VEHICLE SECURITY NETWORK DEVICE AND DESIGN METHOD THEREFOR

US 20160255154A1
Filed: 10/08/2014
Published: 09/01/2016
Est. Priority Date: 10/08/2013
Status: Active Grant

First Claim

Patent Images

1. A vehicular security network device, comprising:

a conduit configured to connect, to an external network, a first security zone including a plurality of functional elements having a same risk level assessed based on a vehicular security risk assessment matrix; and

a first gate keeper disposed on the conduit and configured to control an access to the plurality of functional elements.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system capable of preventing a security attack/threat on a vehicle network is provided. At least one security zone is set by using a risk level which is evaluated for a plurality of vehicle functional elements. In addition, a security countermeasure corresponding to the risk level of the security zone can be provided to a conduit of the security zone so as to perform gate keeping.

Citations

20 Claims

1. A vehicular security network device, comprising:
- a conduit configured to connect, to an external network, a first security zone including a plurality of functional elements having a same risk level assessed based on a vehicular security risk assessment matrix; and
  
  a first gate keeper disposed on the conduit and configured to control an access to the plurality of functional elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The device of claim 1, wherein, when the risk level is higher than or equal to a predetermined level, the first gate keeper includes a plurality of independent security elements.
  - 3. The device of claim 2, wherein at least one of the independent security elements is embodied by a hardware-based security element.
  - 4. The device of claim 3, wherein the hardware-based security element uses an authentication key to be held by a physical unclonable function (PUF).
  - 5. The device of claim 1, wherein the risk level is a result of lookup from the vehicular security risk assessment matrix using assessment values associated with a level of likelihood of damage (D) indicating a level of a likelihood of damage caused by a security attack, a level of severity (S) when the damage occurs, and a level of controllability (C) when the damage occurs.
  - 6. The device of claim 5, wherein the level of likelihood of damage (D) is determined by a combination of a level of threat realized (T) and a level of vulnerability exploited (V).
  - 7. The device of claim 5, wherein the level of severity (S) and the level of controllability (C) are values assessed based on an ISO 26262.
  - 8. The device of claim 1, wherein the first security zone is a subzone of a second security zone having a risk level lower than the risk level corresponding to the first security zone, the device further comprising:
    - a second gate keeper disposed on a conduit between the second security zone and the external network and configured to control an access to the second security zone.
  - 9. The device of claim 8, wherein the second gate keeper includes a security element configured to provide lower-level security than that provided by the first gate keeper.

10. A vehicular security network designing device comprising at least one processor, the device comprising:
- a risk level assigner configured to assign a risk level to each of a plurality of functional elements connected to a controller area network (CAN) of a vehicle based on a result of lookup from a risk assessment matrix, in response to an input of a level of likelihood of damage (D) indicating a level of a likelihood of damage caused by a security attack, a level of severity (S) when the damage occurs, and a level of controllability (C) when the damage occurs;
  
  a zone setter configured to set at least one security zone by grouping the plurality of functional elements into security zones based on the assigned risk level; and
  
  a design unit configured to dispose, on a conduit between a first security zone and an external network, a first gate keeper corresponding to a first risk level of the first security zone among the at least one security zone.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The device of claim 10, wherein the zone setter is configured to group functional elements of a same assigned risk level into one security zone.
  - 12. The device of claim 10, wherein the zone setter is configured to set the at least one security zone by calculating a security level vector including the assigned risk level and a core security requirement of the plurality of functional elements, and by grouping the plurality of functional elements based on the security level vector.
  - 13. The device of claim 10, wherein, when the first risk level is higher than or equal to a predetermined level, the first gate keeper includes a plurality of independent security elements.
  - 14. The device of claim 13, wherein at least one of the independent security elements is embodied by a hardware-based security element.
  - 15. The device of claim 14, wherein the hardware-based security element uses an authentication key to be held by a physical unclonable function (PUF).

16. A method of designing a vehicular security network to be performed by hardware comprising at least one processor, the method comprising:
- assessing a risk level of a plurality of functional elements of a vehicle using a risk assessment matrix;
  
  setting at least one security zone by grouping the plurality of functional elements into security zones based on the assessed risk level; and
  
  designing a first gate keeper of a security level corresponding to a first risk level of a first security zone among the at least one security zone to be disposed on a conduit between the first security zone and an external network.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the risk level is a result of lookup from the risk assessment matrix using assessment values associated with a level of likelihood of damage (D) indicating a level of a likelihood of damage caused by a security attack, a level of severity (S) when the damage occurs, and a level of controllability (C) when the damage occurs.
  - 18. The method of claim 17, wherein the level of likelihood of damage (D) is determined by a combination of a level of threat realized (T) and a level of vulnerability exploited (V).
  - 19. The method of claim 17, wherein the level of severity (S) and the level of controllability (C) are values assessed based on an ISO 26262.

20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ICTK Holdings Co., Ltd.
Original Assignee
ICTK Co., Ltd. (Bureau Veritas SA)
Inventors
Kim, Dong Kyue, Choi, Byong Deok, Jee, Kwang Hyun

Granted Patent

US 10,033,814 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

B60R 25/00   Fittings or systems for pre...

G09C 1/00   Apparatus or methods whereb...

H01L 2223/54413   comprising digital informat...

H01L 23/5226   Via connections in a multil...

H01L 23/528   Geometry or layout of the i...

H01L 23/544   Marks applied to semiconduc...

H04L 2209/84   Vehicles

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

H04L 67/12   specially adapted for propr...

H04L 9/0866   involving user or device id...

H04L 9/3278   using physically unclonable...

VEHICLE SECURITY NETWORK DEVICE AND DESIGN METHOD THEREFOR

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VEHICLE SECURITY NETWORK DEVICE AND DESIGN METHOD THEREFOR

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links