Accessing & Influencing Automotive Cyber Physical
Engineered Systems Roy Isbell (Prof.) FIET FBCS CITP
Air
Maritime
Road Rail
Metro/ Under
Ground
People Goods
Source: Roy Isbell DFM
Source: Hitachi.com
Transport Systems (The Movement of Goods and/or People)
Source: Digital Age Transportation – The Future of Urban Mobility - Tiffany Dovey Fishman – Deloitte University Press.
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Automotive Automation (Ten Steps to Autonomy)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
10 Steps to full automation Source: Schlumberger Modified by: Roy Isbell (Prof.) FIET FBCS CITP
6 Levels of Automation Source: SAE International, BASt & NHTSA
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Integrated Transport (Future Autonomous Vehicles)
Source: Rolls Royce Holdings Autonomous Shipping Autonomous Road Vehicles
Source: Volvo
Autonomous Planes Source: Northrop Grumman
Transport for London is considering plans to
roll out driverless tube trains across the
Underground network by 2020
Source: Transport For London Autonomous Trains
The first commercially available semi
autonomous cars will be available in 2014
(E&Y Report)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Cyber Physical Engineered Systems (Adding Sensing & Actuation)
Source: Hitachi.com
Source: Unknown
Cyber–Physical Engineered Systems
Cyber–Physical Engineered Systems 1. Effectively command and control systems that are
networked or distributed (i.e. employ networking and/or communications).
2. Incorporate a degree of intelligence (adaptive or predictive).
3. Work in real time to influence or actuate outcomes in the physical world.
Cyber–Physical Engineered Systems 4. Found in transportation, utilities, buildings,
infrastructure & health care.
5. Use sensors to detect and measure physical parameters and actuators to control physical processes.
6. Utilise feedback loops for monitoring allowing degrees of autonomy.
Complex System of Systems (WHAT? – Complex Cyber Physical Engineered System)
List of Technologies to Create a Self-driving Vehicle: • Collision Avoidance (Steering) • Vehicle-to-Vehicle Communication • Vehicle-to-Infrastructure Communication • Steer-by-Wire • Lane Keeping • Forward Collision Avoidance (Braking) • Driver Performance Monitor • Lane Sensing/Warning • Active Roll Control • Forward Collision Warning • Adaptive Cruise Control • Vision Enhancement • Near Obstacle Detection • Electronic Stability Control • Adaptive Variable-Effort Steering • Semi-Active Suspension • Traction Control • Anti-Lock Braking Systems Source: Byron Shaw, GM MD of Advanced Technology
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Network Based Connectivity (HOW? – Expansion of the Attack Vectors)
Mobile Phone App – Sync with Head Unit. Head Unit OS – Windows, Android or Linux Variants
Laptop Access – Through Vehicle WiFi Hotspot
4G Access – Via Mobile Phone
New Vehicle Apps – Access via Head Unit & Mobile Device
5G Access – Via Mobile or Vehicle
The Cloud – Dedicated Cloud Services or Generic Web Access
All the Security Issues Associated With Information Systems, Now Apply to Connected Vehicles
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Sensor Systems
Connecting Systems
Complex System of Systems (HOW? – External Remote Access)
Sensor Systems – Constantly monitor the external environment to build a 360o picture that provides information to the command and control environment of the vehicle. (Influence, Jamming & Spoofing)
Infotainment – a combination of information and entertainment. (Access to vehicle subsystems for information, disruption, modification & control).
Telematics – the integrated use of telecommunications and informatics for control of vehicles on the move. (Access for information, disruption, modification & control).
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Complex System of Systems (HOW? – External Remote Access)
Wireless Access for the Vehicular Environment (WAVE) operating in the licensed band of 5.9Ghz (5.85 – 5.925Ghz). (Access route for information, disruption, modification & control).
Source: SamsungSDS
Source: Continental Tyres
Tyre Pressure Monitoring System (TPMS), operating on either of two frequencies 315Mhz and 433Mhz. (Access route for disruption, modification & possible control).
The Radio Data System (RDS). Embedding data in a radio signal (station identity, time, frequency etc.) RDS 2.0 has additional features; graphical radiotext for smartphone and tablet interface. Traffic Message Channel (TMC) links into navigation systems. (Information, Spoofing & Payload Delivery)
Source: rds.org.uk
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Design & Manufacture
Sales & Distribution
Consumer / Owner Disposal
Maintenance – (Maintainer / Valet)
Fuel – (Fossil / Gas / Bio / Electrical)
Vehicle Lifecycle
Analysis of the vehicle lifecycle provides for identification of those who are permitted to come into contact with the vehicle and the level of access. These individuals provide identification of the ‘Insiders’ for consideration of the ‘Insider Threat’
Vehicle Lifecycle (HOW? – The Insider Threat)
Maintainers – Have physical access to the vehicle via technical equipment. Both the equipment and the personnel maybe an attack vector
In addition the vehicle software updating process needs to be considered as an attack vector.
The use of Power Line Carrier technology to communicate between
the vehicle, off-board charger, and smart grid.
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Attack Motivators
CRIME (Including Financial)
(H)Acktivism
Warfare
Terrorism (Including Corporate Blackmail)
Espionage (Including Industrial
Espionage)
Espionage – seeking unauthorised access to sensitive information (intellectual property, commercial information, corporate strategies, personal data, pattern of life) or using the vehicle as a reconnaissance tool:
• State • Commercial
(H)Acktivism – seeking publicity or creating pressure on behalf of a specific objective or cause:
• Disruption of specific businesses/organisations (supplier or end user) • Disruption of specific geographic areas (cities, routes)
Criminal – largely driven by financial gain, but may include gang related violence:
• Theft of a vehicle • Theft from a vehicle • Hijack of a vehicle • Kidnap of a vehicle’s occupant(s) • Criminal damage
Terrorism – Use of the Vehicle or Transport System to instil fear.
• Use of vehicle as a weapon • Attacks on vehicle and/or vehicle’s occupants • Disruption of transport systems/infrastructure
Warfare – conflict between nation states
• Disruption of transport systems/infrastructure to deny operational use • Disable specific modes of transport or vehicle types • Destruction of vehicles
Attack Motivators (WHO?)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Attack Motivators (WHY? – Terrorism)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Hacktivists, 46%
Organised Crime, 42%
Competitors/Industrial Espionage, 41%
Nation State, 34%
Terrorist Organisation, 28%
A recent survey from ESG asked 244 enterprise security professionals working at companies employing 1,000 or more employees. ESG asked them to identify the groups that pose the greatest security threat to their organization.
Attack Motivators (WHY? – Espionage)
Espionage – seeking unauthorised access to sensitive information (intellectual property, commercial information, corporate strategies, personal data, pattern of life) or using the vehicle as a reconnaissance tool:
• State • Commercial
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Attack Motivators (WHY? – Terrorism)
Terrorism – Using a remote controlled / programmed autonomous vehicle as a weapon. Picture – Car bomb at Glasgow Airport
Source: irdc.ir
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Attack Motivators (WHY? – {H}Activism)
{H}Activism – Hacktivism is the act of hacking a website or computer network in an effort to convey a social or political message. The person who carries out the act of Hacktivism is known as a Hacktivist.
Auto {H}Activism – the act of hacking a vehicle in an effort to convey a social or political message to the owner, owners and or manufacturer of the vehicle.
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Source: http://news.nationalpost.com
Access
Information
CIA Cyber Attack
Triangle
Capability
CIA – Cyber Attack Triangle
Access – In order for any attack to even be contemplated some form of access to the target is required. Access may be physical or remote.
Capability – To effect a successful attack the attacker requires the correct tools and techniques to interact with the target and influence or affect the changes required to achieve the desired outcome.
Information – Before either access or capability may be achieved or determined, information (intelligence) on the target is required. The level of detailed information will determine the risk associated with any attack scenario being considered.
Like any three legged stool, absence of any leg renders the stool useless.
Attack Anatomy
Attack Anatomy – Each attack follows a sequence of activities with each activity, once completed providing either information, access or a capability related to the target system.
Cyber Attack Triangle
The Cyber Attack Triangle (WHEN? – Understanding the Pre-requisites for an Attack)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Automotive Attack Surfaces (Hackers Reference Manual)
A Reference Manual: Presented at BlackHat USA 2014 Charlie Miller & Chris Valasek
The talk took a step back and examined the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset, we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last five years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward?
Source: blackhat USA 2014
Standards: CAN, LIN, MOST, FlexRay Wireless
Communications: Remote Keyless Entry / Start, Bluetooth, Cellular, Wi-Fi, AM/FM/XM Radio, Proprietary Radio, Audi Connect
Cyber Physical: Adaptive Cruise Control, Active Lane Assist, Audi
Pre-Sense
A Collection of Open Source Information
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Attack Vector Research (HOW? – ODBII)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
New Models for Evaluating Cyber Security & Safety
Possession / Control
Integrity Availability
Utility
Authenticity
Confidentiality
Parker DB; 2002
Parkerian Hexad
Confidentiality
Integrity Availability
Bishop M. 2004
CIA Triad
Confidentiality
Possession/Control
Integrity
Authenticity Availability
Utility
Safety Boyes H. 2014
Cyber Security for Autonomous Systems
Element Relevance to CPES
Confidentiality Protection of personal & other sensitive data
Possession/Control Prevent unauthorised manipulation or control of systems
Integrity Prevent unauthorised changes to or deletion of data & maintenance of system configuration
Authenticity Prevention of fraud or tampering with data
Availability Autonomous Infrastructure able to operate without disruption or impairment
Utility Maintaining data & systems in a useful state throughout their lifecycle
Safety Prevention of harm to individuals, assets and the environment
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Cyber Security & Trustworthiness (An Engineers View)
Establishing the Framework – Grouping the subject areas into three Frames:
• Controlling Access & System Operations
• Information Quality, Validity & System Configuration
• Continuity of Operations, Safety of Personnel & Assets
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
PROGRAMMING (An Engineers View)
Based on PAS 754:2014 produced by the Trustworthy Software Initiative (TSI)
Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Source: Jones, C. Software Assessments, Benchmarks, and Best Practices. Reading, MA: Addison
Wesley, 2000
Source: ISO 26262 - Overview
5 Key Messages Accessing & Influencing Automotive Cyber–Physical Engineered Systems
Key Messages: 1 – Increased use of technology and connectedness expands the attack surface
of vehicles. 2 – The use of IP services and technology brings with it all the problems
currently encountered by IP Network owners and operators. 3 – The automobile is a Cyber Physical Engineered System and needs to be
considered accordingly. 4 – Crime and Data Privacy is not the only motivator for attacking a motor
vehicle. 5 – Engineering security and safety practices need to be expanded to cover the
implementation of IP and the expansion towards the totally autonomous vehicle.
Top Related