Alison Chaiken SCALE 14x [email protected] Jan 22, 2016 · 28 References Smart Automotive...
Transcript of Alison Chaiken SCALE 14x [email protected] Jan 22, 2016 · 28 References Smart Automotive...
![Page 1: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/1.jpg)
Automotive Linux, Cybersecurity and Transparency
Alison ChaikenSCALE 14x
[email protected] 22, 2016
http://she-devel.com/Chaiken_automotive_cybersecurity.pdf
![Page 2: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/2.jpg)
● The Problem(s)-- Legacy designs-- Unclear privacy situation-- DMCA
● Approaches to a Solution-- PKE-- Virtualization-- Architecture-based security-- Open Source
![Page 3: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/3.jpg)
3
Ready or not, here come new regulationsCaltrans source link
![Page 4: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/4.jpg)
4
July 2015: Miller and Valasek “state-sponsored” takedown of Jeep
source: http://illmatics.com/Remote%20Car%20Hacking.pdf
![Page 5: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/5.jpg)
5
Miller-Valasek: D-Bus service responding to an open 3G port
“To find vulnerable vehicles you just need to scan on port 6667 from a Sprint device. . . “
![Page 6: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/6.jpg)
6
Without Over-the-Air Updates, Jeep is stuck
Dec. 2015 view of Uconnect update
p0wn-to-own
![Page 7: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/7.jpg)
7
The Jeep was running QNX
● QNX is outshipping Linux 6:1 say analysts.● Many automakers plan cars that run Linux:
– GENIVI members: BMW, FAW, CMC, Great Wall, Honda, Hyundai, JLR, Daimler, Nissan, Peugeot-Citroen, Renault, SAIC, Volvo
– AGL members: Toyota, JLR, Mitsubishi, Nissan, Honda, Ford, Mazda,Subaru
● So everything's fine, right?
![Page 8: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/8.jpg)
8
What about . . .
● attaching your phone via USB to a rental car?
● leaving your car at a repair shop overnight?
How do we . . . ● opt out of automakers' data collection?
● reset a car for sale to factory defaults?
Should . . .
● an unpatched car fail its safety inspection?
● law enforcement routinely monitor speed data?
![Page 9: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/9.jpg)
We need societal values to informtransportation technological decisions. . . not the other way around!
![Page 10: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/10.jpg)
10
Safety vs. Security Tradeoffs?
● 2-seconds-to-rear-view-camera NHTSA rule enforces minimum boot time.
● Ill-considered regulations can lead to less safety when increased attack surface is factored in.
![Page 11: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/11.jpg)
11
Event Data Recorders: NHTSA decision pending
courtesyNate Cardozo,EFF
![Page 12: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/12.jpg)
The surest approach to security:avoid being an attractive target
![Page 13: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/13.jpg)
13
The ONLY way that payment credentials should be stored in a car
Connectivity to car systems: double-stick tape
![Page 14: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/14.jpg)
14
Associating broad payment credentials with embedded car systems
puts lives in danger.
![Page 15: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/15.jpg)
15
Payment credentials + High Voltage + ConnectivityWhat could possibly go wrong?
Ozer Shezaf, http://xiom.com/2013/04/13/who_can_hack_a_plug_the_presentation
![Page 16: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/16.jpg)
Security and transparencyapproaches
![Page 17: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/17.jpg)
17
Vinli-Dialexa scan tool architecture
![Page 18: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/18.jpg)
18
Preserving anonymity with PKE is Challenging
Courtesy B. Lehrmann, 32C3, “Vehicle2Vehicle Communication based on IEEE802.11p”
![Page 19: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/19.jpg)
19
Multiple processor cores with multiple OSes
Courtesy Mentor Automotive
Driver Assistance, Navigation, Entertainment
Linux canbe AGL-GENIVIor Android, or onecore of each
Proprietary or Xen
or QNX …
![Page 20: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/20.jpg)
20
Copyright Renesas, “Introduction to CAN”, with permission.
Automotive LAN, 2025
Ethernet A/V-B (audio-video bridging) will displace FlexRay and MOST
Becomes apacket-filteringfirewall
EA/V-B
EA/V-B
![Page 21: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/21.jpg)
21
Proposal: scantool connection via DB only
Single-board server
CAN500 kbps
Get rid of hard connections to CAN from passenger cabin.
Firewall
![Page 22: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/22.jpg)
22
Linux kernel's watchdog timer guards against intrusion-caused slowdown
Critical application,normal state
/dev/watchdog
Critical application,failed state; or simple slowdown
/dev/watchdogX X
REBOOT
Must hit critical time windowint petdog(unsigned interval) {}
![Page 23: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/23.jpg)
Industry Best Practice: ChromiumOS's Verified Boot
Balances security with software freedom.
![Page 24: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/24.jpg)
24
CourtesyGENIVI
andArynga
![Page 25: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/25.jpg)
25
EFF wins automotive DMCA Section 1201 exemption
32c3 2015: F. Domcke reverse-engineers the VW-diesel cheat
![Page 27: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/27.jpg)
27
Summary
● Adding capability and automation inevitably increases 'attack surface.'
● The FCA-Harman-Sprint installation did not follow best practices.
● The industry as a whole is moving to OTA.
● Considerable open-source activity is underway.
● Traditional Linux security considerations apply equally to cars.
![Page 28: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/28.jpg)
28
References● Smart Automotive special issue of Telematics Wire
● Nate Willis, “Linux and the Automotive Security Lab”
● “Dieselgate” and V2V communication talks at 32c3 2015
● EPIC “Internet of Cars” Congressional testimony, 11/18/2015
● “Vehicle Forensics” SchmooCon 2014
● “Remote Vehicle Interaction,” AGL meeting, 9/2015
● Ethernet A/V-B: Junko Yoshida, EE Times
● Automotive Grade Linux and GENIVI
● General Motors' kernel source
● Freenode #automotive IRC
● I Am the Cavalry Five Star Automotive Cyber Safety Framework
![Page 29: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/29.jpg)
29
Acknowledgements
Thanks to the following people for comments on, contributions to or support of (but not endorsement of) this presentation:
Dan Bartz, Mike Linksvayer, Roni Michaels, Linda Campbell, Charlie Vogelheim, Nate Cardozo, Andre Nakkurth, Julian Palau, Vinli, IBM Enterprise Security
![Page 30: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/30.jpg)
30
extra slides
![Page 31: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/31.jpg)
Hardware-level security on a device
● x86: TPM, IMA . . .
● ARM: Cortex-R, TrustZone
● Both ARM and x86 solutions have some Linux driver support
Image courtesy Chris Turner, ARM
![Page 32: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/32.jpg)
32
Familiar problems, familiar solutions
Global Logic: http://tinyurl.com/ojnrbr2
DOM0 and DOMU run on different cores of a processor.
![Page 33: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/33.jpg)
33
Driver drowsiness detection has great potential, but . . .
Source: Key Safety Systems
![Page 34: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/34.jpg)
34
Copyright Renesas, “Introduction to CAN”, with permission.
Automotive LAN, 2015
>100 microprocessors on MOST, CAN-FD, LIN, FlexRay networks
![Page 35: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/35.jpg)
35
GPS Spoofing: Qihoo at Defcon
![Page 36: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/36.jpg)
36
Connectivity may be a bad choice
“Shuttle bus withJ1939 air conditioning,”Metropolitan AtlantaRapid Transit Authority,http://can-newsletter.org
The “Thermo King Intelligaire III“
![Page 37: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/37.jpg)
37
Ambient Insecurity: the Internet of Threats“Alternative Web browser-based user interface allows remote
programming and status observation” (Safetran Cobalt brochure)
Background: Thinking Highways
![Page 38: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/38.jpg)
38
Open Street Map and Ubuntu uNav
H/T Linux Unplugged Episode 115
![Page 39: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/39.jpg)
39
CAN Industry Association newsletter, July 24, 2014
Automotive pen-testing
![Page 41: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/41.jpg)
41
Courtesy of IHS and E. Juliussen
![Page 42: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/42.jpg)
GENIVI Demo Platform
Qemu image plus BSPs for RPi, Minnowboard, Nvidia Jetson and Renesas R-Car
![Page 43: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/43.jpg)
43Source: RTKL blog
A typical automotive data center
![Page 44: Alison Chaiken SCALE 14x alison@she-devel.com Jan 22, 2016 · 28 References Smart Automotive special issue of Telematics Wire Nate Willis, “Linux and the Automotive Security Lab”](https://reader035.fdocuments.in/reader035/viewer/2022081613/5fbf01c2a62b96501a0b66b7/html5/thumbnails/44.jpg)
44
http://tinyurl.com/crbazg9
Chaos Computer Club 2012 video
Christie Dudley, Santa Clara University Law School