Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack...

22
Accessing & Influencing Automotive Cyber Physical Engineered Systems Roy Isbell (Prof.) FIET FBCS CITP

Transcript of Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack...

Page 1: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Accessing & Influencing Automotive Cyber Physical

Engineered Systems Roy Isbell (Prof.) FIET FBCS CITP

Page 2: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Air

Maritime

Road Rail

Metro/ Under

Ground

People Goods

Source: Roy Isbell DFM

Source: Hitachi.com

Transport Systems (The Movement of Goods and/or People)

Source: Digital Age Transportation – The Future of Urban Mobility - Tiffany Dovey Fishman – Deloitte University Press.

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 3: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Automotive Automation (Ten Steps to Autonomy)

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

10 Steps to full automation Source: Schlumberger Modified by: Roy Isbell (Prof.) FIET FBCS CITP

6 Levels of Automation Source: SAE International, BASt & NHTSA

Page 4: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Integrated Transport (Future Autonomous Vehicles)

Source: Rolls Royce Holdings Autonomous Shipping Autonomous Road Vehicles

Source: Volvo

Autonomous Planes Source: Northrop Grumman

Transport for London is considering plans to

roll out driverless tube trains across the

Underground network by 2020

Source: Transport For London Autonomous Trains

The first commercially available semi

autonomous cars will be available in 2014

(E&Y Report)

Page 5: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Cyber Physical Engineered Systems (Adding Sensing & Actuation)

Source: Hitachi.com

Source: Unknown

Cyber–Physical Engineered Systems

Cyber–Physical Engineered Systems 1. Effectively command and control systems that are

networked or distributed (i.e. employ networking and/or communications).

2. Incorporate a degree of intelligence (adaptive or predictive).

3. Work in real time to influence or actuate outcomes in the physical world.

Cyber–Physical Engineered Systems 4. Found in transportation, utilities, buildings,

infrastructure & health care.

5. Use sensors to detect and measure physical parameters and actuators to control physical processes.

6. Utilise feedback loops for monitoring allowing degrees of autonomy.

Page 6: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Complex System of Systems (WHAT? – Complex Cyber Physical Engineered System)

List of Technologies to Create a Self-driving Vehicle: • Collision Avoidance (Steering) • Vehicle-to-Vehicle Communication • Vehicle-to-Infrastructure Communication • Steer-by-Wire • Lane Keeping • Forward Collision Avoidance (Braking) • Driver Performance Monitor • Lane Sensing/Warning • Active Roll Control • Forward Collision Warning • Adaptive Cruise Control • Vision Enhancement • Near Obstacle Detection • Electronic Stability Control • Adaptive Variable-Effort Steering • Semi-Active Suspension • Traction Control • Anti-Lock Braking Systems Source: Byron Shaw, GM MD of Advanced Technology

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 7: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Network Based Connectivity (HOW? – Expansion of the Attack Vectors)

Mobile Phone App – Sync with Head Unit. Head Unit OS – Windows, Android or Linux Variants

Laptop Access – Through Vehicle WiFi Hotspot

4G Access – Via Mobile Phone

New Vehicle Apps – Access via Head Unit & Mobile Device

5G Access – Via Mobile or Vehicle

The Cloud – Dedicated Cloud Services or Generic Web Access

All the Security Issues Associated With Information Systems, Now Apply to Connected Vehicles

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 8: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Sensor Systems

Connecting Systems

Complex System of Systems (HOW? – External Remote Access)

Sensor Systems – Constantly monitor the external environment to build a 360o picture that provides information to the command and control environment of the vehicle. (Influence, Jamming & Spoofing)

Infotainment – a combination of information and entertainment. (Access to vehicle subsystems for information, disruption, modification & control).

Telematics – the integrated use of telecommunications and informatics for control of vehicles on the move. (Access for information, disruption, modification & control).

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 9: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Complex System of Systems (HOW? – External Remote Access)

Wireless Access for the Vehicular Environment (WAVE) operating in the licensed band of 5.9Ghz (5.85 – 5.925Ghz). (Access route for information, disruption, modification & control).

Source: SamsungSDS

Source: Continental Tyres

Tyre Pressure Monitoring System (TPMS), operating on either of two frequencies 315Mhz and 433Mhz. (Access route for disruption, modification & possible control).

The Radio Data System (RDS). Embedding data in a radio signal (station identity, time, frequency etc.) RDS 2.0 has additional features; graphical radiotext for smartphone and tablet interface. Traffic Message Channel (TMC) links into navigation systems. (Information, Spoofing & Payload Delivery)

Source: rds.org.uk

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 10: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Design & Manufacture

Sales & Distribution

Consumer / Owner Disposal

Maintenance – (Maintainer / Valet)

Fuel – (Fossil / Gas / Bio / Electrical)

Vehicle Lifecycle

Analysis of the vehicle lifecycle provides for identification of those who are permitted to come into contact with the vehicle and the level of access. These individuals provide identification of the ‘Insiders’ for consideration of the ‘Insider Threat’

Vehicle Lifecycle (HOW? – The Insider Threat)

Maintainers – Have physical access to the vehicle via technical equipment. Both the equipment and the personnel maybe an attack vector

In addition the vehicle software updating process needs to be considered as an attack vector.

The use of Power Line Carrier technology to communicate between

the vehicle, off-board charger, and smart grid.

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 11: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Attack Motivators

CRIME (Including Financial)

(H)Acktivism

Warfare

Terrorism (Including Corporate Blackmail)

Espionage (Including Industrial

Espionage)

Espionage – seeking unauthorised access to sensitive information (intellectual property, commercial information, corporate strategies, personal data, pattern of life) or using the vehicle as a reconnaissance tool:

• State • Commercial

(H)Acktivism – seeking publicity or creating pressure on behalf of a specific objective or cause:

• Disruption of specific businesses/organisations (supplier or end user) • Disruption of specific geographic areas (cities, routes)

Criminal – largely driven by financial gain, but may include gang related violence:

• Theft of a vehicle • Theft from a vehicle • Hijack of a vehicle • Kidnap of a vehicle’s occupant(s) • Criminal damage

Terrorism – Use of the Vehicle or Transport System to instil fear.

• Use of vehicle as a weapon • Attacks on vehicle and/or vehicle’s occupants • Disruption of transport systems/infrastructure

Warfare – conflict between nation states

• Disruption of transport systems/infrastructure to deny operational use • Disable specific modes of transport or vehicle types • Destruction of vehicles

Attack Motivators (WHO?)

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 12: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Attack Motivators (WHY? – Terrorism)

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Hacktivists, 46%

Organised Crime, 42%

Competitors/Industrial Espionage, 41%

Nation State, 34%

Terrorist Organisation, 28%

A recent survey from ESG asked 244 enterprise security professionals working at companies employing 1,000 or more employees. ESG asked them to identify the groups that pose the greatest security threat to their organization.

Page 13: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Attack Motivators (WHY? – Espionage)

Espionage – seeking unauthorised access to sensitive information (intellectual property, commercial information, corporate strategies, personal data, pattern of life) or using the vehicle as a reconnaissance tool:

• State • Commercial

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 14: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Attack Motivators (WHY? – Terrorism)

Terrorism – Using a remote controlled / programmed autonomous vehicle as a weapon. Picture – Car bomb at Glasgow Airport

Source: irdc.ir

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 15: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Attack Motivators (WHY? – {H}Activism)

{H}Activism – Hacktivism is the act of hacking a website or computer network in an effort to convey a social or political message. The person who carries out the act of Hacktivism is known as a Hacktivist.

Auto {H}Activism – the act of hacking a vehicle in an effort to convey a social or political message to the owner, owners and or manufacturer of the vehicle.

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Source: http://news.nationalpost.com

Page 16: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Access

Information

CIA Cyber Attack

Triangle

Capability

CIA – Cyber Attack Triangle

Access – In order for any attack to even be contemplated some form of access to the target is required. Access may be physical or remote.

Capability – To effect a successful attack the attacker requires the correct tools and techniques to interact with the target and influence or affect the changes required to achieve the desired outcome.

Information – Before either access or capability may be achieved or determined, information (intelligence) on the target is required. The level of detailed information will determine the risk associated with any attack scenario being considered.

Like any three legged stool, absence of any leg renders the stool useless.

Attack Anatomy

Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either information, access or a capability related to the target system.

Cyber Attack Triangle

The Cyber Attack Triangle (WHEN? – Understanding the Pre-requisites for an Attack)

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 17: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Automotive Attack Surfaces (Hackers Reference Manual)

A Reference Manual: Presented at BlackHat USA 2014 Charlie Miller & Chris Valasek

The talk took a step back and examined the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset, we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last five years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward?

Source: blackhat USA 2014

Standards: CAN, LIN, MOST, FlexRay Wireless

Communications: Remote Keyless Entry / Start, Bluetooth, Cellular, Wi-Fi, AM/FM/XM Radio, Proprietary Radio, Audi Connect

Cyber Physical: Adaptive Cruise Control, Active Lane Assist, Audi

Pre-Sense

A Collection of Open Source Information

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 18: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Attack Vector Research (HOW? – ODBII)

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 19: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

New Models for Evaluating Cyber Security & Safety

Possession / Control

Integrity Availability

Utility

Authenticity

Confidentiality

Parker DB; 2002

Parkerian Hexad

Confidentiality

Integrity Availability

Bishop M. 2004

CIA Triad

Confidentiality

Possession/Control

Integrity

Authenticity Availability

Utility

Safety Boyes H. 2014

Cyber Security for Autonomous Systems

Element Relevance to CPES

Confidentiality Protection of personal & other sensitive data

Possession/Control Prevent unauthorised manipulation or control of systems

Integrity Prevent unauthorised changes to or deletion of data & maintenance of system configuration

Authenticity Prevention of fraud or tampering with data

Availability Autonomous Infrastructure able to operate without disruption or impairment

Utility Maintaining data & systems in a useful state throughout their lifecycle

Safety Prevention of harm to individuals, assets and the environment

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 20: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

Cyber Security & Trustworthiness (An Engineers View)

Establishing the Framework – Grouping the subject areas into three Frames:

• Controlling Access & System Operations

• Information Quality, Validity & System Configuration

• Continuity of Operations, Safety of Personnel & Assets

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Page 21: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

PROGRAMMING (An Engineers View)

Based on PAS 754:2014 produced by the Trustworthy Software Initiative (TSI)

Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Source: Jones, C. Software Assessments, Benchmarks, and Best Practices. Reading, MA: Addison

Wesley, 2000

Source: ISO 26262 - Overview

Page 22: Accessing & Influencing Automotive Cyber Physical ...Attack Anatomy Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either

5 Key Messages Accessing & Influencing Automotive Cyber–Physical Engineered Systems

Key Messages: 1 – Increased use of technology and connectedness expands the attack surface

of vehicles. 2 – The use of IP services and technology brings with it all the problems

currently encountered by IP Network owners and operators. 3 – The automobile is a Cyber Physical Engineered System and needs to be

considered accordingly. 4 – Crime and Data Privacy is not the only motivator for attacking a motor

vehicle. 5 – Engineering security and safety practices need to be expanded to cover the

implementation of IP and the expansion towards the totally autonomous vehicle.