Automotive Linux, Cybersecurity and Transparency Alison Chaiken [email protected] Jan 22, 2016.
-
Upload
jeremy-flynn -
Category
Documents
-
view
222 -
download
2
Transcript of Automotive Linux, Cybersecurity and Transparency Alison Chaiken [email protected] Jan 22, 2016.
![Page 2: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/2.jpg)
So much to gain,so much to lose
![Page 3: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/3.jpg)
3
Ready or not, here come new regulationsCaltrans source link
![Page 4: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/4.jpg)
4
July 2015: Miller and Valasek “state-sponsored” takedown of Jeep
source: http://illmatics.com/Remote%20Car%20Hacking.pdf
![Page 5: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/5.jpg)
5
Miller-Valasek: D-Bus service responding to an open 3G port
“To find vulnerable vehicles you just need to scan on port 6667 from a Sprint device. . . “
![Page 6: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/6.jpg)
6
Without Over-the-Air Updates, Jeep is stuck
Dec. 2015 view of Uconnect update
p0wn-to-own
![Page 7: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/7.jpg)
7
The Jeep was running QNX
QNX is outshipping Linux 6:1 according to analysts.
Many automakers plan cars that run Linux: GENIVI members: BMW, FAW, CMC, Great Wall,
Honda, Hyundai, JLR, Daimler, Nissan, Peugeot-Citroen, Renault, SAIC, Volvo
AGL members: Toyota, JLR, Mitsubishi, Nissan, Honda, Ford, Mazda,Subaru
So everything's fine, right?
![Page 8: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/8.jpg)
8
The fundamental problem with connectivity
“Shuttle bus withJ1939 air conditioning,”Metropolitan AtlantaRapid Transit Authority,http://can-newsletter.org
The “Thermo King Intelligaire III“
![Page 9: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/9.jpg)
9
Payment credentials + High Voltage + ConnectivityWhat could possibly go wrong?
Ozer Shezaf, http://xiom.com/2013/04/13/who_can_hack_a_plug_the_presentation
![Page 10: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/10.jpg)
10
GPS Spoofing: Qihoo at Defcon
![Page 11: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/11.jpg)
11
Ambient Insecurity: the Internet of Threats“Alternative Web browser-based user interface allows
remoteprogramming and status observation”
(Safetran Cobalt brochure)
Background: Thinking Highways
![Page 12: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/12.jpg)
12
What about . . .
attaching your phone via USB to a rental car? leaving your car at a repair shop overnight?
How do we . . . do we opt out of automakers' data collection? reset a car for sale to factory defaults?
Should . . . an unpatched car automatically fail its safety
inspection?
Why . . . are owners manuals still provided as paper?
![Page 13: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/13.jpg)
13
Safety vs. Security Tradeoffs?
2-seconds to rear-view camera NHTSA rule enforces minimum boot time
Are we sacrificing security for fast-boot? Tire-pressure measurement systems (TPMS): worth the added
vulnerability?
![Page 14: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/14.jpg)
The surest approach to security:avoid being an attractive target
![Page 15: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/15.jpg)
15
The ONLY way that payment credentials should be stored in a car
Connectivity to car systems: double-stick tape
![Page 16: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/16.jpg)
16
Associating payment credentials with embedded car systems
puts lives in danger.
![Page 17: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/17.jpg)
Security and transparencyapproaches
![Page 18: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/18.jpg)
18
Vinli-Dialexa scan tool architecture
![Page 19: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/19.jpg)
19
Preserving anonymity with PKE is Challenging
Courtesy B. Lehrmann, 32C3, “Vehicle2Vehicle Communication based on IEEE802.11p”
![Page 20: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/20.jpg)
Hardware-level security
x86: TPM, IMA . . .
ARM: Cortex-R, TrustZone
Image courtesy Chris Turner, ARM
![Page 21: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/21.jpg)
21
Familiar problems, familiar solutions
Global Logic: http://tinyurl.com/ojnrbr2
DOM0 and DOMU run on different cores of a processor.
![Page 22: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/22.jpg)
22
Multiple processor cores with multiple OSes
Courtesy Mentor Automotive
Driver Assistance, Navigation, Entertainment
Linux canbe AGL-GENIVIor Android, or onecore of each
![Page 23: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/23.jpg)
23
Copyright Renesas, “Introduction to CAN”, with permission.
Automotive LAN, 2015
>100 microprocessors on MOST, CAN-FD, LIN, FlexRay networks
![Page 24: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/24.jpg)
24
Copyright Renesas, “Introduction to CAN”, with permission.
Automotive LAN, 2025
Ethernet A/V-B (audio-video bridging) will displace FlexRay and MOST
Becomes apacket-filteringfirewall
EA/V-B
EA/V-B
![Page 25: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/25.jpg)
25
Current scantool connection
Proposal: scantool connection via DB only
Single-board server
CAN500 kbps
Let's get rid of hard connections to CAN that are accessible from passenger cabin.
![Page 26: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/26.jpg)
26
Linux kernel's watchdog timer guards against intrusion-caused slowdown
Critical application,normal state
/dev/watchdog
Critical application,failed state; or simple slowdown
/dev/watchdogX X
REBOOT
Must hit critical time windowint petdog(unsigned interval) {}
![Page 27: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/27.jpg)
27
Event Data Recorders: NHTSA decision pending
courtesyNate Cardozo,EFF
![Page 28: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/28.jpg)
28
CAN Industry Association newsletter, July 24, 2014
Automotive pen-testing
![Page 29: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/29.jpg)
Industry Best Practice: ChromiumOS's Verified Boot via FIT
![Page 30: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/30.jpg)
30
CourtesyGENIVI
andArynga
![Page 31: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/31.jpg)
31
Driver drowsiness detection has great potential, but . . .
Source: Key Safety Systems
![Page 32: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/32.jpg)
32EFF wins automotive DMCA Section 1201 exemption
![Page 34: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/34.jpg)
34
Open Street Map and Ubuntu uNav
H/T Linux Unplugged Episode 115
![Page 35: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/35.jpg)
35
Courtesy of IHS and E. Juliussen
![Page 36: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/36.jpg)
36
Summary
Adding capability and automation to cars inevitably increases 'attack surface.'
Nonetheless, the FCA-Harman-Sprint installation was inexcusably insecure.
The industry as a whole is moving to OTA. Considerable open-source activity is underway. Traditional Linux security best practices apply
equally to cars.
![Page 37: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/37.jpg)
37
References
Smart Automotive special issue of Telematics Wire
Nate Willis' talk, “Linux and the Automotive Security Lab,” historical survey and recommendations for Linux
“Dieselgate” and V2V communication talks at CCC 2015
EPIC “Internet of Cars” Congressional testimony, 11/18/2015
escar Conference Proceedings
Ethernet A/V-B: Junko Yoshida, EE Times
![Page 38: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/38.jpg)
38
extra slides
![Page 39: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/39.jpg)
GENIVI Demo Platform
Qemu image plus BSPs for RPi, Minnowboard, Nvidia Jetson and Renesas R-Car
![Page 40: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/40.jpg)
40Source: RTKL blog
A typical automotive data center
![Page 41: Automotive Linux, Cybersecurity and Transparency Alison Chaiken alison@she-devel.com Jan 22, 2016.](https://reader036.fdocuments.in/reader036/viewer/2022062409/5697c0191a28abf838cce8bc/html5/thumbnails/41.jpg)
41
http://tinyurl.com/crbazg9
Chaos Computer Club 2012 video
Christie Dudley, Santa Clara University Law School