security in embedded systems - amazon s3s3.eu-central-1.amazonaws.com/cancia-de/documents/... ·...
TRANSCRIPT
![Page 1: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/1.jpg)
CA
N
© CiA
Security in Embedded Systems
A short journey into the rough and evil world
Thilo Schumann CAN in Automation (CiA)
![Page 2: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/2.jpg)
CA
N
© CiA
Alice
![Page 3: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/3.jpg)
CA
N
© CiA
Alice
![Page 4: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/4.jpg)
CA
N
© CiA
Bob
![Page 5: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/5.jpg)
CA
N
© CiA
Alice want’s to message Bob
![Page 6: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/6.jpg)
CA
N
© CiA
Alice want’s to message Bob
![Page 7: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/7.jpg)
CA
N
© CiA
Alice sends postcard to Bob
![Page 8: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/8.jpg)
CA
N
© CiA
Alice sends postcard to Bob
![Page 9: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/9.jpg)
CA
N
© CiA
Alice sends postcard to Bob
![Page 10: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/10.jpg)
CA
N
© CiA
Alice sends postcard to Bob
✔ Public ✔ Broadcast ? Authentic
✘ Private ✘ Peer to peer ✘ Denial of service
![Page 11: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/11.jpg)
CA
N
© CiA
Alice sends letter to Bob
![Page 12: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/12.jpg)
CA
N
© CiA
Alice sends letter to Bob
![Page 13: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/13.jpg)
CA
N
© CiA
Alice sends letter to Bob
![Page 14: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/14.jpg)
CA
N
© CiA
Alice sends letter to Bob
✔ Private ✔ Peer to peer ✘ Denial of service
✘ Public ✘ Broadcast ✔ Authentic
![Page 15: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/15.jpg)
CA
N
© CiA
Embedded network
![Page 16: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/16.jpg)
CA
N
© CiA
CAN (FD)
CAN-ID DATA
![Page 17: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/17.jpg)
CA
N
© CiA
Properties CAN (FD)
CAN-ID DATA
! Broadcast ! Public
![Page 18: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/18.jpg)
CA
N
© CiA
Threat models
CAN-ID DATA
![Page 19: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/19.jpg)
CA
N
© CiA
Threat models
CAN-ID DATA
✔ Broadcast ✔ Public ✔ Data integrity ✘ Authentic ✘ Privacy ✘ Denial of service
![Page 20: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/20.jpg)
CA
N
© CiA
Improve security
CAN-ID DATA SIG
! Hash algorithm
✔ Broadcast ✔ Public ✔ Data integrity ✘ Authentic ✘ Privacy ✘ Denial of service
![Page 21: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/21.jpg)
CA
N
© CiA
SECRET SECRET SECRET
Improve security (II)
CAN-ID DATA SIG
SECRET SECRET SECRET
✔ Broadcast ✔ Public ✔ Data integrity ✔ Authentic ✘ Privacy ✘ Denial of service
! Hash algorithm ! Shared secret
![Page 22: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/22.jpg)
CA
N
© CiA
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
Improve security (III)
SIG
! Asymmetric crypto algorithm ! Shared secret
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
CAN-ID DATA
✔ Broadcast ✔ Public ✔ Data integrity ✔ Authentic ✘ Privacy ✘ Denial of service
![Page 23: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/23.jpg)
CA
N
© CiA
SECRET SECRET SECRET
Improve security (IV)
CAN-ID DATA SIG
! Symmetric crypto algorithm ! Shared secret
SECRET SECRET SECRET
✔ Broadcast ✘ Public ✔ Data integrity ✔ Authentic ✔ Privacy ✘ Denial of service
![Page 24: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/24.jpg)
CA
N
© CiA
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
Improve security (V)
CAN-ID DATA SIG
! Asymmetric crypto algorithm ! Shared secret
PUBLIC PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE
✔ Broadcast ✘ Public ✔ Data integrity ✔ Authentic ✔ Privacy ✘ Denial of service
![Page 25: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/25.jpg)
CA
N
© CiA
Device A TPDO Device auth mechanism
Device crypt key
Device session token
Session crypt key
PDO auth mechanism
PDO crypt key
Device B RPDO Device auth mechanism
Device crypt key
Device session token
Session crypt key
PDO auth mechanism
PDO crypt key
PDO session token
Security Manager
Device auth mechanism
Device crypt key
Session crypt key
Session crypt key
Device session token PDO session token
PDO session token PDO session token
PDO auth mechanism
PDO crypt key
Device crypt key
Device session token
Device auth mechanism
Session crypt key PDO session token
PDO crypt key
PDO auth mechanism
CANopen security
DATA SIG
![Page 26: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/26.jpg)
CA
N
© CiA
PDO definition Sub-Index Description Data type
00 Highest supported sub-index Unsigned8
01 COB-ID Unsigned32 02 Transmission type Unsigned8 03 Inhibit time Unsigned16 04 reserved Unsigned8 05 Event timer Unsigned16 06 SYNC start value Unsigned8 07 PDO authentication mechanism Unsigned16 08 PDO cryptographic key Unsigned128 09 PDO session token Unsigned128
Cryptographic key in RPDO has to be set to the public key of the corresponding TPDO.
Cryptographic key in RPDO can only be set, when device is unprotected.
PDO cryptographic key and PDO session token can only be read and written, when Device is unprotected.
![Page 27: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/27.jpg)
CA
N
© CiA
Identity object
Sub-Index Description Data type 00 Highest supported sub-index Unsigned8 01 Vendor-ID Unsigned32 02 Product code Unsigned32 03 Revision number Unsigned32 04 Serial number Unsigned32 05 Identity session token Unsigned128 06 Identity cryptographic signature Unsigned128
![Page 28: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/28.jpg)
CA
N
© CiA
Authentication object Sub-Index Description Data type
00 Highest supported sub-index Unsigned8 01 Status Unsigned8 02 Command Unsigned8 03 Device authentication mechanism Unsigned16 04 Device password Unsigned128 05 System password Unsigned128 06 Device session token Unsigned128 07 Device cryptographic key Unsigned128 08 Session cryptographic key Unsigned128
Commands • Set device/session password • Generate (private/public) keys • Protect/unprotect device/session • …
RND has to change with every password write. Cryptographic key in RPDO can only be set, when device is unprotected.
![Page 29: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/29.jpg)
CA
N
© CiA
Authentication state machine
Initial cleared
Device secure
First time set Device password
System secure
Set System password with Device password Configuration Secured
Cleared
Device password only
![Page 30: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/30.jpg)
CA
N
© CiA
Security is not that difficult. It just need to be implemented
and improved over.
![Page 31: Security in Embedded Systems - Amazon S3s3.eu-central-1.amazonaws.com/cancia-de/documents/... · 2015-11-23 · CAN © CiA Security in Embedded Systems A short journey into the rough](https://reader034.vdocuments.net/reader034/viewer/2022050107/5f4565fd175bb13fd0558ef8/html5/thumbnails/31.jpg)
CA
N
© CiA
CAN-ID DATA