Automotive security (cvta)
-
Upload
alan-tatourian -
Category
Automotive
-
view
420 -
download
0
Transcript of Automotive security (cvta)
The Connected car and Security 2016 Alan TatourianSecurity Architect, Advanced Driving Technologies, IntelFounding Member, Automotive Security Review Board (ASRB)Member, SAE VESS, TCG, and NIST Cyber-Physical Systems [email protected]
October 6, 20167th Summit on the
Future of the Connected Vehicle
2
Vehicle Architecture Today and TomorrowCAN
Gateway
CAN FlexRay . . . . . .
Gateway
EthernetEthernet Ethernet Ethernet Ethernet
Vehicle Connectivity
Vehicle Automation
Data Analytics
Limited but Expanding(Telematics, Infotainment)
Developing/Immature(Partial/Semi-Autonomous)
Focus on Vehicle Performance/Location
Fully Connected Environment (V2V, V2I, V2X)
Pervasive/Highly Developed
Focus on Consumer Experience/Personal Data
Current State Low Complexity
Future State High Complexity
Risk is increasing and will continue to grow
Where we are Where we are heading
Image credit: Volvo
Image credit: Volvo
3
Connected, Autonomous CarCloud Services
Sensing
Planning
Radar, LIDAR Vehicle Platform Navigation
Error Management
Visualization
Situation AnalysisSituation Awareness
Vision FusionCameras, LIDAR, Radar … Data Fusion
LoggingVehicle Control
Localization
Automotive Bus
Traffic Maps
Distributed Services
Source: RTI
4
External Vehicle Connections
V2V
Radio DataSystem (RDS)
MobileDevices
Electric Chargers
External systems and networks support new services and interactions … and increase risk.
Ad-Hock Network
Trusted Network (e.g. Repair Shop)
Internet Backbone
AutomotiveCompany
Application Center
Local ServiceAP
Untrusted Network
Local Service
Open AP
Road Side Unit (RSU)
3rd PartyApplication
Center
ISP
BSBS
ISP
ISP
Uni-directional Communication
Bi-directional CommunicationAccess Point (AP)
GPS
4
5
Automotive Security Research
2006 2020
Today
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Security threats to automotive CAN networks —Practical examples and selected short-term countermeasures2008
Comprehensive Experimental Analyses of Automotive Attack Surfaces2011
Script Your Car!Using existing hardware platforms to
integrate python into your dashboard2013
A Survey of Remote Automotive Attack Surfaces2014
Remote Exploitation of an Unaltered Passenger Vehicle2015
CAN Message Injection2016
State of the Art: Embedding Security in Vehicles
2006
2017 2018 2019
6
What does Security Mean?
Security covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction. Wikipedia
Existing Definition, also used by NIST
1999 National Academies study “Trust in Cyberspace”
Security research during the past few decades has been based on formal policy models that focus on protecting information from unauthorized access by specifying which users should have access to data or other system objects. It is time to challenge this paradigm of “absolute security” and move toward a model built on three axioms of insecurity:
1. insecurity exists;
2. insecurity cannot be destroyed; and
3. insecurity can be moved around’.
7
Response from the Industry2. SAE J3061 – Cybersecurity Guidebook for Cyber-
Physical Vehicle Systemsa) Enumerate all attack surfaces and conduct threat
analysisb) Reduce Attack Surfacec) Harden hardware and softwared) Security Testing (Penetration, fuzzing, etc.)
1. SAE J3101 – Hardware-Protected Security for Ground Vehicle Applications
a) Secure Bootb) Secure Storagec) Secure Execution Environmentd) Other hardware capabilities…e) OTA, authentication, detection, recovery
mechanisms…
8
V2X antenna
Mobile Devices
ISPBS
BS
GPS
Electric Chargers
Occupant safetySurround sensorsBrake control systemElectric power steeringCAN bus
Fast cryptographic performanceDevice identification
Isolated execution(Message) Authentication
Hardware security services that can be used by applications
Platform boot integrity and Chain of TrustSecure Storage (keys and data)
Secure CommunicationSecure Debug
Tamper detection and protection from side channel attacks
Hardware security building blocks
Over-the Air UpdatesIDPS / Anomaly Detection
Network enforcementCertificate Management Services
Antimalware and remote monitoringBiometrics
Software and Services
Security features in the silicon, for example Memory Scrambling, Execution Prevention, etc.
Defense in Depth
Hard
war
e Ro
ot o
f Tru
st
Analog security monitoring under the CPU
Defense in Depth
9
Hardware Security Building Blocks1. Verified boot2. Secure Storage (encrypted flash)3. Trusted Execution Environment (HSM)4. Cryptographic Acceleration5. Key Generation6. Secure Clock7. Monotonic Counters8. True RNG9. Unique device id10.Secure Debug11.Physical Tamper Detection and protection against side-channel
attacks
Platform boot integrity and Chain of TrustSecure Storage (keys and data)
Secure CommunicationSecure Debug
Tamper detection and protection from side channel attacks
Hardware security building blocks
Defense in Depth
Hard
war
e Ro
ot o
f Tru
st
10
Software Security ServicesBasic Cryptography Key Management MiscellaneousHash
SHA2, SHA3
Key Derivation Function (KDF)
NIST 800-108
Compression/Decompression
Message Authentication Code (CMAC, HMAC)
Generation Verification
Secure Key and Certificate Storage
Access Management Import/Export Services Generation Update
Checksum
Signatures
Generation Verification
Key exchange protocols
Random Number Generation
Encryption/Decryption
Symmetric (CBC, CTR) Asymmetric ECC (25519, P-256, P-384, P-512,
Brainpool)
Secure Clock
Time stamping Validity check for key data
Fast cryptographic performanceDevice identification
Isolated execution(Message) Authentication
Hardware security services that can be used by applications
Defense in Depth
Hard
war
e Ro
ot o
f Tru
st
11
Evolution of Technology and Security Solutions
1. Interactive computing.2. Time sharing.3. User authentication.4. File sharing via
hierarchical file systems.5. Prototypes of ‘computer
utilities’.
Emer
ging
conc
erns
1. Access controls2. Passwords3. Supervisor stateSe
curit
y Te
chno
logi
es
1960s
1. Packet networks (ARPANET)
2. Local networks (LANs)3. Communication secrecy
and authentication4. Object-oriented design5. Multilevel security6. Mathematical models of
security7. Provably secure systems
1. Public key cryptography2. Cryptographic protocols3. Cryptographic hashes4. Security verification
1. Adoption of TCP/IP protocols for the Internet
2. Exponential growth of Internet
3. Proliferation of PCs and workstations
4. Client-server model for network services
5. Viruses, worms, Trojans, and other forms of malware
6. Buffer overflow attacks
1. Malware detection (antivirus)
2. Intrusion detection3. Firewalls
1. World Wide Web2. Browsers3. Commercial
transactions4. Data repositories and
breaches5. Portable apps and
scripts6. Internet fraud7. Web-based attacks8. Social engineering and
phishing attacks9. Peer-to-peer (P2P)
Networks
1. Virtual private networks (VPNs)
2. Public-key infrastructure (PKI)
3. Secure web connections (SSL/TLS)
4. Biometrics5. 2-factor authentication6. Confinement (virtual
machines, sandboxes)
1. Botnets2. Denial-of-service attacks3. Wireless networks4. Cloud platforms5. Massive data breaches6. Ransomware7. Malicious adware8. Internet of things9. Surveillance10. Cyber warfare
1. Secure coding and development processes
2. Threat intelligence and sharing
3. Adware blocking4. Denial-of-service
mitigation5. WiFi security
1970s 1980s 1990s 2000s
12
The Evolution of Malware
1980 1985 1990 1995 2000 2005
Source: escrypt
Increasing digitalization and digital integration
Security Escalation:
Hypothetical vulnerabilities identified
Security threats become relevant in practice
Regular security breaches with severe damages
Auto
ICS
Mobile Phones
PC
Servers
ICS-CERT(2008)
20152010 2020
???
CAESS(2010)
GSM Interface Exploit (2015)
Stuxnet and Duqu
(2010/11)German Steel Plant (2014)
AS/1 Card Cracking (2009)
IMSI Catcher, NSA iBanking
(2014)
Cabir, Premium SMS Fraud
(2008)DOS via SMS
DoCaMo (2008)
I Love You(2010)
Heart Bleed(2014)
Sasser(2004)
Melissa(1999)
Michelangelo(1992)
Leandro(1993)
Brain(1986)
F. Cohen(1981)
Confliker(2008)
NSA, PRISM Reign(2014)
SQL Slammer(2003)
Code Red(2001)
Morris Worm(1988)
Tribe Flood DDOS(1998)
CCC BTX Hack(1984)
Creeper(1971)
13
Need for new Thinking about Security
Every 30 years there is a new wave of things that computers do. Around 1950 they began to model events in the world (simulation), and around 1980 to connect people (communication). Since 2010 they have begun to engage with the physical world in a non-trivial way (embodiment – giving them bodies).Butler Lampson, Microsoft Research
Emer
ging
conc
erns
Secu
rity
Tech
nolo
gies
Attacks against Cyber-Physical Systems (CPS):1. Autonomous vehicles2. Smart communities3. Aviation and transportation4. Robots5. Drones6. Infrastructure
1. Self-adaptive Systems which can evaluate and modify their own behavior to improve efficiency, and which can self-heal.
2. Multi-agent Systems, a loosely coupled network of software agents that interact to solve problems, are resilient and partition tolerant.
3. Artificial Intelligence (Genetic Algorithms)
2010/2020s
14
Summary
1. Absolutely secure systems are impossible, with enough money and commitment any system can be broken
2. Assume your system is compromised and build it so that it can recover
15
Thank you!
15
Alan TatourianSecurity Architect, Advanced Driving Technologies, IntelFounding Member, Automotive Security Review Board (ASRB)Member, SAE VESS, TCG, and NIST Cyber-Physical Systems Groups