Guideline for Automotive Secure Key Management and Credential Distribution
This document will define architecture, design, and implementation requirements for vehicle key management security. This would of course include KMS interfaces, but would also include the ecosystem constraints, e.g., recommendations for hardening the OEM and Tier-1 backend systems (using role-based separation modeled on Uptane) to avoid single points of failure in key generation and key storage systems. The scope includes the following:
? Interface specification between car maker and tier-one supplier communication
? Interface specification between suppliers (e.g., tier-one supplier to tier-two supplier)
? Best practice guidance on generation, handling, and storing of credentials within car maker and suppliers
? Best practice guidance on overall key management system cooperation between all stakeholders
? Best practice guidance on overall key management system architecture and design, backup strategies, and recovery strategies.
? Support for both ITU-T X.509 and IEEE 1609.2 certificate formats
? Support for key revocation and key rotation mechanisms. Certificate Revocation List (CRL) based key revocation mechanisms currently in use on the Internet are woefully far away from timely.
This guideline is intended to aid in the implementation of a common key management and credential distribution system between OEMs and Tier-1 Suppliers. This implementation will be based on the KMIP 2.0 specification as outlined by OASIS.