SECURE COMMUNICATION OF NETWORK TRAFFIC
Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network The secure circuit is configured to store infomation that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the fast key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.
This disclosure relates generally to computer networks, and, more specifically, to securely communicating traffic over a network.
Description of the Related ArtSecurity concerns are a common consideration when designing a computer network. In the case of a local area network (LAN), a network design may include a gateway device that couples the internal LAN to an external network such as the Internet. To isolate the LAN, the gateway device may implement a firewall appliance that restricts the flow of incoming and/or outgoing traffic. This appliance, for example, may analyze the source addresses of incoming traffic as well as the source and destination ports before the appliance allows traffic to pass through the firewall. For example, if a malicious entity is attempting to access a network port associated with an unknown type of traffic, the gateway may block the traffic from entering the network.
SUMMARYThe present disclosure describes embodiments in which traffic is securely communicated between devices in a network. In various embodiments, a secure circuit stores keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key. In such an embodiment, the request indicates that the message is being sent from the first device to the second device. In response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device, the secure circuit is configured to encrypt the portion of the message with the first key. In some embodiments, the secure circuit is coupled to the first device and is configured to encrypt the portion of the message such that the encrypted portion is usable to establish that the message is sent by the first device.
This disclosure includes references to “one embodiment” or “an embodiment” The appearances of the phrases “in one embodiment” or “in an embodiment” do not necessarily refer to the same embodiment. Particular features, structures, or characteristics may be combined in any suitable manner consistent with this disclosure.
Within this disclosure, different entities (which may variously be referred to as “units,” “circuits,” other components, etc.) may be described or claimed as “configured” to perform one or more tasks or operations. This formulation-[entity] configured to [perform one or more tasks]-is used herein to refer to structure (i.e. something physical, such as an electronic circuit). More specifically, this formulation is used to indicate that this structure is arranged to perform the one or more tasks during operation. A structure can be said to be “configured to” perform some task even if the structure is not currently being operated. A “network interface configured to facilitate communication over a wide area network” is intended to cover, for example, circuitry that performs this function during operation, even if the computer system in question is not currently being used (e.g., a power supply is not connected to it). Thus, an entity described or recited as “configured to” perform some task refers to something physical, such as a device, circuit, memory storing program instructions executable to implement the task, etc. This phrase is not used herein to refer to something intangible. Thus, the “configured to” construct is not used herein to refer to a software entity such as an application programming interface (API).
The term “configured to” is not intended to mean “configurable to.” An unprogrammed FPGA, for example, would not be considered to be “configured to” perform some specific function, although it may be “configurable to” perform that function and may be “configured to” perform the function after programming.
Reciting in the appended claims that a structure is “configned to” perform one or more tasks is expressly intended not to invoke 35 U.S.C. § 112(f) for that claim element. Accordingly, none of the claims in this application as filed are intended to be interpreted as having means-plus-function elements. Should Applicant wish to invoke Section 112(f) during prosecution, it will recite claim elements using the “means for” [performing a function] construct.
As used herein, the terms “first,” “second,” etc. are used as labels for nouns that they precede, and do not imply any type of ordering (e.g., spatial, temporal, logical, etc.) unless specifically stated. For example, when a network node conveys a first frame and a second frame, the terms “first” and “second” do not imply that the first frame is sent before sending the second frame. In other words, the “first” and “second” frames may be sent in any suitable order or even in parallel.
As used herein, the term “based on” is used to describe one or more factors that affect a determination. This term does not foreclose the possibility that additional factors may affect a determination. That is, a determination may be solely based on specified factors or based on the specified factors as well as other, unspecified factors. Consider the phrase “determine A based on B.” This phrase specifies that B is a factor is used to determine A or that affects the determination of A. This phrase does not foreclose that the determination of A may also be based on some other factor, such as C. This phrase is also intended to cover an embodiment in which A is determined based solely on B. As used herein, the phrase “based on” is thus synonymous with the phrase “based at least in part on.”
DETAILED DESCRIPTIONWhile it is important to consider external threats when designing a network, it may also be beneficial to consider internal threats such as an internal network node becoming compromised. For example, in an office environment, an employee may receive an email having a malicious attachment and begin execution of the attachment compromising the employee’s computer. Through this breach of security, a malicious actor may be able to gain access not only to that computer but also access to other computers coupled through the office LAN. As another example, it was recently demonstrated that a nefarious actor could gain control over functionality of a vehicle by breaching the navigation unit, which had a cellular connection to the Internet for receiving content. After compromising this unit, the actor could then issue instructions to other control units in the vehicle as no internal network restrictions were imposed.
The present disclosure describes various techniques for securing a network such as a LAN. As will be described below, in various embodiments, multiple nodes in a network are coupled to respective hardware security modules (HSMs) that are configured to encrypt and decrypt a portion of traffic being communicated over the network. In some embodiments, the HSMs are also configured to store policy information that restricts the use of encryption keys based on sources and destinations of traffic. If a node attempts to communicate network traffic to an unauthorized destination, its HSM may decline to encrypt a portion of the traffic based on its policy information. The HSM at the destination may also decline to decrypt any traffic from the source node based on its policy information. By declining to encrypt or decrypt traffic, the HSMs may restrict what communications can occur on the network. In some instances, restricting communications in this manner may reduce the potential exposure of the network in the event that a node becomes compromised. In some instances, it may also be possible to identify when a node is compromised and/or determine when an unauthorized node has been inserted into the network.
The present disclosure begins with a description of components in a secure network in conjunction with
Turning now to
Secure network 100, in some embodiments, is a local area network (LAN) configured to communicate network traffic among nodes 120. In various embodiments, network traffic is routed among nodes 120 by switches 110. Accordingly, switches 110 may be configured to queue received data frames from nodes 120 and analyze the source and destination addresses specified by the frames in order to appropriately send frames on to their specified destinations. In some embodiments, switches 110 are configured to route frames in accordance with IEEE 802.3 (i.e., Ethernet Frames); however, in other embodiments, other networking protocols may be supported. In the illustrated embodiment, network 100 is coupled to an external network (e.g., the Internet) via a gateway device 140. In some embodiments, gateway 140 is configured to implement a firewall and perform network address translation (NAT) for network 100.
Nodes 120 may correspond to any suitable devices configured to communicate over a network. In some embodiments, nodes 120 may be devices within a home or office network such as desktop and laptop computers, mobile devices, smart television, smart appliances, etc. In some embodiments, nodes 120 are machines within a fabrication plant that are configured to perform various operations. In some embodiments, nodes 120 are electronic control units (ECUs) in a vehicle such as an aircraft, boat, automobile, recreational vehicle, etc. As used herein, the term “electronic control unit (ECU)” is to be interpreted according to its understood meaning in the art, and includes an embedded system (e.g., microcontroller) that controls one or more operations of a vehicle. In such an embodiment, nodes 120, for example, may include a motor ECU that communicates torque-control messages and wheel-speed messages in order to control operation of a motor, a brake-system ECU that communicates brake control messages in order to apply braking, a backup camera ECU that communicates video, a steering ECU that communicates steering-wheel-angle messages to control turning, etc.
In various embodiments, traffic communicated over network 100 may have some predictable characteristics. For example, a given node 120 may communicate traffic with only a subset of other nodes when correctly operating as designed–e.g., node 120A may communicate with nodes 120B and 120C, but not node 120D. As another example, a given node 120 may communicate traffic in only one direction when operating as designed–e.g., node 120B may multicast traffic to nodes 120C and 120D, but nodes 120C and 120D may not communicate any traffic back to node 120B. As will be described below, these predictable characteristics may allow a policy 134 to be defined for a given node 120 in order to ensure that it communicates traffic as designed. If the node 120 attempts to deviate from this policy (e.g., because it has become compromised), secure network 100 may be configured to restrict its ability to do so via HSMs 130.
Hardware security modules (HSMs) 130, in one embodiment, are secure circuits configured to encrypt and decrypt traffic being communicated among nodes 120. by using one or more internally stored keys 132. As used herein, the term “secure circuit” refers to a circuit that protects an isolated, internal resource (e.g., keys 132) from being directly accessed by an external entity (e.g., a node 120). In some embodiments, a given HSM 130 may be responsible for all encryption performed for a given node 120. For example, in sending a set of data frames, node 120A may request that HSM 130A encrypt each frame’s payload. In other embodiments, however, a given HSM 130 may be responsible for only a portion of the encrypted data transmitted by a given node 120, which may handle the remaining encryption. In some embodiments, this may be attributable to a slow connection link 122 between a node 120 and an HSM 130. As a result, a given node 120 may perform the bulk of in the encryption in a given frame (e.g., the payload) while an HSM 130 may encrypt a small remaining portion. In various embodiments, HSM 130 is involved in the encryption and decryption of at least some portion because an HSM 130 is potentially more secure than a given node 120 and thus less likely to become compromised. In some embodiments, this added security is attributable to an HSM 130 presenting a limited attack surface and isolating internal components as will be discussed below with
In various embodiments, HSMs 130 are configured to encrypt and decrypt a portion of a frame that is usable to verify the integrity of the frame and/or authenticate a source node 120 of the frame. In some embodiments, this portion is a message authentication code (MAC) included in a frame being communicated by a node 120. (As used herein, the term “message authentication code is to be interpreted according to its understood meaning in the art, and includes data usable to authenticate a message and computed via a keyed function.) For example, in some embodiments, nodes 120 are configured to communicate frames in accordance with IEEE 802.1AE (also referred to as Media Access Control Security (MACSec)). In generating a frame, a node 120 may encrypt a frame payload using Advanced Encryption Standard in Galois/Counter Mode (AES-GCM). As part of applying this algorithm, a node 120 generates a value usable to check the integrity of the frame (i.e., an integrity check value (ICV)) and referred to as a Galois message authentication code (GMAC). In such an embodiment, if a given node 120 is the source of a frame, its respective HSM 130 is configured to encrypt the GMAC in the frame with an encryption key 132. When the frame is then communicated to a recipient node 120, the HSM 130 at that node 120 decrypts the GMAC, so that the recipient node 120 can use the decrypted GMAC to verify integrity of the received frame in order to ensure that the frame was not tampered with and is from the correct source. In other embodiments, HSMs 130 may be configured to encrypt and decrypt other portions of a frame; nodes 120 may also communicate using a protocol other than MACsec. For example, in another embodiment, HSMs 130 are configured to encrypt the frame check sequence (FCS) in Ethernet frames. In still another embodiment, HSMs 130 may be configured to encrypt header checksums in Internet Protocol (IP) packets. Accordingly, while various embodiments are presented below within the context of MACs, their descriptions may be applicable to other embodiments in which MACs are not used.
In some embodiments, HSMs 130 are configured to encrypt a portion of a frame (e.g., each MAC) apart from other frames in a stream of traffic as will be described below with respect to
In various embodiments, HSMs 130 are configured to use different keys 132 based on the traffic being communicated by node 120. That is, in some embodiments, each key 132 is associated with a respective node 120 or set of nodes 120. For example, if node 120A is communicating different traffic with nodes 120B and 120C, HSM 130A may use a first key 132A for encrypting traffic corresponding to the communication with node 120B and a second key 132A for encrypting traffic corresponding to communication with node 120C. If, however, node 120A is multicasting the same stream to nodes 120B and 120C, the same key 132A may be used. In some embodiments, each key 132 is applicable to only one direction of traffic. Accordingly, HSM 130A may use a first key for traffic being sent by node 120A to node 120B and a second key for traffic being received by node 120A from node 120B. In order to restrict a given node 120′s ability to communicate with other nodes 120, in various embodiments, its HSM 130 is provisioned with only the keys 132 appropriate for its intended communications. Accordingly, if node 120A is intended to communicate with node 120C but not 120D, HSM 130A is given a key 132A for node 120C, but not 120D. Still further, if node 120A is intended to send traffic to node 120C but not receive traffic from node 120C, HSM 130A is given a key 132A for sending traffic but not a key 132A for receiving traffic. Provisioning an HSM 130 in this manner may prevent its corresponding node 120 from communicating in an unauthorized manner. That is, as HSM 130A does not include a key 132A for communicating with node 120D in the example above, node 120A cannot communicate with node 120D even if node 120A becomes compromised.
In the illustrated embodiment, HSMs 130 also include policies 134 to further restrict the use of their keys 132. In various embodiments, a policy 134 of an HSM 130 defines a set of usage criteria for each of the keys 132 included in that HSM 130. These criteria may specify the nodes 120 corresponding to a given key 132 –e.g., that a particular key 132A is to be used for communication with only node 120B. In some embodiments, nodes 120 may be identified in the usage criteria based on their network addresses. In various embodiments, these criteria also specify the permissible cryptographic function (i.e., encryption or decryption) for a given key 132 –and thus restrict the direction of traffic. For example, policy 134A may specify that a particular key in keys 132A corresponds to node 120B and is usable only for encryption; similarly, policy 134B may specify that the particular key in keys 132B corresponds to node 120A and is usable only for decryption. Thus, the key is usable for sending encrypted traffic from node 120A to node 120B, but not from node 120B to 120A. In some embodiments, a particular criterion for a given key may be expressed as a tuple that includes 1) an indication of whether that key is to be used for encryption or decryption and 2) an indication identifying one or more of nodes 120. In various embodiments, a given HSM 130 may verify that a cryptographic operation requested by a node 120 is in compliance with its policy 134 before performing the requested operation. An example illustrating use of policies 134 is presented below with respect to
In some embodiments, the provisioning of HSMs 130 is handled by gateway 140. As will be described in greater detail below with respect to
Turning now to
Network interface 210, in one embodiment, is configured to facilitate communication with a node 120. Accordingly, interface 210 may perform encoding and decoding data across a link 122, which, in some embodiments, is a serial peripheral interface (SPI) bus. In various embodiments, interface 210 is also configured to isolate internal components 220-260 from an external entity such as node 120, by filtering incoming read and write operations. In some embodiments, HSM 130 presents a limited attack surface by supporting only a small number of commands. For example, in one embodiment, HSM 130 supports a first command for requesting the use of a particular key, a second command for requesting encryption with that key 132, a third command for requesting decryption with that key, and a fourth command for updating keys 132. If interface 210 receives data from a node 120 that is not one of the supported commands, interface 210 may prevent the data from entering HSM 130.
Processor 220, in one embodiment, is configured to execute program instructions to implement various operations described herein with respect to HSM 130. In some embodiments, processor 220 is hardwired to fetch from a specific address range at boot in order to boot firmware 232 from ROM 230. Notably, because memory 230 is a ROM (as opposed to some other type of memory that can easily be written to), firmware 232 is resistant to modification, and thus, being tampered with. As a result, HSM 130 can be restored to a default, trusted state by merely causing processor 220 to reboot, which, in the illustrated embodiment, can be initiated by asserting reset signal 202. Thus, processor 220 may further serve to isolate components in HSM 130.
Cryptographic accelerator 250, in one embodiment, is circuitry configured to perform cryptographic operations for HSM 130. Cryptographic accelerator 250 may implement any suitable encryption algorithm such as Data Encryption Standard (DES), Advanced Encryption Standard (AES), Rivest Shamir Adleman (RSA), etc. In some embodiments, accelerator 250 may further implement elliptic curve cryptography (ECC). In the illustrated embodiment, accelerator 250 is configured to use keys stored in key storage 260, which accelerator 250 may isolate from being accessed by other components of HSM 130. That is, in some embodiments, accelerator 250 may allow keys 132 to be updated by processor 220, but not allow keys 132 to be read from storage 260 by processor 220. Still further, when a request is received to use one of keys 132, accelerator 250 may verify that the requested operation is permitted by policy 134. In various embodiments, accelerator 250 is also involved in the provisioning of HSM 130. This may include using provisioning private key 262 to decrypt received keys 132 received from a provisioning server as well as modifying keys 132 so that they are unknown to the server and gateway 140 as discussed in below with respect to
Provisioning private key 262 and its corresponding public key certificate 242, in the some embodiments, are used to establish a secure connection with a provisioning server. That is, an HSM 130 may present, to the provisioning server, its publicly key certificate 242, which includes the public key corresponding to private key 262. The provisioning server may then encrypt keys 132 and a policy 134 using the public key, so that accelerator 250 can then decrypt the encrypted keys 132 with private key 262. In other embodiments, the certificates may be used to derive ephemeral keys via Elliptic Curve Diffie-Hellman (ECDH). In some embodiments, accelerator 250 may generate the public key pair including private key 262 during an initial provisioning of HSM 130 and register the key pair with the provisioning pair in order to receive certificate 242 as will be discussed below with respect to
In some embodiments, HSM 130 also sends capability information 244 when being provisioned with new keys 132 and a policy 134. As will be described with
Turning now to
As shown, communication 300 may begin with at 302 with a node 120A encrypting a message M to produce an encrypted messages M′ and a corresponding MAC usable to verify the integrity of the message M and authenticate M as being from node 120A. At 304, node 120A issues a request to its HSM 130A to encrypt the MAC. In various embodiments, node 120A also indicates its intention to send the MAC to node 120B. At 306, HSM 130A verifies that the requested operation is authorized by its policy 134. If the operation is authorized, HSM 130 may select the appropriate key 132 identified in policy 134 and encrypts (via accelerator 250 noted above) the MAC to produce an encrypted MAC′, which is sent back to node 120A at 308. If the requested operation is not authorized by HSM 130A’s policy 134, HSM 130A may merely respond with an indication that the request has been denied. At 310, node 120A sends M′ and MAC′ to node 120B for processing.
At 312, node 120B forwards MAC′ to HSM 130B for decryption. In various embodiments, node 120B also indicates node 120A as being the source of MAC′. At 314, node 120B begins decryption of M′ to reproduce M. Meanwhile, at 316, HSM 130B verifies whether the requested decryption is authorized by its policy 134. If the operation is authorized, HSM 130B selects the appropriate key 132 and decrypts MAC′ to reproduce the MAC, which, at 318, is provided to node 120B. If the operation is not authorized by HSM 130B’s policy 134, HSM 130B may respond indicating that request has been denied. At 320, node 120B verifies M against the MAC. If the verification fails, this failure may be indicated meaning that M has been tampered with and/or that M is not from node 120A.
Turning now to
As shown, communication 400 begins, at 402, with node 120A encrypting a first message M1 to produce an encrypted message M1′ and a first message authentication code MAC1. At 404, node 120A issues an encryption request indicating that MAC1 is being sent to node 120B as part of a stream of messages. At 406, HSM 130A verifies whether the requested operation is authorized by its policy 134 and, if so, proceeds to encrypt MAC1 with the appropriate key 132 to produce MAC1′. Notably, HSM 130A does not provide MAC1′ to node 120A; rather, HSM 130A merely stores MAC1′ for later use at 416. At 408, node 120A sends M1′ and unencrypted MAC1 to node 120B, which forwards MAC1 to HSM 130B for storage. At 410, node 120B decrypts M1′ and verifies it against MAC1. At 412, HSM 130B also verifies that eventual decryption of a chained MACN is authorized and, if so, encrypts MAC1, which is used to decrypt MACN at 426 discussed below.
At 414, node 120A encrypts a second message M2 to produce M2′ and MAC2, which is provided, at 416, to HSM 130A for encryption. At 418, HSM 130A verifies the encryption is permitted and, if so, uses cipher block chaining to encrypt MAC2 using encrypted MAC1′ as an input to the encryption function. Thus, encrypted MAC2′ is now dependent, not only on the contents of MAC2, but also the contents of MAC1. Again, MAC2′ is not communicated to node 120A, but rather stored for use in encryption operations of subsequent MACs associated with the message stream. By not communicating the encrypted MACs back to node 120A, HSM 130A is reducing the amount of traffic being communicated over the link 122. At 420, node 120A communicates M2′ and unencrypted MAC2 to node 120B, which forwards MAC2 to HSM 130B for storage.
Node 120A may continue to send encrypted messages and MACs until it reaches a last message MN for the messages stream. At 422, node 120A communicates encrypted MN′, but does not send MACN. Instead, at 424, HSM 130A sends a chain MACN’ that is dependent on all the earlier MACs as well as MACN. That is, MACN’ has been encrypted using encrypted MACN-1′ as an input, MACN-1′ has been encrypted using MACN-2′, and so forth. At 426, HSM 130B verifies decrypting MACN′ is in compliance with its policy 134 and, if so, attempts to decrypt MACN’ using previously stored MACs (i.e., MAC1-MACN-1). If node 120A has attempted to insert a MAC that has not been provided to HSM 130A (or modifies one of that was provided HSM 130A), HSM 130B may not be able to properly decrypt MACN’ causing a verification failure at 430. If the decryption is successful, the decrypted chain MAC is provided to node 120B at 428 for verification at 430 against decrypted MN.
It is noted that, in other embodiments, secure communication 400 may not include node 120B verifying MN against the decrypted MACN received from node 120A at 430 as shown in
Turning now to
As shown, traffic 502A is being multicasted from node 120A to nodes 120B and 120C, and includes MACs encrypted with a key 132 shown as K1. Accordingly, since node 120A is the source of traffic 502A, its HSM 130A is provisioned with K1 and a policy 134A indicating that encryption is permitted with K1 when nodes 120B and 120C are the destinations of the traffic. Although depicted as “K1: Encrypt MACs to 120B&C” for illustration purposes, in some embodiments, policy 134A may express this criterion as the tuple (Encrypt, [Node 120B’s network address, Node 120C’s network address]). Since nodes 120B and 120C are the destinations of traffic 502A, HSMs 130B and 130C are provisioned with K1 and policies 134B and 134C indicating that decryption is permitted with K1 when node 120A is the source. Notably, nodes 120B and 120C would not be permitted in this example to use K1 to send traffic to node 120A or one another as this would not be unauthorized by their respective policies 134. Thus, if node 120C became compromised and attempted to do so, node 120C would be restricted from doing so by HSMs 130A and 130B and their policies 134.
Continuing with the example in
Turning now to
In step 610, the secure circuit stores a plurality of encryption keys (e.g., keys 132) usable to encrypt data communications between a plurality of devices (e.g., nodes 120) over a network (e.g., secure network 100). In some embodiments, the secure circuit is coupled to a first of the plurality of devices (e.g., HSM 130A coupled to node 120A). In some embodiments, the encryption keys are received from a gateway (e.g., gateway 140) configured to facilitate communication over a wide area network, receive a set of replacement keys from an entity over the wide area network, and distribute ones of the replacement keys to the plurality of devices.
In step 620, the secure circuit stores information that defines a set of usage criteria (e.g., a policy 134) for the plurality of encrypted keys. The set of usage criteria specifies that a first of the plurality of keys (e.g., policy 134B referencing key K2 shown in
In step 630, the secure circuit receives a request to encrypt a portion of a message (e.g., a MAC) with the first key. In some embodiments, the request indicates that the message is being sent from the first device to the second device.
In step 640, the secure circuit encrypts the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device. In some embodiments, the secure circuit is configured to encrypt the portion of the message such that the encrypted portion is usable to establish that the message is sent by the first device.
Turning now to
In step 660, a first electronic control unit (ECU) generates a message authentication code (MAC) for a data frame to be transmitted from the first ECU to a second ECU.
In step 670, a first secure circuit coupled to the first ECU encrypts the MAC with a first encryption key (e.g., a key 132). In some embodiments, the first ECU indicates, to the first secure circuit, that the second ECU is a destination of the data frame, and step 670 includes the first secure circuit determining whether to allow encryption of the MAC with the first encryption key based on the identified destination of the data frame. In some embodiments, the first secure circuit store a plurality of encryption keys including the first encryption key, and stores a policy (e.g., a policy 134) that specifies, for ones of the plurality of encryption keys, a respective use and a respective set of associated ECUs. In such an embodiment, the policy specifies that the first encryption key is to be used for encryption and is associated with a set of ECUs that includes the second ECU. In such an embodiment, the first secure circuit determines whether to sign the MAC with the first encryption key based on the stored policy. In some embodiments, the first secure circuit receives the first encryption key from a network gateway configured to receive a set of keys from via a wireless network interface and distribute the set of keys to the secure circuit
In step 680, the first ECU transmits the data frame with the encrypted MAC included in the data frame. In various embodiments, a second secure circuit coupled to the second ECU decrypts the encrypted MAC included in the data frame, and the second ECU verifies integrity of the data frame using the decrypted MAC. In some embodiments, the first secure circuit is coupled to the first ECU via a first interconnect (e.g., a link 122), and the first ECU transmits the data frame to the second ECU via a second interconnect (e.g., a link 112) that is different from the first interconnect.
Turning now to
Factory provisioning server 710A, in the illustrated embodiment, is a server configured to initially provision network 100 when network 100 is being assembled. In various embodiments, server 710A performs registering private keys 262 as discussed below with respect to
In-field provisioning server 710B, in the illustrated embodiment, is configured to perform any subsequent provisioning of network 100. In some embodiments, server 710B performs one or more of the same operations performed by server 710A noted above. In various embodiments, however, server 710B is not collocated with network 100 and may be coupled to network 100 via a wireless connection 712B associated with a wide area network (WAN) such as the Internet. As such, provisioning performed by server 710B may be more secure than provisioning performed by server 710A. Thus, keys 132 and policies 134 issued by server 710B may be valid for a longer period than those issued by server 710A.
In various embodiments, gateway 140 is configured to facilitate provisioning for network 100 by establishing secure communication with servers 710. In some embodiments, gateway 140 also performs distribution of keys 132 and policies 134 to HSMs 130. In the illustrated embodiment, keys 132 and policies 134 are packaged into a key blob 720, which may be divided into multiple portions 722 each associated with a respective one of HSMs 130 as shown. For example, portion 722A includes keys 132A and policy 134A for HSM 130A; portion 722B includes keys 132B and policy 134B. In such an embodiment gateway 140 may decrypt an encrypted version of a blob 720 received from a server 710, determine the correspondence of each portion 722 to each HSM 130, and appropriately route each portion 722 to its respective HSM 130. In some embodiments, key blobs 720 may be received when a network 100 is initially assembled, when a new node 120 is added to network 100, and when firmware updates of nodes 120 are performed.
In order to prevent a compromised gateway 140 from gaining access to keys 132 and policies 134, multiple techniques may be used in some embodiments. First, although the key blob may be encrypted, each portion 722 may be further encrypted for a key held by each HSM 130. In some embodiments, each portion 722 (e.g., portion 722A) is encrypted using a public key specified in a certificate 242 and decryptable with a private key 262 (e.g., private key 262A). In other embodiments, each portion 722 is encrypted and decrypted using ephemeral keys derived from a server 710′s certificate and private key and HSM 130′s certificate 242 and private key 262 via Elliptic Curve Diffie-Hellman (ECDH). Second, in some embodiments, each HSM 130 applies a modification function to keys 132 to adjust them to new values. Thus, even if gateway 140 could view a key 132, this key 132 is later modified by the HSMs 130 that hold this key. Notably, the modified keys 132 are also unknown to the servers 710 that initially provided them. Thus, if some malicious person could gain access to a key 132 at a server 710, this key 132 has since been modified making it unknown to the malicious person.
Turning now to
As shown, key registration 800 begins at 802 with an HSM 130 generating a public key pair that includes provisioning private key 262. At 804, the HSM 130 sends a certificate signing request (CSR) for a public key certificate 242. In the illustrated embodiment, the request includes the public key of the pair and a message authentication code computed by applying a keyed function to the public key where identity key 264 is used as the key for the function. In some embodiments, the request may include more (or less) contents such as capability information 244. In some embodiments, the request is compliant with a standard such as public-key cryptographic standards (PKCS) 10. At 806, provisioning server 710 verifies the request including confirming the MAC was computed by identity key 264. If the verification is successful, server 710 signs a certificate 242 that includes the public key and attests to the validity of the public key. (Accordingly, in various embodiments, server 710 is configured to implement a certificate authority (CA).) At 808, server 710 sends the signed certificate 242 to the HSM 130, where HSM 130 may later present the certificate 242 to server 710 in order to receive encrypted data from server 710.
Turning now to
As shown, role assignment 850 begins at 852 with an HSM 130 and provisioning server 710 (or some other server involved in role assignment) establishing a secure connection. In some embodiments, this connection may be established using the identity key 246 via EDCH. At 854, HSM 130 sends capability information 244 to provisioning server 710. As noted above, capability information 244 may identify various capabilities of the node 120 coupled to the HSM 130. In some embodiments, this information 244 may be provided by a manufacturer of node 120. At 856, provisioning server 710 reviews the capability information 244 and assigns a role to the node 120. For example, if a node 120 is capable of working with a headlight or a taillight, server 710 may assign the node 120 the headlight role. As shown, server 710 may generate a digital signature from the data specifying the assigned role. At 858, server 710 sends the signed capability information 244 back to HSM 130, which may later present the signed information in order to receive appropriate keys 132 and policies 134. In some embodiments, server 710 may also store a copy of capability information 244.
Notably, in signing the capability information 244, server 710 prevents a malicious entity from altering the role assigned to a node 120. Server 710 may also prevent counterfeit devices from being used. That is, if an HSM 130 lacks signed capability information 244, in some embodiments, it is unable to be provisioned with keys 132 and policies 134, and thus, unable to communicate with other nodes 120. Moreover, a counterfeit device may also lack an identity key 246, which, in some embodiments, is a prerequisite for establishing the secure connection with the provisioning server 710.
Turning now to
As shown, the steps of diagnostic mode 900 begin at step 910 with the detection of any nodes 120 inserted into network 100. In response to detecting a node 120, gateway 140 collects its public key certificate 242 from its HSM 130 in step 920. In some instances, gateway 140 may determine that an HSM 130 does not have a certificate 242 or has an invalid one. If so, gateway 140 may instruct the HSM 130 to perform a key registration such as discussed above with
In step 940, the provisioning server 710 performs a fraud check to determine whether any issues exist with the nodes 120 coupled to network 100. (In other embodiments, some or all of step 940 may be performed by gateway 140.) As shown, this check may include the performance of steps 942-946, which may include more (or less steps) than shown in
If the fraud check fails, gateway 140 may receive information identifying why the check failed from provisioning server 710, and present the information to the user that initiated diagnostic mode 900. If the fraud check completes successfully, however, gateway 140 may receive and distribute a key blob 720 in step 950 as discussed above with
Turning now to
In step 1010, the computing device receives an indication that one of a plurality of ECUs has been replaced. In various embodiments, the plurality of electronic control units (ECUs) control operations of a vehicle, and controlling the operations includes communicating data (e.g., MACs) between ECUs that is encrypted using a set of keys (e.g., keys 132).
In step 1015, the computing device issues, in response to the indication, a request to an entity (e.g., a provisioning server 710) over a wide area network (WAN) to replace the set of keys.
In step 1020, the computing device receives a set of replacement keys (e.g., a key blob 720) from the entity over the WAN. In some embodiments, step 1020 also includes receiving policy information (e.g., policies 134) defining uses for replacement keys in the set. In such an embodiment, the policy information identifies, for a first key in the set, 1) one of the plurality of ECUs as being authorized to send data encrypted with the first key and 2) one or more of the plurality of ECUs as being authorized to receive data encrypted with the first key. In some embodiments, step 1020 also includes receiving an indication that one or more of the replacement keys have been invalidated.
In step 1025, the computer device distributes the set of replacement keys to the plurality of ECUs. In some embodiments, a first secure circuit coupled to a first of the plurality of ECUs (e.g., HSM 130A coupled to Node 120A) receives a replacement key distributed to the first ECU and services requests from the first ECU to encrypt data with the replacement key. In some embodiments, prior to servicing requests from the first ECU, the secure circuit modifies the replacement key in a manner that causes the replacement key to be unknown to the gateway. In some embodiments, step 1025 also includes distributing policy information received with the set of replacement keys in step 1020. In some embodiments, step 1025 also includes notifying the plurality of ECUs to discontinue use of one or more replacement keys indicated as being invalidated in step 1020.
Turning now to
Method 1030 begins in step 1040 a computer system detecting a plurality of nodes (e.g., nodes 120) coupled to a network (e.g., network 100). In some embodiments, the plurality of nodes includes electronic control units (ECUs) configured to control operation of a vehicle. In step 1045, the computer system issues a request for ones of the plurality of nodes to provide certificates (e.g., certificates 242) attesting to a validity of the nodes. In some embodiments, method 1030 includes the computer system receiving a certificate associated with one of the plurality of nodes from a secure circuit (e.g., an HSM 130) configured to receive the certificate from a certificate authority (CA) (e.g., via key registration 800) and store the certificate for the node. In step 1050, the computer system identifies one or more of the nodes that failed to provide a certificate in response to the request. In some embodiments, the identifying includes indicating that the one or more nodes are unauthorized for use with the network.
Turning now to
Method 1060 begins in step 1070 with a computer system receiving certificates (e.g., certificates 242) from a plurality of nodes (e.g., nodes 120) coupled to a first network (e.g., network 100). In step 1075, the computer system analyzes the certificates to determine whether the certificates are associated with the first network. In some embodiments, method 1060 includes the computer system receiving a request to issue a certificate to a first of the plurality of nodes, the request identifying the first node as being associated with the first network. The computer system issues the certificate to the first node and stores an indication of the certificate in a list of certificates associated with the first network. In such an embodiment, step 1075 further includes analyzing the list. In some embodiments, method 1060 includes the computer system receiving a request to issue a certificate to a first of the plurality of nodes, the request identifying the first node as being associated with the first network. The computer system issues the certificate to the first node such that the certificate includes an indication specifying that the first node is associated with the first network. In such an embodiment step 1075 includes analyzing the indication included in the certificate. In step 1080, the computer system identifies, based on the analyzing, one of the plurality of nodes as being associated with a second network.
Exemplary Computer SystemTurning now to
Processor subsystem 1120 may include one or more processors or processing units. In various embodiments of computer system 1100, multiple instances of processor subsystem 1120 may be coupled to interconnect 1180. In various embodiments, processor subsystem 1120 (or each processor unit within 1120) may contain a cache or other form of on-board memory.
System memory 1140 is usable store program instructions executable by processor subsystem 1120 to cause system 1100 perform various operations described herein. System memory 1140 may be implemented using different physical, non-transitory memory media, such as hard disk storage, floppy disk storage, removable disk storage flash memory, random access memory (RAM-SRAM, EDO RAM, SDRAM, DDR SDRAM, RAMBUS RAM, etc.), read only memory (PROM, EEPROM, etc.), and so on. Memory in computer system 1100 is not limited to primary storage such as memory 1140. Rather, computer system 1100 may also include other forms of storage such as cache memory in processor subsystem 1120 and secondary storage on I/O Devices 1170 (e.g., a hard drive, storage array, etc.). In some embodiments, these other forms of storage may also store program instructions executable by processor subsystem 1120 to perform operations described herein.
I/O interfaces 1160 may be any of various types of interfaces configured to couple to and communicate with other devices, according to various embodiments. In one embodiment I/O interface 1160 is a bridge chip (e.g., Southbridge) from a front-side to one or more back-side buses. I/O interfaces 1160 may be coupled to one or more I/O devices 1170 via one or more corresponding buses or other interfaces. Examples of I/O devices 1170 include storage devices (hard drive, optical drive, removable flash drive, storage array, SAN, or their associated controller), network interface devices (e.g., to a local or wide-area network), or other devices (e.g., graphics, user interface devices, etc.). In one embodiment, computer system 1100 is coupled to a network via a network interface device 1170 (e.g., configured to communicate over WiFi, Bluetooth, Ethernet, etc.).
Although specific embodiments have been described above, these embodiments are not intended to limit the scope of the present disclosure, even where only a single embodiment is described with respect to a particular feature. Examples of features provided in the disclosure are intended to be illustrative rather than restrictive unless stated otherwise. The above description is intended to cover such alternatives, modifications, and equivalents as would be apparent to a person skilled in the art having the benefit of this disclosure.
The scope of the present disclosure includes any feature or combination of features disclosed herein (either explicitly or implicitly), or any generalization thereof, whether or not it mitigates any or all of the problems addressed herein Accordingly, new claims may be formulated during prosecution of this application (or an application claiming priority thereto) to any such combination of features. In particular, with reference to the appended claims, features from dependent claims may be combined with those of the independent claims and features from respective independent claims may be combined in any appropriate manner and not merely in the specific combinations enumerated in the appended claims.
Claims
1. An apparatus, comprising:
- a first electronic control unit (ECU) included in a vehicle and configured to generate a message authentication code (MAC) for a data frame to be transmitted from the first ECU to a second ECU included in the vehicle; and
- a first secure circuit coupled to the first ECU, wherein the first secure circuit is configured to encrypt the MAC with a first encryption key; and
- wherein the first ECU is configured to transmit the data frame with the encrypted MAC included in the data frame.
2. The apparatus of claim 1, wherein the first ECU is configured to indicate, to the first secure circuit, that the second ECU is a destination of the data frame; and
- wherein the first secure circuit is configured to determine whether to allow encryption of the MAC with the first encryption key based on the indicated destination of the data frame.
3. The apparatus of claim 2, wherein the first secure circuit is configured to:
- store a plurality of encryption keys including the first encryption key;
- store a policy that specifies, for ones of the plurality of encryption keys, a respective use and a respective set of associated ECUs, wherein the policy specifies that the first encryption key is to be used for encryption and is associated with a set of ECUs that includes the second ECU; and
- determine whether to sign the MAC with the first encryption key based on the stored policy.
4. The apparatus of claim 1, further comprising a network gateway configured to:
- receive a set of keys from via a wireless network interface, wherein the set of keys includes the first encryption key; and
- distribute the set of keys to a plurality of secure circuits including the first secure circuit.
5. The apparatus of claim 4, wherein the first secure circuit is configured to:
- after receiving the first encryption key from the network gateway, modify the first encryption key such that the first encryption key is unknown to the network gateway.
6. The apparatus of claim 1, wherein the first secure circuit is coupled to the first ECU via a first interconnect, and wherein the first ECU is configured to transmit the data frame to the second ECU via a second interconnect that is different from the first interconnect.
7. The apparatus of claim 1, wherein the first and second ECUs are further configured to control a respective one or more operations of the vehicle.
8. A method comprising:
- generating, by a first electronic control unit (ECU) included in a vehicle, a message authentication code (MAC) for a data frame to be transmitted from the first ECU to a second ECU included in the vehicle;
- encrypting, by a first secure circuit coupled to the first ECU, the MAC with a first encryption key; and
- transmitting, by the first ECU, the data frame with the encrypted MAC included in the data frame.
9. The method of claim 8, further comprising:
- decrypting, by a second secure circuit coupled to the second ECU, the encrypted MAC included in the data frame; and
- verifying, by the second ECU, integrity of the data frame using the decrypted MAC.
10. The method of claim 8, wherein encrypting the MAC with the first encryption key includes determining, by the first secure circuit, whether to allow encrypting of the MAC with the first encryption key based on an indication that the second ECU is a destination of the data frame.
11. The method of claim 8, further comprising:
- storing, by the first secure circuit, a plurality of encryption keys including the first encryption key;
- storing, by the first secure circuit, a policy that specifies, for ones of the plurality of encryption keys: a respective use; and a respective set of associated ECUs; and
- in response to determining that the policy specifies the first encryption key is to be used for encryption and is associated with the second ECU, signing, by the first secure circuit, the MAC with the first encryption key.
12. The method of claim 8, further comprising:
- receiving, by a network gateway, a set of keys from via a wireless network interface, wherein the set of keys includes the first encryption key; and
- distributing, by the network gateway, the set of keys to a plurality of secure circuits including the first secure circuit.
13. The method of claim 12, further comprising:
- after receiving the first encryption key from the network gateway, modifying, by the first secure circuit, the first encryption key such that the first encryption key is unknown to the network gateway.
14. The method of claim 8, further comprising:
- controlling, by the first ECU, a first operation of the vehicle; and
- controlling, by the second ECU, a second operation of the vehicle, different from the first operation.
15. An apparatus, comprising:
- a first electronic control unit (ECU), included in a vehicle, configured to receive, from a second ECU in the vehicle, a data frame including an encrypted message authentication code (MAC); and
- a first secure circuit, coupled to the first ECU, configured to decrypt the encrypted MAC included in the data frame using a first encryption key that is stored in the first secure circuit and in a second secure circuit coupled to the second ECU; and
- wherein the first ECU is configured to verify integrity of the data frame using the decrypted MAC.
16. The apparatus of claim 15, wherein the first ECU is configured to indicate, to the first secure circuit, that the second ECU is a source of the data frame; and
- wherein the first secure circuit is configured to determine whether to allow decryption of the MAC with the first encryption key based on the indicated source of the data frame.
17. The apparatus of claim 15, wherein the first secure circuit is configured to:
- store a plurality of encryption keys including the first encryption key;
- store a policy that specifies, for ones of the plurality of encryption keys, a respective use and a respective set of associated ECUs, wherein the policy specifies that the first encryption key is to be used for decryption and is associated with a set of ECUs that includes the second ECU; and
- determine whether to decrypt the MAC with the first encryption key based on the stored policy.
18. The apparatus of claim 15, further comprising a network gateway configured to:
- receive a set of keys from via a wireless network interface, wherein the set of keys includes the first encryption key; and
- distribute the set of keys to a plurality of secure circuits including the first secure circuit.
19. The apparatus of claim 15, wherein the first secure circuit is coupled to the first ECU via a first interconnect, and wherein the first ECU is configured to receive the data frame from the second ECU via a second interconnect that is different from the first interconnect.
20. The apparatus of claim 15, wherein the first and second ECUs are further configured to control a respective one or more operations of the vehicle.
Type: Application
Filed: Feb 27, 2023
Publication Date: Aug 31, 2023
Inventor: Tristan F. Schaap (San Francisco, CA)
Application Number: 18/175,204