0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

AUTOSAR CountdownAdvent Calendar 2023

Day 19

Specification of Secure Onboard Communication Protocol(SecOC) , AUTOSAR 969, R22-11, FO,

Last updated at Posted at 2024-01-02

AUTOSARが2023年版、R23-11を公開しました。
https://www.autosar.org/fileadmin/standards/R23-11/FO/AUTOSAR_FO_PRS_SecOcProtocol.pdf

R22-11
https://www.autosar.org/fileadmin/standards/R22-11/FO/AUTOSAR_PRS_SecOcProtocol.pdf

R21-11
https://www.autosar.org/fileadmin/standards/R21-11/FO/AUTOSAR_PRS_SecOcProtocol.pdf

R20-11
https://www.autosar.org/fileadmin/standards/R20-11/FO/AUTOSAR_PRS_SecOcProtocol.pdf

R19-11
https://www.autosar.org/fileadmin/standards/R19-11/FO/AUTOSAR_PRS_SecOcProtocol.pdf

文書は検索してダウンロードできます。
https://www.autosar.org/

<この項は書きかけです。順次追記します。>
This article is not completed. I will add some words in order.

Release Overviews

AUTOSARには現在3つの分類があります。Foundation, CAN OSEK/VDXのClassic Platform, Ethernet/TCP/IP POSIXのAdaptive Platform.

Foundation Release Overview, AUTOSAR 781, R23-11, FO
https://qiita.com/kaizen_nagoya/items/f249bdb8c313d8bff883

Classic Platform Release Overview, AUTOSAR No.0 ,R23-11, CP
https://qiita.com/kaizen_nagoya/items/9d22c8722cbc0f42b137

Adaptive Platform Release Overview, AUTOSAR 782, R23-11, AP
https://qiita.com/kaizen_nagoya/items/13a104606a34fe24fcf7

Qiita 記事一覧

Autosar Foundation R23-11 一覧
https://qiita.com/kaizen_nagoya/items/c30674cb2dac2fcbbd04

AUTOSAR Adaptive Platform R23-11一覧
https://qiita.com/kaizen_nagoya/items/1dece8799a730367b0dc

Autosar Classic Platform R23-11 一覧
https://qiita.com/kaizen_nagoya/items/f770f6c2906e1dcbf180

文書変更(Document Change)

• Removal of implementation specific contents
• Editorial changes

term

short name, aka(also known as) Acronyms and abbreviations

Term Description
SecOC Secure Onboard Communication
MAC Message Authentication Code
FV Freshness Value
FM Freshness Manager
Authentic I-PDU An Authentic I-PDU is an arbitrary AUTOSAR I-PDU the content of which is secured during network transmission by means of the Secured I-PDU. The secured content comprises the complete IPDU or a part of the I-PDU.
Authentication Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons, this aspect of cryptography is usually subdivided into two major classes: entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed).
Authentication Information The Authentication Information consists of a Freshness Value (or a part thereof) and an Authenticator (or a part thereof). Authentication Information are the additional pieces of information that are added by SecOC to realize the Secured I-PDU.
Authenticator Authenticator is data that is used to provide message authentication. In general, the term Message Authentication Code (MAC) is used for symmetric approaches while the term Signature or Digital Signature refers to asymmetric approaches having different properties and constraints.
Data integrity Data integrity is the property whereby data has not been altered in an unauthorized manner since the time it was created, transmitted, or stored by an authorized source. To assure data integrity, one should have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion, and substitution.
Data origin authentication Data origin authentication is a type of authentication whereby a party is corroborated as the (original) source of specified data created at some (typically unspecified) time in the past. By definition, data origin authentication includes data integrity.
Distinction unilateral / bilateral authentication In unilateral authentication, one side proves identity. The requesting side is not even authenticated to the extent of proving that it is allowed to request authentication. In bilateral authentication, the requester is also authenticated at least (see below) to prove the privilege of requesting. There is an efficient and more secure way to authenticate both endpoints, based on the bilateral authentication described above. Along with the authentication (in the second message) requested initially by the receiver (in the first message), the sender also requests an authentication. The receiver sends a third message providing the authentication requested by the sender. This is only three messages (in contrast to four with two unilateral messages).
Entity authentication Entity authentication is the process whereby one party is assured (through acquisition of corroborative evidence) of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired). Note: Entity authentication means to prove presence and operational readiness of a communication endpoint. This is for example often done by proving access to a cryptographic key and knowledge of a secret. It is necessary to do this without disclosing either key or secret. Entity authentication can be used to prevent record-and-replay attacks. Freshness of messages only complicates them by the need to record a lifetime and corrupt either senders or receivers (real-time) clock. Entity authentication is triggered by the receiver, i.e. the one to be convinced, while the sender has to react by convincing. Record and replay attacks on entity authentication are usually prevented by allowing the receiver some control over the authentication process. In order to prevent the receiver from using this control for steering the sender to malicious purposes or from determining a key or a secret ("oracle attack"), the sender can add more randomness. If not only access to a key (implying membership to a privileged group) but also individuality is to be proven, the sender additionally adds and authenticates its unique identification.
Message authentication Message authentication is a term used analogously with data origin authentication. It provides data origin authentication with respect to the original message source (and data integrity, but no uniqueness and timeliness guarantees).
Secured I-PDU A Secured I-PDU is an AUTOSAR I-PDU that contains Payloadof an Authentic I-PDU supplemented by additional Authentication Information.
Transaction authentication Transaction authentication denotes message authentication augmented to additionally provide uniqueness and timeliness guarantees on data (thus preventing undetectable message replay).

References

[1] IEC:The Basic Model, IEC Norm
[2] NIST:Secure Hash Standard (SHS) http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
[3] NIST:Announcing the Advanced Encryption Standard (AES) http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[4] NIST Special Publication 800-38B:Recommendation for Block Cipher Modes of Operation:The CMAC Mode for Authentication http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf

Dependency

[1] IEC 7498-1 The Basic Model, IEC Norm, 1994
[2] National Institute of Standards and Technology (NIST): FIPS-180-4, Secure Hash Standard (SHS), March 2012, available electronically at http://csrc.nist.gov/ publications/fips/fips180-4/fips-180-4.pdf
[3] FIPS Pub 197: Advanced Encryption Standard (AES), U.S. Department of Com- merce, Information Technology Laboratory (ITL), National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, Federal Information Processing Standards Publication, 2001, electronically available at http://csrc.nist.gov/ publications/fips/fips197/fips-197.pdf

Glossaryも掲載しましょう。
https://www.autosar.org/fileadmin/standards/R23-11/FO/AUTOSAR_FO_TR_Glossary.pdf

補足資料(Additions)

祝休日・謹賀新年:2024年の目標
https://qiita.com/kaizen_nagoya/items/b659d922327a7dcdc898

2023 Countdown Calendar 主催・参加一覧
https://qiita.com/kaizen_nagoya/items/c4c2f08ac97f38d08543

CountDownCalendar月間 いいねをいただいた記事群 views 順
https://qiita.com/kaizen_nagoya/items/583c5cbc225dac23398a

Countdown Calendar 2023, 百記事目を書くにあたって。
https://qiita.com/kaizen_nagoya/items/45185a04cfd88b71256a

1年間をまとめた「振り返りページ」@2023
https://qiita.com/kaizen_nagoya/items/bcd1ebd49d3a9e8c7a90

AUTOSAR 文書番号
https://qiita.com/kaizen_nagoya/items/8b894228a0b76c2265c7

AUTOSAR Countdown Calendar 2023
https://qiita.com/advent-calendar/2023/autosar

<この記事は個人の過去の経験に基づく個人の感想です。現在所属する組織、業務とは関係がありません。>
This article is an individual impression based on the individual's experience. It has nothing to do with the organization or business to which I currently belong.

文書履歴(document history)

ver. 0.01 初稿  20240102

最後までおよみいただきありがとうございました。

いいね 💚、フォローをお願いします。

Thank you very much for reading to the last sentence.

Please press the like icon 💚 and follow me for your happy life.

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?