Presentation is loading. Please wait.

Presentation is loading. Please wait.

*Trusted Platform Module

Published byGeorgiana Kory Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: "*Trusted Platform Module"— Presentation transcript:

0 ITU/TTC Workshop on How Communications will Change Vehicles and Transport July 4, 2016 Defending Vehicle ECUs from Malicious Attacks and Intrusions Using Hardware Security Modules (HSM) Seigo Kotani, Ph. D. Principal Expert, Mobility IoT Business Unit, Fujitsu Ltd. TCG* Board of Director, Co-Chair of Embedded Systems WG and Vehicle Services Subgroup * Copyright 2010 FUJITSU LIMITED

1 *Trusted Platform Module
Agenda Fujitsu’s activities for vehicle securities Proposal based on HSM, typically TPM* Introduction of TCG and TPM 2.0 Automotive Thin Feasibility study to Remote Firmware Update for Vehicle ECU with TPM *Trusted Platform Module

2 Fujitsu’s Mobility IoT Business Unit from Feb. 2016
■ We’ll aim at a global servicer in the Mobility business by providing service application and integration system.      Concept : Mobility as a Service(MaaS)   Mobility IoT Platform ■ We’ll support safety, relief and comfortableness of human’s mobility with sensor and AI technologies. Concept : Human Centric Mobility + Category Products/ Service Description Mobility as a Service BigData utilization services Services to business which related to mobility IoT Platform Cloud Platform Cloud platform for mobility business Dynamic Map Database Dynamic Map data management system AI Platform (IoT/Cloud) Deep Learning Unit (DLU) Security Cyberattack protection Human Centric Driver Sensing Contactless vital sensing (Iris, Pulse, etc.) BigData IoT Devices Cloud Mobility IoT Solution Mobility as a Service Sensor Technology Human Centric Technology Cloud platform Functions utilizing BigData Insurance Police/Security Logistics/ Transportation Infrastructure   etc. Mobility IoT Platform Human Centric Mobility (Target businesses) Services to business which related to mobility

3 Demo Overview in Fujitsu Forum Tokyo 2016
Planning phase Design/ development phase Management phase Security consulting Drafting security policies Security threat analysis Proposing defense measures Providing security products Device authentication (first wall) Filtering (second wall) Message authentication (third wall) Configuration management Key management Remote maintenance Service solutions Key management system Configuration management system Falsification detection system Maintenance service Life cycle management Cloud (Mobility IoT Platform) Security middleware/ library Multi-layered defenses effective in protecting the system as a whole from the risk of hacking Security service G/W First wall Second wall Third wall Internet Virus infection In-vehicle service 1 In-vehicle service 2 In-vehicle service 3 Hacker Sending unauthorized messages Unauthorized access Hacking Security library Eavesdropping Data falsification

4 Proposal Methods for Defending Vehicle ECUs from Malicious Attacks and Intrusions Using Hardware Security Modules (HSM) global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. Protocol Interface Function Algorithm IP Core Package (Application) TPM (Trusted Platform Module) Protocol Interface Function Algorithm IP Core Package (Application) Conventional HSM Proprietary product Define in the TCG specifications Define in the international standards Assure a behavior by using TCG testbed

5 Why TPM? Require critical functionality for remote maintenance of vehicle Secure communications to remotely verify current situation Confirm installation completion and success or failure Record and retain certifiable audit logs TPM (ISO11889) /TNC* (IETF RFC5792/5793) technologies could satisfy these requirements with reasonable costs Support independent third-party verification ⇒Satisfy transparency and fairness Induction Log ECU TPM Create & deliver by using open technologies ⇒ Guarantee the verifiability of audit logs *Trusted Network Connect

6 Standards Drive Adoption
TCG: Mission and History The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. Work based on hardware root of trust Over 10 years of creating widely used and highly vetted industry specifications Some specifications are international standards Specifications embodied in more than 2 billion products today Standards Drive Adoption

7 Vehicle, Chips, Cloud, Embedded, IoT, Mobile, PC
TCG: Membership Total Membership including Commercial, Liaison, Academic, Invited Experts and Government participants: 130+Members: Vehicle, Chips, Cloud, Embedded, IoT, Mobile, PC Promoters: Contributors:

8 *Root of Trust Measurement
TCG Working Groups Embedded Systems – 4 Subgroups: Vehicle Services, IoT, Network Equipment, RTM* Infrastructure Mobile PC Client Server Storage TCG Software Stack Trusted Mobility Solutions Trusted Multi-tenant Infrastructure Trusted Platform Module Virtualized Platform Virtualized Platform Mobile Phones Applications Storage Infrastructure Servers Desktops & Notebooks Security Hardware Authentication Embedded Systems June 2011 Established Network *Root of Trust Measurement

9 Standardization Trusted Computing Technologies
Trusted Platform Module (TPM) – hardware root-of-trust & key storage Trusted Network Connect (TNC) – access control & endpoint compliance Self-Encrypting Drive (SED) – hardware encryption & fine-grained locking Automotive, PC Client, Mobile – Profiles of TPM 2.0 Library Spec Trusted Computing Platforms Interfaces across multiple platforms for trusted data, devices, and networks Automotive, Embedded Systems, Internet of Things, Cloud/SDN, Virtual Machines, Servers, Desktops, Laptops, Tablets, Mobile Phones, and more Formal Liaisons, Collaborators/Partners ETSI, Global Platform, Industrial Internet Consortium (IIC), Mobey Forum, ISO, IEEE, IETF, OASIS, and more TCG TPM 2.0 Automotive Thin Profile Family “2.0” Level 00 Version 1.0 Published: March 16, 2015 Profile_v1.0.pdf

10 *Platform Configuration Registers
TPM2.0 Automotive Thin Profile Features For sensors, actuators, and controllers implemented as digital ECUs with limited resources (slow CPU with limited ROM, RAM and NVRAM) For deployment in ECUs to support their integrity and attestation for secure boot, normal operation, and remote maintenance services ECU measures firmware into TPM PCR*, uses TPM to create an integrity digest and sign the digest, and sends digest to maintenance center ECU receives the appropriate firmware update, installs the update, and sends confirmation of the successful installation *Platform Configuration Registers

11 Message Flow for Remote Maintenance
Auto-Rich Installed Auto-Thin Update Data FW Digest TNC Remote Center Recognize a status of the vehicle by surveying FW Digest Select & send a suitable update data “TPM 2.0 for Automotive Thin” installed in ECU Measure ECU FW to create a digest & sign to the digest “TPM 2.0 for Automotive Rich” installed in Head unit Work as “TPM 2.0 for whole vehicle”; furthermore Gateway between the Remote Center and ECU Head Unit / Gateway HW 1~2 core RAM OS Others Applications TPM ECU 1 core Application

12 Reference: Auto Thin Resources
Auto Thin Profile – TPM 2.0 Mandatory Resources Authorization Sessions Minimum of 3 sessions Cryptographic Algorithms • At least one of RSA 2048 or ECC P256. Additional asymmetric algorithms and key sizes are allowed. • At least one symmetric algorithm. AES 128 is recommended, others are allowed. • SHA Other hash algorithms are allowed. Platform Configuration Registers (PCRs) PCR0 is required – only reset by TPM2_Startup(). Support for other PCR is optional.

13 Remote Firmware Update for Vehicle ECU with TPM
Connecting Center, In-vehicle Server and ECUs, files downloaded from Center enable ”ECUs update” with TCG’s TPM authentication procedure. Cloud Vehicle In-Vehicle HMI on Tablet PC 3G LTE or other Remote Maintenance Center In-Vehicle Server Wi-Fi TCG published TPM 2.0 Automotive Thin Profile v1.0 TrustCube concept is built-in CAN or other Motor ECU1: Actuator ECU2: LED 2016/2 RSA Conf. SF, 2016/4 SAE World Cong. Detroit

14 Fujitsu: TrustCube concept
Who Identify operator by ID/PW, Biometrics What Current platform identify, Registered ID, PKI Certificate How Current environment of platform: software version, hardware model 3D analysis using trust factors to determine the level comm. & actions to be authorized Record and retain certifiable audit logs with “who agreed”, “for what platform,” “why accepted remote maintenance,” etc. Input as specifications Copyright 2010 FUJITSU LIMITED

15 Thank you, Questions? Join us! Please contact Seigo Kotani TCG
Embedded Systems WG If you are interested in the following applications; Standardization for Automotive IoT Hardcopy devices Mobile communication devices Household applications (TV/Settop box, etc) Industrial control and machinery Financial transaction terminals Medical equipment Smart Grid/Smart meter Sensor network/Monitor cameras … Please contact Seigo Kotani Copyright 2010 FUJITSU LIMITED

16

Download ppt "*Trusted Platform Module"

Similar presentations

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.

1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
TRUST and STANDARDIZATION

TRUST and STANDARDIZATION
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Moscow, 2007 OKB SAPR Information Security Policy that Accords Protection OKB SAPR Special Design Bureau for Computer-Aided Design

Moscow, 2007 OKB SAPR Information Security Policy that Accords Protection OKB SAPR Special Design Bureau for Computer-Aided Design
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Network Access Control for Education

Network Access Control for Education

Similar presentations

Ads by Google