Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper.
Examples are:
Creating a new key fob
Re-flashing ECU firmware
Reading/exporting PII out of the ECU
Using a subscription-based feature
Performing some service on an ECU
Transferring ownership of the vehicle
Some of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive. Other use cases that require hardware protected security environment-based access control may be used by each manufacturer/service provider based on vehicle capabilities, architecture, and business model.
This section describes how the hardware protected security environment provides a platform to implement access control by enabling secure authentication, authorization and access enforcement. It does not define any specific access control system (DAC/MAC/capability-based/role-based/etc.), models, or polices.
A general access control system is based on the following stages:
1
Identifying and authenticating the user.
2
Authorizing access to the resource.
a
Comparing authenticated user to policies (database/certificates/other).
b
Comparing other conditions (temporal/spatial/other) to policies database.
c
Unlocking access to the resource.
3
Using the resource.
4
(Optional) Removing access to the resource based on temporal or other conditions.
a
Locking access to the resource.
The hardware protected security environment can be involved to different extents in each of the stages listed above. The main two types of hardware protected security environment involvements are full control and partial control. In partial control, the hardware protected security environment is responsible to authenticate and authorize the access, while the normal environment is responsible to lock/unlock the resource. In full control, the hardware protected security environment is responsible for both.
Rationale
Automotive computer systems are required to establish trustworthiness through device identity, sealing, attestation, data integrity, and availability. These systems must be resilient to a wide range of attacks that cannot be thwarted through software-only security mechanisms. A hardware root of trust and the hardware-based security primitives are fundamentally necessary to satisfy demands of connected and highly or fully automated vehicles. This document provides a comprehensive view of security mechanisms supported in hardware for automotive use cases, along with best practices for using such mechanisms.
The SAE Vehicle Electrical System Security Committee is responsible for developing and maintaining Recommended Practices and Information Reports in the area of vehicle electrical systems’ security. The committee’s scope is on-board vehicle electrical systems that affect vehicle control or otherwise act contrary to the occupants’ interests if the systems are manipulated by an attacker. The goals of the committee are: • to identify and recommend strategies and techniques related to preventing and detecting adversarial breaches, and • mitigating undesirable effects if a breach is achieved. The group will classify attack methods, propose preventative strategies, define levels of security by criticality of system type, and identify architecture-level strategies for mitigating attacks. Participants in the Committee include OEMs, suppliers, consulting firms, government entities, and other interested parties.
* Redlines comparisons are available for those standards
listed in the Revision History that contain a radio button. A
redline comparison of the current version against a revision is
accomplished by selecting the radio button next to the standard and
then selecting 'compare'. At this time, Redline versions only exist
for some AMS standards. SAE will continue to add redline versioning
with ongoing updates to SAE MOBILUS.
View/Annotate
Content Loading, Please Wait
Document Preview
Content Loading, Please Wait
Document Comparison
Content Loading, Please Wait
Download
A list of downloadable items.
Product Code
Document Title
File Type
Download
J3101_202002
Hardware Protected Security for Ground Vehicles
Export Metadata
This modal will allow the user to download citation information or export specific fields of data into one of three file formats: Excel, comma-separated values, or text.
You are currently not logged into your Dashboard account, which is required for annotating.
Please select Login to login or register for the Dashboard. Select Continue to view the content without the ability to annotate.
Redline Warning
You are currently not logged into your Dashboard account, which is required for annotating.
Please select Login to login or register for the Dashboard. Select Continue to view the content without the ability to annotate.
Data Set Warning
Hardware Protected Security for Ground Vehicles
SAE Journal Subscriptions are available in a variety of options, which include electronic, electronic with back file, and archive. For detailed information and options, please complete the following:
Content Request
Check My Access!
You may already have access to the Ground Vehicle Standard, Hardware Protected Security for Ground Vehicles
Subscription Access
If you have Subscription Access with a username and password, please login below.
Institutional Login
If you have Institutional Access to SAE MOBILUS, using a predetermined organizational login utilizing single-sign-on (Shibboleth), please login below. To request institutional access to SAE MOBILUS, please complete the institutional subscription information form.
Purchase
If you do not have access to SAE MOBILUS via username/password or institutional access, you can still purchase the Ground Vehicle Standard, Hardware Protected Security for Ground Vehicles.
Search Tips: Search Operators:AND, OR, NOT; Wild Cards; Using Quotes
SAE MOBILUS® Search Tips
Please note: All terms not contained within quotes, will be evaluated using the OR operator. This means that your search results will contain all results that contain ANY of the entered terms.
AND, OR, NOT
SAE MOBILUS supports the use of the AND, OR and NOT BOOLEAN operators ONLY function with the Advanced Search.
Wild Cards
Using the asterisk, ( * ) allows you to search for a partial word. For example, entering a keyword search of aero* will search for any word beginning with aero.
Using the question mark, ( ? ) allows you to search for a word with a single character wildcard. For example, searching for t?re would match both tire and tyre
Using Quotes
Words in double quotes " " are treated as a phrase. Conducting a search for "heat model" will return all results in which the exact phrase "heat model" is found, while "heat modeling" would NOT be included.
A term combined with a phrase will be joined with an OR operator.
Searching for Standards
When searching for a standard please use the entire Document Number assigned, which includes the abbreviation. A space can be used, or omitted between the abbreviation and number.