SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars

1,661
-1

Published on

Connected vehicles are becoming rolling data centers. More attack surfaces expose vehicles to cyber threats that have become common in the IT industry. Connected vehicles will require an end-to-end security architecture spanning from chip level to cloud based security services that protect vehicles over the entire life cycle.

Published in: Automotive, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,661
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
88
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars

  1. 1. Cisco ConfidentialCisco IBSG © 2011 Cisco and/or its affiliates. All rights reserved. Internet Business Solutions Group 1 Andreas Mai Director Smart Connected Vehicles April 2014 Mission Critical: Security
  2. 2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Daily Security IntelligenceDaily Web RequestsDeployed Security DevicesApplications & Micro-Applications 100TB Security Intelligence 1.6M Deployed Devices 13B Web Requests 150,000 Micro- applications 1,000 Applications 93B Daily Email Messages 35% Enterprise Email 5,500 IPS Signatures 150M Deployed Endpoints 3-5 min Updates Security Intelligence Operations: • Broadest Visibility • Global Footprint • Defense in Depth 5B Daily Email Connections 4.5B Daily Email Blocks
  3. 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Threat Operations Center Advanced AlgorithmsCisco SensorBase Global Threat Telemetry Global Threat Telemetry 8:10 GMT All Cisco Customers Protected Bank Branch in Chicago ISP Datacenter in Moscow Ad Agency HQ in London 8:03 GMT IPS Detects Hacker Probing 8:07 GMT Web Security Detects New Botnet 8:00 GMT Email Security Detects Compromised Server OEM ..OEM 2OEM 1 8:03 GMT IPS Detects Hacker Probing 8:07 GMT Web Security Detects New Botnet 8:00 GMT Email Security Detects Compromised Server
  4. 4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Malware Attacks through all Communication Channels Public Clouds Automaker Clouds Private Clouds Enterprise Clouds Roadside Networks V2I Communications Onboard Networks, Devices & Apps Onboard Wi-Fi Hotspot Tethered Smartphone Local / On-board Communications V2V Communications Onboard Diagnostic Interface (OBD II)
  5. 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 8 128 1280 32 1372 CAN CAN Virtual Package Ethernet Security: E.g., AES 128 bit (16 byte) signature Packet Size [Bits] “Free” bytes for user dataRoom for security? 1,500 “160” (Cumbersome) Workaround: • Receiver collects 20 CAN packets into one virtual packet • … but what happens if one packet is missed ? • Every message broadcasted by a single ECU: but what if a rogue ECU is cheating? • 11bit/29bit ‘message-ID’ field, is not verifiable
  6. 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Creates malware on the ADAS Exposes OBU and starts sending many bad packets Sends a super-packet Malware created in car’s communication gateway Enterprise Web OEM Roadside GridHome Audio/ Video DiagnosticsTelematics ADAS …. The car is disabled or destroyed Unauthorized packets are sent OBU
  7. 7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Advanced Vehicle Security System Enterprise Web OEM Roadside GridHome ADASAudio/ Video DiagnosticsTelematics …. Secure Car Gateway (SCG) Security Cloud Vehicle Threat Defense Update Vehicle Misbehavior Detection Vehicle Threat Report 2 1
  8. 8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Vehicle System: • Harden ECUs: HW, OS, App SW, secure BL, incl. chemistry • Validate and protect code integrity • Authenticate messages, KMS • Detect anomalies/ intrusions • Secure OTA S/W update • Protect privileged service mode • Secure App sandbox 1
  9. 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Security Cloud 2 4. Cloud Services: Assist vehicle’s threat defense, update vehicle onboard defense, and remove threats before they reach vehicles Cloud Security 5. Interactions: for security cloud to assist onboard threat defense Threat Related Information Updates & Threat Defense Assistance 6. Remote Mgt. Provisioning, key and credential mgt, remote monitoring, malware removal, … 6. Remote Mgt. 7.Misbehavior Detection Anomalies, Context based defense 7.Misbehavior Detection Local Wireless and Physical Connections Onboard Security Gateway 2. Vehicle Services: Secure vehicle access, secure communications, malware defense, onboard activity monitoring, onboard authentication and key management, … Public Clouds Private Clouds Enterprise Clouds Automaker Clouds Through Security Cloud 3. Secure V2I Communications • IPSE, SSL.,... • Dynamically established at proper protocol layers • Scalable to support 10+ M vehicles Not through Security Cloud Remote Traffic 1. Vehicle System Security In-Vehicle Networks Vehicle ECUs, Sensors, Actuators, Applications 1
  10. 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Build End to End Security Architecture Secure Car Cloud Services Secure Car Gateway Secure Car Network Secure NW Access 3G/ LTE WiFi/ DSRC Security+ On ECU SWCrypto HW Leverage Entire Portfolio to Design Security System Pay now! Car Theft 3G/LTE IVI OBU Service Theft Conduct Threat, Penetration & Vulnerability Analysis Disablement …. ??? RansomeWare
  11. 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 • Some already established security teams … Others are still considering whether it is necessary • Some already delivered security requirements to their Tier1s … Others have not yet written any security requirements • Some are fully aware and actively engaged in security standardization … Others are still hesitant if/how to get involved in Vehicle Security Standards PAY GOV Mandate OEM Required Vehicle Security Standard Tier-1 USP
  12. 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Thank you.

×