RemotiveLab's RemotiveBroker Now Supports SecOC Integration Directly in Signal Database
2024-9-2 17:36:51 Author: hackernoon.com(查看原文) 阅读量:10 收藏

The RemotiveBroker, the platform’s core component, now supports message authentication through SecOC along with E2E protection. SecOC data is automatically extracted to simplify configuration. The AUTOSAR SecOC protocol is designed to protect communication, within a vehicle, from cyber-attacks by providing integrity and authentication for messages.

RemotiveLabs offers a developer-centric and open platform for vehicle software development.

Message authentication in all modern automotive protocols

We are thrilled to announce SecOC (Security On-board Communication) has been integrated into RemotiveBroker. SecOC is a security architecture that aims to protect the communication between the various electronic control units (ECUs) within a vehicle against cyber-attacks. SecOc Provides integrity and authentication for messages (i.e. for each signal group / PDU).

The integration of SecOC into RemotiveBroker enhances message authentication across all modern automotive protocols, making it easier for automotive developers to ensure secure communication between electronic control units (ECUs).

When reading a signal database, the RemotiveBroker will detect SecOC configurations. Users may provide additional SecOC configuration for frames using our meta database format and a signal database.

SecOC baked into your signal database

The RemotiveBroker supports ARXML on top of LDF/DBC and Fibex formats. It extracts the necessary SecOC and E2E protection data to streamline the configuration process. This data is included directly in the signal database, effectively baking it into the database of your choice. This approach simplifies the correct implementation of SecOC and helps prevent developers from getting stuck during integration.

[
sim_cfg.SecOc_Key("secure-ecu", b"\x00\x01\x02\x03\x00\x01\x02\x03\x00\x01\x02\x03\x00\x01\x02\x03"),
sim_cfg.SecOc_FreshnessValue("secure-ecu", b"\x00\x00\x00\x00\x00\x00\x00\x00"),
]

Secure your ECUs easily using SecOC.  In RemotiveBroker, it is baked into your signal database for seamless integration and enhanced security, simplifying configuration and preventing implementation roadblocks.

Commonly Asked Questions – SecOC

  • How does SecOC work? SecOC allows the receiver of messages to detect replay attacks, verify the sender’s authenticity, verify the “freshness” of the message, and evaluate the integrity of the transmitted data. This is achieved through the Cipher-based Message Authentication Code (CMAC) and an Autosar component called the Freshness Value Manager (FVM).
  • What is the difference between SecOC and CMAC? SecOC utilizes CMAC as a mechanism to ensure message integrity and authenticity. The primary difference is that SecOC is a comprehensive module within the AUTOSAR framework designed exclusively for secure communication in automotive systems, while CMAC is a standard cryptographic algorithm.
  • Can I send “bad” SecOC packages with RemotiveBroker? Users may produce incorrect SecOC in a few different ways. First, the user may alter the freshness value to an invalid value, making the RemotiveBroker produce SecOC messages that will not pass freshness verification. For a more direct approach to sending incorrect frames, broker allows sending binary data directly, where user can set all bits and bytes manually.
  • What environments can I use this in? This is a standard component in RemotiveLabs platform, it can be used in-vehicle, on developers’ laptops already from early mocking as well as in CI-pipelines in the cloud.

Get started with SecOC

With RemotiveBroker’s 30-days free trial, you can get started easily with hardware you already have available (any Linux computer will do). Read more about RemotiveBroker here, and request a license here and try a simpler way to implement SecOC into your code.


文章来源: https://hackernoon.com/remotivelabs-remotivebroker-now-supports-secoc-integration-directly-in-signal-database?source=rss
如有侵权请联系:admin#unsafe.sh