AUTOSARが2023年版、R23-11を公開しました。
https://www.autosar.org/fileadmin/standards/R23-11/AP/AUTOSAR_AP_SWS_Cryptography.pdf
R22-11
https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_SWS_Cryptography.pdf
R21-11
https://www.autosar.org/fileadmin/standards/R21-11/AP/AUTOSAR_SWS_Cryptography.pdf
R20-11
https://www.autosar.org/fileadmin/standards/R20-11/AP/AUTOSAR_SWS_Cryptography.pdf
R19-11
https://www.autosar.org/fileadmin/standards/R19-11/AP/AUTOSAR_SWS_Cryptography.pdf
文書は検索してダウンロードできます。
https://www.autosar.org/
<この項は書きかけです。順次追記します。>
This article is not completed. I will add some words in order.
Release Overviews
AUTOSARには現在3つの分類があります。Foundation, CAN OSEK/VDXのClassic Platform, Ethernet/TCP/IP POSIXのAdaptive Platform.
Foundation Release Overview, AUTOSAR 781, R23-11, FO
https://qiita.com/kaizen_nagoya/items/f249bdb8c313d8bff883
Classic Platform Release Overview, AUTOSAR No.0 ,R23-11, CP
https://qiita.com/kaizen_nagoya/items/9d22c8722cbc0f42b137
Adaptive Platform Release Overview, AUTOSAR 782, R23-11, AP
https://qiita.com/kaizen_nagoya/items/13a104606a34fe24fcf7
Qiita 記事一覧
Autosar Foundation R23-11 一覧
https://qiita.com/kaizen_nagoya/items/c30674cb2dac2fcbbd04
AUTOSAR Adaptive Platform R23-11一覧
https://qiita.com/kaizen_nagoya/items/1dece8799a730367b0dc
Autosar Classic Platform R23-11 一覧
https://qiita.com/kaizen_nagoya/items/f770f6c2906e1dcbf180
文書変更(Document Change)
• Improved Crypto API Functional specification in Chapter 7
• Improved Chapter 8. API specification
• Added initial version from Chapter 5. Dependencies to other functional clusters
用語(terms)
短縮名(short name)
Abbreviation / Acronym | Description |
---|---|
ACL | Access Control List |
AE | Authenticated Encryption |
AEAD | Authenticated Encryption with Associated Data - Encryption scheme which simultaneously provides confidentiality and authenticity of data as well as additional authenticated but not encrypted data. |
AES | Advanced Encryption Standard - A block cipher for the symmetric encryption of electronic data. |
API | Abstract Programming Interface |
ARA | Autosar Runtime Environment for Adaptive Applications |
ASN.1 | Abstract Syntax Notation One, as defined in the ASN.1 standards |
BER | Basic Encoding Rules |
BLOB | Binary Large Object - A Binary Large OBject (BLOB) is a collection of binary data stored as a single entity. |
CA | Certificate Authority or Certification Authority is an entity that issues digital certificates. |
CBC | Cipher Block Chaining Mode - A mode of operation for symmetric ciphers (e.g. AES) that supports encryption. |
CBC-MAC | Cipher Block Chaining Message Authentication Mode - A mode of operation for symmetric ciphers (e.g. AES) that supports authentication. |
CCM | Counter Mode with CBC-MAC - An AEAD operation mode (encryption and authentication) for AES. |
CMAC | Cipher-based Message Authentication Code - A mode of operation for symmetric ciphers (e.g. AES) that supports authentication and is similar but advanced to CBC-MAC. |
CMP | X.509 Certificate Management Provider. |
CO | Cryptographic Object |
COUID | Cryptographic Object Unique Identifier |
CRL | Certificate Revocation Lists is a list of digital certificates that have been revoked before their expiration date was reached. This list contains all the serial numbers of the revoked certificates and the revoked data. |
CSR | Certificate Signing Request |
CTL | Certificate Trust List is a list of digital certificates that are explicitly trusted in this environment. This list contains all the serial numbers of the explicitly trusted certificates. |
DER | Distinguished Encoding Rules as defined in [2] |
DH | Diffie-Hellman (key exchange method) |
ECC | Elliptic Curve Cryptography - Public-key cryptography based on the structure of elliptic curves. |
ECDH | Elliptic Curve Diffie-Hellman - An ECC based DH key exchange with perfect forward secrecy. |
ECDSA | Elliptic Curve Digital Signature Algorithm - An ECC based signature scheme. |
ECIES | Elliptic Curve Integrated Encryption Scheme - An ECC based encryption scheme. |
ECU | Electronic Control Unit |
FC | Crypto Functional cluster Cryptography. This is the AUTOSAR cluster, which provides all important functionality related to cryptograhic, key management, and certificate handling needs. |
gamma | linear recurrent sequence |
GCM | Galois Counter Mode - An AEAD operation mode (encryption and authentication) for AES. |
GMAC | Galois MAC - A mode of operation for symmetric ciphers (e.g. AES) that supports authentication. |
HSM | Hardware Security Module - Hardware security module, used to store cryptographic credentials and secure run-time environment |
HMAC | Hashed Message Authentication Code |
IETF | Internet Engineering Task Force |
IKE | Internet Key Exchange |
IPC | Inter-Process Communication |
IPsec | Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. |
IV | Initialization Vector |
KDF | Key Derivation Function - A function to derive one or more keys from a secret value. |
KEK | Key encryption key - A key that is used to encrypt another key for transportation or storage in an unsecure environment |
KSP | Key Storage Provider |
MAC | Message Authentication Code - A cryptographic function similar to a hash function. It takes a message of variable length and a secret key as input to generate a hash value, the MAC value. The MAC value is attached to the message to be sent. The receiver of the message can recalculate the MAC value to check if the message is authentic. |
MGF | Mask Generation Function - A cryptographic function similar to a hash function. It takes a variable length input and an output length l to generate an output of length l. If the input is unknown, the output appears random. |
OCSP | Online Certificate Status Protocol - Internet protocol used to obtain revocation status of X.509 certificates. |
PEM | Privacy-Enhanced Mail |
PKI | Public Key Infrastructure - A system that issues, distributes, and checks digital certificates. |
PKCS | Public Key Cryptography Standard. |
RA | Registration Authority |
RNG | Random Number Generator |
RSA | Rivest, Shamir, Adleman - RSA is an algorithm for public-key cryptography; It is named after its inventors Ronald L. Rivest, Adi Shamir and Leonard Adleman. |
SecOC | Secure Onboard Communication |
SHA-1 | Secure Hash Algorithm (version 1) - Hash functions family. |
SHA-2 | Secure Hash Algorithm (version 2) - Hash functions family with different hash value length. |
SHA-3 | Secure Hash Algorithm (version 3) - New hash function generation, faster and more secure as SHA-2. |
SHE | Secure Hardware Extension |
TLS | Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. |
TPM | The Trusted Platform Module is defined in [3] and is a secure cryptoprocessor. |
UCM | Update and Configuration Management |
UID | Unique Identifier |
X.509 | Standard for certificates |
Term
Terms | Description |
---|---|
Adaptive Application | An adaptive application is a part of application SW in the architecture of Adaptive AUTOSAR. An adaptive application runs on top of ARA and accesses AUTOSAR functional clusters through ARA. |
Adaptive Platform Services | Adaptive Platform Services are located below the ARA. They provide platform standard services of Adaptive AUTOSAR. |
Asymmetric Key | An asymmetric key describes a pair of two keys (public and private key). A cipher text created by one key cannot be decrypted with this key. Encryption is only possible with the other key of this pair. |
Block Cipher | A symmetric encryption that encrypts plaintext blocks of fixed length. |
certificate serial number | An integer value, unique within the issuing authority, which is unambiguously associated with a certificate issued by that authority. |
certification path | An ordered list of one or more public-key certificates, starting with a public-key certificate signed by the trust anchor, and ending with the public key certificate to be validated. All intermediate public-key certificates, if any, are CA-certificates in which the subject of the preceding certificate is the issuer of the following certificate. |
Ciphertext | A ciphertext is an encrypted text, which is the result of encryption performed on plaintext. |
CryptoAPI | The set of all interfaces that are provided by FC Crypto to consumers. |
Crypto Provider | A structural element that organizes cryptographic primitives. |
Cryptographic primitives | Well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. |
Distinguished name | is originally defined in X.501 [4] as a representation of a directory name, defined as a construct that identifies a particular object from among a set of all objects. |
Functional Cluster | The SW functionality of ARA is divided into functional clusters. Functional clusters provide APIs and can communicate with each other. |
Instance Specifier | Crypto provider can have more than one instance. To distinguish between instances the spcific instance is addressed with an instance specifier. An instance specifier identifies one instance of a crypto provider. |
Key Material | public keys, private keys, seeds. |
Key Slot | Secure storage of key material. Key slots define the access to the stored key material and grant the access only to authorized application or functional cluster. |
Key Storage Provider | A structural element that organizes and manages cryptographic keys. |
Nonce | A nonce is a random or semi-random number that is generated for cryptographic topics. A nonce can be used as an input to a hash algorithm so that the hash algorithm computes a hash value out of two inputs |
Plaintext | A plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted. |
Policy Decision Point | A PDP defines which item (process, application, function) can decide if a requested access to resources may be granted or not. |
Random Number Generator | A program that generates random numbers or pseudo random numbers in a given range. |
Salt | A salt is a random or semi-random number which is created for passwords. When a password is edited for a user/account also a salt is created for this user/account. A hash algorithm creates a hash value of password and salt. Salts increase the security against brute force password guessing attacks. |
SecretSeed | A secret value that is used as an initial value to start encryption/decryption. |
Stream Ciphe | r A symmetric encryption that calculates cipher text out of streaming plaintext and the status result of the encryption of previous streamed plaintext. For the first part of encryption a start value is needed as status result. |
Symmetric Key | In a symmetric encryption the same key (symmetric key) is used to encrypt plaintext into cipher text and to decode cipher text into plain text. A symmetric key is also called secret key because it must be kept secret. |
X.509 Provider | Domain SW for X.509 certificates parsing, verification, storage and search. |
References
[1] Glossary AUTOSAR_FO_TR_Glossary
https://www.autosar.org/fileadmin/standards/R23-11/FO/AUTOSAR_FO_TR_Glossary.pdf
[2] X.690 :Information technology - ASN.1 encoding rules:Specification of Basic En- coding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encod- ing Rules (DER)
https://www.itu.int/rec/T-REC-X.690
[3] ISO/IEC 11889-1:2015 Information technology - Trusted platform module library - Part 1:Architecture
https://www.iso.org
[4] X.501 :Information technology - Open Systems Interconnection - The Directory: Models
https://www.itu.int/rec/T-REC-X.501
[5] Specification of Adaptive Platform Core AUTOSAR_AP_SWS_Core
[6] Explanation of Adaptive Platform Software Architecture AUTOSAR_AP_EXP_SWArchitecture
[7] General Requirements specific to Adaptive Platform AUTOSAR_AP_RS_General
[8] Requirements on Cryptography AUTOSAR_AP_RS_Cryptography
[9] BSI:Functionality Classes and Evaluation Methodology for Deterministic Random Number Generators (AIS) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen /AIS_20_Functionality_Classes_Evaluation_Methodology_DRNG_e.pdf? __ blob=publicationFile[5]
[10] Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Log- arithm Cryptography https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
[11] Public Key Cryptography for the Financial Services Industry Key Agreement and Key Stransport Using Elliptic Curve Cryptography https://webstore.ansi.org/preview-pages/ASCX9/preview_ANSI+X9.63- 2011+(R2017).pdf
[12] Recommendation for Key Derivation Using Pseudorandom Functions (Revised) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf
[13] Elliptic Curve Cryptography
https://www.secg.org/sec1-v2.pdf
[14] ISO IEC 9797-3:2011 Amd 1:2020(en) Information technology - Security tech- niques - Message Authentication Codes (MAC)
https://www.iso.org
[15] HMAC:Keyed-Hashing for Message Authentication https://tools.ietf.org/html/rfc2104
[16] Updated Security Considerations the MD5 Message-Digest and the HMAC-MD5 Algorithms
https://tools.ietf.org/html/rfc6151
[17] Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
https://rfc-editor.org/rfc/rfc5930.txt
[18] ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) https://rfc-editor.org/rfc/rfc7905.txt
[19] TRIVIUM Specifications http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.9030
[20] PKCS #5:Password-Based Cryptography Specification Version 2.0 https://rfc-editor.org/rfc/rfc2898.txt
[21] PKCS #5:Password-Based Cryptography Specification Version 2.1 https://rfc-editor.org/rfc/rfc8018.txt
[22] PKCS #7:Cryptographic Message Syntax Version 1.5 https://rfc-editor.org/rfc/rfc2315.txt
[23] Financial institution encryption of wholesale financial messages:X9.23
[24] Advanced Encryption Standard (AES) Key Wrap Algorithm https://tools.ietf.org/html/rfc3394
[25] Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm https://tools.ietf.org/html/rfc5649
[26] ISO/IEC 9796-2:2010 Information technology - Security techniques - Digital signa- ture schemes giving message recovery - Part 2:Integer factorization based mech- anisms
https://www.iso.org
[27] Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
https://rfc-editor.org/rfc/rfc3278.txt
[28] Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
https://rfc-editor.org/rfc/rfc5753.txt
[29] IEEE P1363:A Standard for RSA, Diffie-Hellman, and Elliptic-Curve Cryptography (Abstract)
[30] New directions in cryptography https://ieeexplore.ieee.org/document/1055638
[31] Specification of Secure Hardware Extensions AUTOSAR_FO_TR_SecureHardwareExtensions
[32] Guide for Internet Standards Writers https://tools.ietf.org/html/rfc2360
[33] X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP https://rfc-editor.org/rfc/rfc6960.txt
[34] Standard X.509 https://www.itu.int/rec/T-REC-X.509/en
[35] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
https://rfc-editor.org/rfc/rfc5280.txt
[36] PKCS #10:Certification Request Syntax Specification Version 1.7 https://tools.ietf.org/html/rfc2986
[37] The application/pkcs10 Media Type https://tools.ietf.org/html/rfc5967
[38] Internet X.509 Certificate Request Message Format https://tools.ietf.org/html/rfc2511
[39] Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
https://tools.ietf.org/html/rfc4211
[40] S/MIME Version 2 Message Specification https://tools.ietf.org/html/rfc2311
[41] Public-Key Cryptography Standards (PKCS) #8:Private-Key Information Syntax Specification Version 1.2
https://rfc-editor.org/rfc/rfc5208.txt
[42] PKCS #12:Personal Information Exchange Syntax v1.1 https://tools.ietf.org/html/rfc7292
[43] X.680 :Information technology - Abstract Syntax Notation One (ASN.1):Specifica- tion of basic notation
https://www.itu.int/rec/T-REC-X.680
[44] X.682 :Information technology - Abstract Syntax Notation One (ASN.1):Constraint specification
https://www.itu.int/rec/T-REC-X.682
[45] X.683 :Information technology - Abstract Syntax Notation One (ASN.1):Parame- terization of ASN.1 specifications
https://www.itu.int/rec/T-REC-X.683
[46] Keying and Authentication for Routing Protocols (KARP) Design Guidelines https://tools.ietf.org/html/rfc6518
[47] Internationalized Email Addresses in X.509 Certificates https://tools.ietf.org/html/rfc8398
[48] Internationalization Updates to RFC 5280 https://tools.ietf.org/html/rfc8399
[49] Transport Layer Security (TLS) Extensions:Extension Definitions https://tools.ietf.org/html/rfc6066
[50] The Transport Layer Security (TLS) Multiple Certificate Status Request Extension https://tools.ietf.org/html/rfc6961
[51] The Transport Layer Security (TLS) Protocol Version 1.3 https://tools.ietf.org/html/rfc8446
補足資料(Additions)
祝休日・謹賀新年:2024年の目標
https://qiita.com/kaizen_nagoya/items/b659d922327a7dcdc898
2023 Countdown Calendar 主催・参加一覧
https://qiita.com/kaizen_nagoya/items/c4c2f08ac97f38d08543
CountDownCalendar月間 いいねをいただいた記事群 views 順
https://qiita.com/kaizen_nagoya/items/583c5cbc225dac23398a
Countdown Calendar 2023, 百記事目を書くにあたって。
https://qiita.com/kaizen_nagoya/items/45185a04cfd88b71256a
1年間をまとめた「振り返りページ」@2023
https://qiita.com/kaizen_nagoya/items/bcd1ebd49d3a9e8c7a90
AUTOSAR 文書番号
https://qiita.com/kaizen_nagoya/items/8b894228a0b76c2265c7
AUTOSAR Countdown Calendar 2023
https://qiita.com/advent-calendar/2023/autosar
AUTOSAR Abstract Platformへの道 R22-11
https://qiita.com/kaizen_nagoya/items/8ac2826635a8c536c7ec
自動車 記事 100
https://qiita.com/kaizen_nagoya/items/f7f0b9ab36569ad409c5
Basic principles, ボッシュ自動車handbook(英語)11版まとめ<2>
https://qiita.com/kaizen_nagoya/items/24a1ba5da3d09b2a95d1
JAXA/IPA クリティカルソフトウェアワークショップ WOCS言語関連発表(改定版)
https://qiita.com/kaizen_nagoya/items/4789832baf494cb74626
<この記事は個人の過去の経験に基づく個人の感想です。現在所属する組織、業務とは関係がありません。>
This article is an individual impression based on the individual's experience. It has nothing to do with the organization or business to which I currently belong.
文書履歴(document history)
ver. 0.01 初稿 20240102
最後までおよみいただきありがとうございました。
いいね 💚、フォローをお願いします。
Thank you very much for reading to the last sentence.
Please press the like icon 💚 and follow me for your happy life.