Your SlideShare is downloading. ×
0
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Automotive Electronics - Internals and Security Implications

1,666

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,666
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Automotive ElectronicsInternals and Security Implications Aanjhan Ranganathan
  • 2. Some Facts● Radio was the first electronic system● Today, ~40 computers power your car.● ~20 million lines of code.● About 10 Km of wiring exists in a modern auto- mobile● And weighs ~100 Kg 2
  • 3. Drive-by Code Car multimedia Dynamic stability controlAuto-transmission control Instrument cluster Airbag controlEngine management Anti-lock breaking system Tyre pressure monitor Diagnostics Body sensors/electronics 3
  • 4. ECU Module 4
  • 5. Network Bus Protocols● Controller Area Network (CAN)● Local Interconnect Network (LIN)● FlexRay● Media Oriented Systems Transport (MOST) 5
  • 6. Networking in an Auto ABS CM DIAEM Dash BoardDS IC BE Air 6
  • 7. Networking in an Auto EM ABS CM DIA DashHigh Speed Network Low Speed Network BoardDS Air IC BE 7
  • 8. Car ECUs going wireless? EM ABS CM DIA Dash BoardDS Air IC BE 8
  • 9. * Tyre Pressure Monitoring System 315 or 433 MHz ASK or FSK Dash Board* Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study, Rouf et al. Usenix Security 2010. 9
  • 10. * Security Analysis of TPMS ● Difficulty of reverse engineering – Using GNU Radio, Matlab, USRP – Few days (experienced engineer) to few weeks (newbie) ● Sniffing feasibility – 40 m range – 110 sniffers if the car is travelling at 60 Kmph – Easier to trigger at 125 Khz ● Spoofing feasibility – Ability to trigger the TPMS monitor light – No packet authentication ● Security measures – Reliable software design – Encrypting the whole packet* Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study, Rouf et al. Usenix Security 2010. 10
  • 11. Controller Area Network● Developed by Bosch● 2-wire serial bus● No limitations on the #nodes● Message oriented protocol, no node addressing● Broadcast and multicast support● Physical and data link layer● Speed upto 1 Mbps 11
  • 12. CAN Bus Characteristics● Wired-AND – “0” is dominant bit – “1” is recessive bit● All nodes read-back the data on the bus once they have transmitted a bit. Specifically during the arbitration phase. 12
  • 13. CAN – CSMA with CD/CR Arb DataXA 1 0 0 ...B 1 1 1 1 ...C 1 0 1 1 0 ... time 13
  • 14. CAN – Error Handling● Error Handling● Fault confinement● High speed and low speed nodes 14
  • 15. FlexRay● Time based scheduling (TDMA)● Deterministic behaviour● 2 channels● 10 Mbps on each channel => 20 Mbps● Complex protocol stack● Supports multiple network topology● Not YET in use widely 15
  • 16. Local Interconnect Network (LIN)● Slow (<20 Kbps) and used for less critical ECUs● UART/SCI based● Master – slave● Less expensive than CAN controllers● 1-wire, reduced harness complexity 16
  • 17. Media Oriented System Transport (MOST)● Physical layer – Mostly optical fibres● Upto 24 Mbps● Ring, star, daisy chain topologies possible● Audio, video streaming applications 17
  • 18. Car Multimedia● No longer just radio● Navigation, phone handling, video, audio, interactive vehicle status updates and a lot more 18
  • 19. Car Multimedia (contd..) 19
  • 20. In Summary 20
  • 21. Diagnostics● Identifying faults● OBD II (On-Board Diagnostics v2.0 is the current standard)● Over CAN● Simple OBD-II scanners to high-end OBD-II diagnostic tools 21
  • 22. OBD II Systems 22
  • 23. Other Interfaces to OBDII 23
  • 24. Mobile ApplicationsDevToaster Torque 24
  • 25. 1 Security Challenges in CAN ● No security i.e. encryption/decryption defined ● Broadcast nature ● No node authentication ● Limited defense to denial of service attacks ● Re-programing and reset (C/R based auth) ● Open diagnostic control[1] Experimental Security Analysis of a Modern Automobile, Koscher et al. IEEE Security and Privacy 10 25
  • 26. 1 Security Analysis Setup CarShark[1] Experimental Security Analysis of a Modern Automobile, Koscher et al. IEEE Security and Privacy 10 26
  • 27. 1 Security Analysis ● Deviations from standards – Network segregation, command filtering, firmware updates ● Radio, cluster, body electronics control ● Engine and brake control ● Code injection[1] Experimental Security Analysis of a Modern Automobile, Koscher et al. IEEE Security and Privacy 10 27
  • 28. 1 Security Analysis[1] Experimental Security Analysis of a Modern Automobile, Koscher et al. IEEE Security and Privacy 10 28
  • 29. 1 Security Analysis[1] Experimental Security Analysis of a Modern Automobile, Koscher et al. IEEE Security and Privacy 10 29
  • 30. Manufacturers Point of View“While we sincerely respect the opinions of the researchers, we alsostrongly believe their study makes conclusions which are based onlimited knowledge, and in some cases, are incorrect.” Schader Electronics "The car described in the US paper certainly was not one of ours. We definitely use better than 16 bit encryption schemes." BMW"This gives any attacker an advantage and raises the need for asolution which can uphold its level of security for such a long periodwhile new attacks are being developed" Secunet AG "This problem lies within the responsibility of the OEMs" Autosar 30
  • 31. Conclusion● Moores law shall be applicable to automobiles.● Not many care for privacy/vehicle tracking. Not necessary to be so sophisticated for this.● Security is a concern. Especially when it comes to losing your car/wallet.● Considerable change in infrastructure required.● Security issues bound to increase with increasing electronics and code. 31
  • 32. Thank You 32

×