Table of contents : Automotive Cybersecurity Engineering Handbook Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the example code files Conventions used Get in touch Share Your Thoughts Download a free PDF copy of this book Part 1:Understanding the Cybersecurity Relevance of the Vehicle Electrical Architecture 1 Introducing the Vehicle Electrical/Electronic Architecture Overview of the basic building blocks of the E/E architecture Electronic control units Looking at MCU-based ECUs Looking at SoC-based ECUs Looking inside the MCU and SoC software layers ECU domains Fuel-based powertrain domain Electric drive powertrain domain Chassis safety control domain Interior cabin domain Infotainment and connectivity domain Cross-domain Exploring the in-vehicle network CAN FlexRay LIN UART SENT GMSL I2C Ethernet J1939 Sensors and actuators Sensor types Actuators Exploring the vehicle architecture types Highly distributed E/E architecture Domain-centralized E/E architecture Zone architecture Commercial truck architecture types Summary Answers to discussion points Further reading 2 Cybersecurity Basics for Automotive Use Cases Exploring the attack classes Passive attacks Active attacks Identifying security objectives Integrity Authenticity Confidentiality Accountability Availability Cryptography applied to automotive use cases Building blocks One-way hash functions Message authentication code algorithms Random number generators Public key cryptography Key management NIST defined security strength Chinese cryptography PQC algorithms Security principles Defense in depth Domain separation Least privilege Least sharing Mediated access Protective defaults Anomaly detection Distributed privilege Hierarchical protection and zero trust Minimal trusted elements Least persistence Protective failure Continuous protection Redundancy Use of standardized cryptography Summary Further reading 3 Threat Landscape against Vehicle Components Threats against external vehicle interfaces Backend-related threats Connectivity threats Threats against the E/E topology Highly distributed E/E architecture Domain-centralized E/E architecture Central vehicle computer architecture Threats against in-vehicle networks CAN FlexRay Ethernet The Unified Diagnostic Services (UDS) protocol SAE J1939 protocols SAE J2497 (PLC4TRUCKS) Threats against sensors Common ECU threats Debug ports Flash programming Power and mode manipulation Tampering with machine learning algorithms Software attacks Disclosure and tampering of cryptographic keys Summary References Part 2: Understanding the Secure Engineering Development Process 4 Exploring the Landscape of Automotive Cybersecurity Standards Primary standards UNECE WP.29 Chinese regulation and standardization Secondary standards IATF 16949:2016 Automotive SPICE (ASPICE) Trusted Information Security Assessment Exchange (TISAX) SAE J3101 – hardware-protected security for ground vehicles Coding and software standards NIST cryptographic standards Supporting standards and resources MITRE Common Weakness Enumeration (CWE) US DoT NHTSA Cybersecurity Best Practices for the Safety of Modern Vehicles ENISA good practices for the security of smart cars SAE J3061 – cybersecurity guidebook for cyber-physical vehicle systems ISO/IEC 27001 NIST SP 800-160 Uptane Summary References 5 Taking a Deep Dive into ISO/SAE21434 Notations At a glance – the ISO 21434 standard Organizational cybersecurity management Management systems Intersection of cybersecurity with other disciplines Tool management Planning Acquisition and integration of supplier components Supplier capability assessment and the role of the CSIA The concept phase Item-level concept Cybersecurity concept Implications to component-level development Design and implementation Post-development requirements Configuration and calibration Weakness analysis Unit implementation Verification testing Validation testing Product release Cybersecurity case Cybersecurity assessment Production planning Operations and maintenance Monitoring Vulnerability analysis Vulnerability management Updates End of life Summary 6 Interactions Between Functional Safety and Cybersecurity A tale of two standards A unified versus integrated approach Establishing a foundational understanding of functional safety and cybersecurity Understanding the unique aspects and interdependencies between the two domains Differences between safety and security scope Differences in the level of interdependence between safety and security requirements Conflict resolution Extending the safety and quality supporting processes Planning Supplier management Concept Design Implementation Testing and validation Release Production End of life Creating synergies in the concept phase Item functions Item boundaries and operational environments Damage scenarios and hazards Safety and security goals Safety and security requirements Finding synergies and conflicts in the design phase Leveraging safety and security mechanisms Self-tests across safety and security Leveraging error detection safety mechanisms Eliminating inconsistencies in the error response Parallels in design principles Secure coding practices versus safe coding techniques Synergies and differences in the testing phase Summary References Part 3: Executing the Process to Engineer a Secure Automotive Product 7 A Practical Threat Modeling Approach for Automotive Systems The fundamentals of performing an effective TARA Assets Damage scenarios Threat scenarios Attacker model and threat types Attack paths Risk assessment methods Risk treatment Common pitfalls when preparing a TARA Defining the appropriate TARA scope The practical approach Know your system Make your assumptions known Use case-driven analysis Prepare context and data flow diagrams Damages versus assets – where to start Identifying assets with the help of asset categories Building threat catalogs Creating attack paths using a system flow diagram Risk prioritization Defining cybersecurity goals Choosing security controls and operational environment (OE) requirements Tracking shared and accepted risks Review and signoff Case study using a digital video recorder (DVR) Assumptions Context diagram Identifying the assets Damage scenarios Cybersecurity requirements and controls Summary References 8 Vehicle-Level Security Controls Choosing cybersecurity controls Challenging areas Vehicle-level versus ECU-level controls Policy controls Secure manufacturing Challenges Secure off-board network communication Wi-Fi Bluetooth Cellular Host-based intrusion detection Network intrusion detection and prevention (NIDP) Domain separation and filtering Sensor authentication Secure software updates In-vehicle network protection CAN message authentication Ethernet Securing diagnostic abilities Security access control via UDS service 0x27 Role-based access control via UDS service 0x29 Securing flash programming services Secure decommissioning Summary Further reading 9 ECU-Level Security Controls Understanding control actions and layers Exploring policy controls Exploring hardware controls RoT OTP memory Hardware-protected keystore Secure Universal Flash Storage Cryptographic accelerators Lockable hardware configuration CPU security Isolation through MMUs and MPUs Encrypted volatile memories Debug access management Exploring software security controls Software debug and configuration management Secure manufacturing Key management policies Multi-stage secure boot Trusted runtime configuration TEEs Secure update Spatial isolation Temporal isolation Encrypted and authenticated filesystems Runtime execution hardening Security monitors Exploring physical security controls Tamper detection and prevention Printed circuit board layout pin and trace hiding Concealment and shielding Summary Further reading Index Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts Download a free PDF copy of this book