
poorest
SAE INTERNATIONAL J3101™ FEB2020 Page 3 of 80
9.2.6 Implementation Considerations ............................................................................................................... 51
9.2.7 Recommended Profile(s) ......................................................................................................................... 52
9.3 Secure In-Vehicle Messaging .................................................................................................................. 52
9.3.1 Objectives ................................................................................................................................................ 52
9.3.2 Scope and Definitions .............................................................................................................................. 52
9.3.3 Requirements ........................................................................................................................................... 52
9.3.4 Implementation Considerations ............................................................................................................... 53
9.3.5 Recommended Profile(s) ......................................................................................................................... 54
9.4 Access Mechanisms ................................................................................................................................ 54
9.4.1 Objectives ................................................................................................................................................ 54
9.4.2 Scope ....................................................................................................................................................... 54
9.4.3 Requirements ........................................................................................................................................... 55
9.4.4 Illustrative Processes ............................................................................................................................... 56
9.4.5 Implementation Considerations ............................................................................................................... 62
9.4.6 Recommended Profile(s) ......................................................................................................................... 65
9.5 Secure Storage ........................................................................................................................................ 65
9.5.1 Objectives ................................................................................................................................................ 65
9.5.2 Scope and Definitions .............................................................................................................................. 65
9.5.3 Requirements ........................................................................................................................................... 65
9.5.4 Illustrative Process ................................................................................................................................... 66
9.5.5 Implementation Considerations ............................................................................................................... 67
9.5.6 Recommended Profile(s) ......................................................................................................................... 68
10. APPLICATION USE CASES .................................................................................................................... 68
10.1 Intellectual Property Protection ................................................................................................................ 68
10.1.1 Objectives ................................................................................................................................................ 68
10.1.2 Scope and Definitions .............................................................................................................................. 68
10.1.3 Requirements ........................................................................................................................................... 68
10.1.4 Implementation Considerations ............................................................................................................... 69
10.1.5 Recommended Profile(s) ......................................................................................................................... 69
10.2 Secure Diagnosis at the ECU Level ......................................................................................................... 69
10.2.1 Objectives ................................................................................................................................................ 69
10.2.2 Scope and Definitions .............................................................................................................................. 69
10.2.3 Common Requirements ........................................................................................................................... 70
10.2.4 Illustrative Process ................................................................................................................................... 71
10.2.5 Recommended Profiles ............................................................................................................................ 73
10.3 Secure Logging ........................................................................................................................................ 73
10.3.1 Objectives ................................................................................................................................................ 73
10.3.2 Scope and Definitions .............................................................................................................................. 74
10.3.3 Common Requirements ........................................................................................................................... 74
10.3.4 Illustrative Process ................................................................................................................................... 75
10.3.5 Recommended Profiles ............................................................................................................................ 76
11. NOTES ..................................................................................................................................................... 77
11.1 Revision Indicator ..................................................................................................................................... 77
APPENDIX A EXAMPLES OF ENTROPY AND DETERMINISTIC BIT GENERATORS .............................................. 78
Figure 1 Hardware protected security environment abstraction layers .................................................................. 11
Figure 2 Key management and provisioning .......................................................................................................... 14
Figure 3 Digital signature process .......................................................................................................................... 50
Figure 4 Example update flow by service technician ............................................................................................. 58
Figure 5 Access control - fully hardware protected security environment controlled ............................................. 63
Figure 6 Access control - partial hardware protected security environment control .............................................. 64
Figure 7 Authorization flow for secure diagnostics ................................................................................................. 71
Table 1 Common requirements of each profile ..................................................................................................... 42
poorest
SAE INTERNATIONAL J3101™ FEB2020 Page 4 of 80
1. INTRODUCTION
Automotive computer systems are required to establish trustworthiness through device identity, sealing, attestation, data
integrity, and availability. These systems must be resilient to a wide range of attacks that cannot be thwarted through
software-only security mechanisms. A hardware root of trust and the hardware-based security primitives are fundamentally
necessary to satisfy demands of connected and highly or fully automated vehicles. This document provides a
comprehensive view of security mechanisms supported in hardware for automotive use cases, along with best practices for
using such mechanisms. The goal of this document is to provide a common reference that facilitates communication among
engineers across different parts of the automotive supply chain relevant to hardware-enabled security features. Silicon
vendors will find this document useful in understanding the hardware security foundations and their corresponding use
cases and applications that they should support to address vehicle security needs. This document should also bring more
order into the diverse nature of hardware security features, so products are developed with the end use case in mind and
with the right level of security. ECU suppliers and system integrators will benefit from the different security requirements
and use cases outlined here as they assess the threats that affect their systems and the right hardware systems needed to
address them.
This document represents a collection of characteristics of hardware mechanisms that are of use to, and address the needs
of, the automotive industry in order to provide insight to the silicon industry and prevent fragmentation.
There exists a demand in the auto industry for a document to provide a baseline of due diligence in product development.
This document aims to meet that need as a reference of industry best practices of minimum expectations of hardware
protected cybersecurity.
1.1 Scope and Objective
This document presents a common set of requirements to be implemented in hardware-assisted functions to facilitate
security-enhanced applications, to achieve an ideal system for hardware protection for ground vehicle applications.
This document will outline a common set of requirements to meet this goal and illustrate examples of the use of such
requirements in various use cases which span the lifecycle of ground vehicle products, without explicitly detailing
implementation requirements.
SAE J3101 has taken the approach of defining requirements through fundamental use cases. These requirements become
building blocks for innovation, but are not development-process oriented. The presented building blocks are not attempting
to encompass all future potential innovation; however, considerable future innovation should be possible through creative
combinations of the presented requirements. It should be expected that some innovation may create future core
requirements that themselves become new building blocks not captured within the scope of this revision of this document.
1.2 Audience
This standard is written from the point of view of automakers and suppliers to automakers addressed to embedded
component suppliers such as microcontroller vendors. Although consumer automobile applications dominate the illustrated
use cases the document is intended to apply to any ground vehicle application. Government applications suggested within
this document are “non-tactical” characterized as otherwise civilian vehicles repurposed for government purposes. This
document specifically does not include use cases of military applications
poorest
SAE INTERNATIONAL J3101™ FEB2020 Page 5 of 80
2. REFERENCES
2.1 Applicable Documents
The following publications form a part of this specification to the extent specified herein. Unless otherwise indicated, the
latest issue of SAE publications shall apply.
2.1.1 SAE Publications
Available from SAE International, 400 Commonwealth Drive, Warrendale, PA 15096-0001, Tel: 877-606-7323 (inside USA
and Canada) or +1 724-776-4970 (outside USA), www.sae.org
.
SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
2.1.2 ISO Publications
Copies of these documents are available online at http://webstore.ansi.org/
.
ISO/IEC 2382:2015 Information Technology - Vocabulary
ISO/IEC/IEEE DIS 8802-1 AE Information Technology - Telecommunications and Information Exchange Between
Systems - Local and Metropolitan Area Networks - Part 1AE: Media Access Control (MAC)
Security
ISO/IEC 9797-1:2011 Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part
1: Mechanisms Using A Block Cipher
ISO/IEC 9797-2:2011 Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part
2: Mechanisms Using a Dedicated Hash-Function
ISO/IEC 10116:2017 Information Technology - Security Techniques - Modes of Operation for an N-Bit Block
Cipheriso 15782-1:2009
ISO/IEC 17025:2017 General Requirements for the Competence of Testing and Calibration Laboratories
ISO 18031:2011 Information Technology - Security Techniques - Random Bit Generation
ISO/IEC 18033-3:2010 Information Technology - Security Techniques - Encryption Algorithms - Part 3: Block
Ciphersiso 19772
ISO/IEC 19790:2012 Information Technology - Security Techniques - Security Requirements for Cryptographic
Modulesiso/SAE DIS 21434
ISO 26262-1:2011 Road Vehicles - Functional Safety - Part 1: Vocabulary
ISO/IEC 27000:2016 Information Technology - Security Techniques - Information Security Management Systems -
Overview and Vocabulary
ISO 29192-2:2012 Information Technology - Security Techniques - Lightweight Cryptography - Part 2: Block
Ciphers
poorest
剩余79页未读,继续阅读
alarmano
- 粉丝: 21
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论6