Title: Cybersecurity standard alignment with SAE on hardware protected security environments Authors: Gil Bernabeu*, GlobalPlatform, France Francesca Forestieri, GlobalPlatform, Italy Keywords – automotive security, cybersecurity standards, interoperability Objective GlobalPlatform has launched an automotive initiative to foster direct engagement between trusted digital service experts from banking, government, mobile and the automotive ecosystem to optimize the efficient deployment of Secure Components, Trusted Digital Architecture, Security APIs, and Security Lifecycle Management within the Automotive sector. Methodology – Alignment with SAE and Automotive Requirements Through GlobalPlatform’s automotive initiative, we have established an automotive task force to align our technology/specifications with SAE and other automotive standards organizations. In addition to coordinated work within the GP membership, we have also established the Cybersecurity Vehicle Forum to work in consultation with the automotive task force to ensure engagement with the wider automotive ecosystem in defining the future of automotive cybersecurity standards. Until 2021, automotive cybersecurity standards were a mix of standards without clear responsibilities across the ecosystem. Since UNECE’s regulation 155 on Cybersecurity Management Systems and 156 on Software Updates, specific cybersecurity requirements have been established. Demonstrating compliance to these regulations for automotive cybersecurity is defined directly in: SAE/ISO 21434 Road vehicles - Cybersecurity engineering and ISO 24089 Road Vehicles - Software Update Engineering. Nevertheless, other automotive standards are necessary for addressing these strategic objectives: SAE • J3101 Hardware Protected Security for Ground Vehicles • J3323 Surface Vehicles Trust Anchors and Authentication Information Report • J3101-3 HPSE Management of Confidential Data • J3201 Guideline for Automotive Environment Cybersecurity Key Management and Credential Distribution ISO • Joint ISO/IEC JTC1/SC 27 - ISO/TC 22/SC 32 WG: Cybersecurity requirements and evaluation activities for connected vehicle devices • ISO/IEC 27001 and related standards Information security management • ISO/PAS 5112:2022 Guidelines for auditing cybersecurity engineering Results - Identification of Gaps in Specifications to Optimize Fit with Automotive Requirements GlobalPlatform is working in coordination with SAE on hardware-based security environments J3101 and we have analyzed the compatibility and differentiating features between varying specifications. Some areas require additional coordination: • Hardware protected security environment – how prescriptive is J3101? • What are the implications of certain choices? • What other use cases are supported by roots-of-trust technologies beyond the protected keystore? • How can an organization plan for flexibility of function knowing that changing requirements are coming from post-quantum and the evolution of market services? • Is the scope of trust anchors prescribed independent of the system wide security or should the scope of the trust anchor change based upon system wide security? What is New: Leveraging Hardware Protected Security Environments from Banking and Mobile to the Emerging Automotive Requirements As a not-for-profit member-driven standards organisation with over 20 years of experience in delivering specifications/certifications for secure digital services and devices for the Banking, Financial, Government and Mobile, GlobalPlatform has existing standards that can be leveraged for automotive security. (60 billion+ Secure Elements (SE) shipped worldwide based on GlobalPlatform specifications, 15 billion+ GlobalPlatform compliant Trusted Execution Environments (TEE) in market today.) GlobalPlatform defines how best to ensure trustworthiness with: • Root-of-Trust as the common thread allowing the trustworthiness of code and data loaded into a system at run-time to be established, so that eventually a larger system can be considered trustworthy. • Overall Device Trust Architecture allows manufacturers to protect critical assets (credential, applications) in Secure Components (either Secure Elements and/or Trusted Execution Environments) and to build chain of trust from the device to their backend systems. GlobalPlatform’s experience provides valuable understanding in addressing foundational security for automotive through Secure Components. Conclusion: Key Role of Interoperability The importance of interoperability is relevant for the full ecosystem, allowing for fostering differentiation while ensuring portability as well as assuring compliance to the most critical aspects: selected security levels and robustness to attacks. GlobalPlatform specifications support this interoperability which is a key differentiator from SAE’s standards. Although interoperability may not be appreciated by vendors with locked-in clients who are unable to change, a fully interoperable ecosystem will guarantee the vitality of the system (i.e., multiple providers, experts, add-on services, etc.). This vitality will result in greater innovation and optimization in fulfilling client requirements for services while allowing for mass market production and a reduction in costs.
Mrs. Francesca Forestieri, Automotive Lead, GlobalPlatform