Talk at Connected Vehicle Trade Association, 2016

1. TheConnectedcarandSecurity
2016Alan Tatourian
Security Architect, Advanced Driving Technologies, Intel
Founding Member, Automotive Security Review Board (ASRB)
Member, SAE VESS, TCG, and NIST Cyber-Physical Systems Groups
alan.tatourian@intel.com
October 6, 2016
7th Summit on the
Future of the Connected Vehicle

2. 2
Vehicle Architecture Today and Tomorrow
CAN
Gateway
CAN FlexRay . . . . . .
Gateway
EthernetEthernet Ethernet Ethernet Ethernet
Vehicle Connectivity
Vehicle Automation
Data Analytics
Limited but Expanding
(Telematics, Infotainment)
Developing/Immature
(Partial/Semi-Autonomous)
Focus on Vehicle
Performance/Location
Fully Connected Environment
(V2V, V2I, V2X)
Pervasive/Highly Developed
Focus on Consumer
Experience/Personal Data
Current State
Low Complexity
Future State
High Complexity
Risk is increasing and will continue to grow
Where we are Where we are heading
Image credit: Volvo
Image credit: Volvo

3. 3
Connected, Autonomous Car
Cloud Services
Sensing
Planning
Radar, LIDAR Vehicle Platform Navigation
Error
Management
Visualization
Situation AnalysisSituation Awareness
Vision FusionCameras, LIDAR, Radar
…
Data Fusion
LoggingVehicle Control
Localization
Automotive Bus
Traffic Maps
Distributed Services
Source: RTI

4. 4
External Vehicle Connections
V2V
Radio Data
System (RDS)
Mobile
Devices
Electric
Chargers
External systems and
networks support new
services and interactions
… and increase risk.
Ad-Hock
Network
Trusted Network
(e.g. Repair Shop)
Internet
Backbone
Automotive
Company
Application
Center
Local ServiceAP
Untrusted
Network
Local
Service
Open AP
Road Side
Unit (RSU)
3rd Party
Application
Center
ISP
BS
BS
ISP
ISP
Uni-directional Communication
Bi-directional Communication
Access Point (AP)
GPS
4

5. 5
Automotive Security Research
2006 2020
Today
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Security threats to automotive CAN networks —
Practical examples and selected short-term
countermeasures
2008
Comprehensive Experimental
Analyses of Automotive Attack
Surfaces
2011
Script Your Car!
Using existing hardware platforms to
integrate python into your dashboard
2013
A Survey of Remote Automotive
Attack Surfaces
2014
Remote Exploitation of an
Unaltered Passenger Vehicle
2015
CAN Message Injection
2016
State of the Art: Embedding Security in Vehicles
2006
2017 2018 2019

6. 6
What does Security Mean?
Security covers all the processes and mechanisms by which digital equipment, information and services are protected
from unintended or unauthorized access, change or destruction.
 Wikipedia
Existing Definition, also used by NIST
1999 National Academies study “Trust in Cyberspace”
Security research during the past few decades has been based on formal policy models that focus on protecting
information from unauthorized access by specifying which users should have access to data or other system objects. It is
time to challenge this paradigm of “absolute security” and move toward a model built on three axioms of insecurity:
1. insecurity exists;
2. insecurity cannot be destroyed; and
3. insecurity can be moved around’.

7. 7
Response from the Industry
2. SAE J3061 – Cybersecurity Guidebook for Cyber-Physical
Vehicle Systems
a) Enumerate all attack surfaces and conduct threat analysis
b) Reduce Attack Surface
c) Harden hardware and software
d) Security Testing (Penetration, fuzzing, etc.)
1. SAE J3101 – Hardware-Protected Security for Ground
Vehicle Applications
a) Secure Boot
b) Secure Storage
c) Secure Execution Environment
d) Other hardware capabilities…
e) OTA, authentication, detection, recovery mechanisms…

8. 8
V2X
antenn
a
Mobile Devices
ISP
BS
BS
GPS
Electric Chargers
Occupant safety
Surround sensors
Brake control system
Electric power steering
CAN bus
Fast cryptographic performance
Device identification
Isolated execution
(Message) Authentication
Hardware security services that can be used by applications
Platform boot integrity and Chain of Trust
Secure Storage (keys and data)
Secure Communication
Secure Debug
Tamper detection and protection from side channel attacks
Hardware security building blocks
Over-the Air Updates
IDPS / Anomaly Detection
Network enforcement
Certificate Management Services
Antimalware and remote monitoring
Biometrics
Software and Services
Security features in the silicon, for example Memory Scrambling,
Execution Prevention, etc.
Defense in Depth
HardwareRootofTrust
Analog security monitoring under the CPU
Defense in Depth

9. 9
Hardware Security Building Blocks
1. Verified boot
2. Secure Storage (encrypted flash)
3. Trusted Execution Environment (HSM)
4. Cryptographic Acceleration
5. Key Generation
6. Secure Clock
7. Monotonic Counters
8. True RNG
9. Unique device id
10. Secure Debug
11. Physical Tamper Detection and protection against side-channel attacks
Platform boot integrity and Chain of Trust
Secure Storage (keys and data)
Secure Communication
Secure Debug
Tamper detection and protection from side channel attacks
Hardware security building blocks
Defense in Depth
HardwareRootofTrust

10. 10
Software Security Services
Basic Cryptography Key Management Miscellaneous
Hash
 SHA2, SHA3
Key Derivation Function (KDF)
 NIST 800-108
Compression/Decompressi
on
Message Authentication Code (CMAC, HMAC)
 Generation
 Verification
Secure Key and Certificate Storage
 Access Management
 Import/Export Services
 Generation
 Update
Checksum
Signatures
 Generation
 Verification
Key exchange protocols
Random Number Generation
Encryption/Decryption
 Symmetric (CBC, CTR)
 Asymmetric
 ECC (25519, P-256, P-384, P-512, Brainpool)
Secure Clock
 Time stamping
 Validity check for key data
Fast cryptographic performance
Device identification
Isolated execution
(Message) Authentication
Hardware security services that can be used by applications
Defense in Depth
HardwareRootofTrust

11. 11
Evolution of Technology and Security Solutions
1. Interactive computing.
2. Time sharing.
3. User authentication.
4. File sharing via
hierarchical file systems.
5. Prototypes of ‘computer
utilities’.
Emerging
concerns
1. Access controls
2. Passwords
3. Supervisor state
Security
Technologies
1960s
1. Packet networks
(ARPANET)
2. Local networks (LANs)
3. Communication secrecy
and authentication
4. Object-oriented design
5. Multilevel security
6. Mathematical models of
security
7. Provably secure systems
1. Public key cryptography
2. Cryptographic protocols
3. Cryptographic hashes
4. Security verification
1. Adoption of TCP/IP
protocols for the
Internet
2. Exponential growth of
Internet
3. Proliferation of PCs and
workstations
4. Client-server model for
network services
5. Viruses, worms, Trojans,
and other forms of
malware
6. Buffer overflow attacks
1. Malware detection
(antivirus)
2. Intrusion detection
3. Firewalls
1. World Wide Web
2. Browsers
3. Commercial
transactions
4. Data repositories and
breaches
5. Portable apps and
scripts
6. Internet fraud
7. Web-based attacks
8. Social engineering and
phishing attacks
9. Peer-to-peer (P2P)
Networks
1. Virtual private networks
(VPNs)
2. Public-key
infrastructure (PKI)
3. Secure web connections
(SSL/TLS)
4. Biometrics
5. 2-factor authentication
6. Confinement (virtual
machines, sandboxes)
1. Botnets
2. Denial-of-service attacks
3. Wireless networks
4. Cloud platforms
5. Massive data breaches
6. Ransomware
7. Malicious adware
8. Internet of things
9. Surveillance
10. Cyber warfare
1. Secure coding and
development processes
2. Threat intelligence and
sharing
3. Adware blocking
4. Denial-of-service
mitigation
5. WiFi security
1970s 1980s 1990s 2000s

12. 12
The Evolution of Malware
1980 1985 1990 1995 2000 2005
Source: escrypt
Increasing digitalization and
digital integration
Security
Escalation:
Hypothetical vulnerabilities
identified
Security threats become
relevant in practice
Regular security breaches
with severe damages
Auto
ICS
Mobile Phones
PC
Servers
ICS-CERT
(2008)
20152010 2020
???
CAESS
(2010)
GSM Interface
Exploit (2015)
Stuxnet and Duqu
(2010/11)
German Steel
Plant (2014)
AS/1 Card
Cracking (2009)
IMSI Catcher, NSA
iBanking (2014)
Cabir, Premium
SMS Fraud (2008)
DOS via SMS
DoCaMo (2008)
I Love You
(2010)
Heart Bleed
(2014)
Sasser
(2004)
Melissa
(1999)
Michelangelo
(1992)
Leandro
(1993)
Brain
(1986)
F. Cohen
(1981)
Confliker
(2008)
NSA, PRISM Reign
(2014)
SQL Slammer
(2003)
Code Red
(2001)
Morris Worm
(1988)
Tribe Flood DDOS
(1998)
CCC BTX Hack
(1984)
Creeper
(1971)

13. 13
Need for new Thinking about Security
Every 30 years there is a new wave of things that computers do. Around 1950 they began to model events in the world (simulation), and around 1980 to
connect people (communication). Since 2010 they have begun to engage with the physical world in a non-trivial way (embodiment – giving them bodies).
Butler Lampson, Microsoft Research
Emerging
concerns
Security
Technologies
Attacks against Cyber-Physical Systems (CPS):
1. Autonomous vehicles
2. Smart communities
3. Aviation and transportation
4. Robots
5. Drones
6. Infrastructure
1. Self-adaptive Systems which can evaluate and modify
their own behavior to improve efficiency, and which
can self-heal.
2. Multi-agent Systems, a loosely coupled network of
software agents that interact to solve problems, are
resilient and partition tolerant.
3. Artificial Intelligence (Genetic Algorithms)
2010/2020s

14. 14
Summary
1. Absolutely secure systems are impossible, with enough money and commitment
any system can be broken
2. Assume your system is compromised and build it so that it can recover

15. 15
Thank you!
15
Alan Tatourian
Security Architect, Advanced Driving Technologies, Intel
Founding Member, Automotive Security Review Board (ASRB)
Member, SAE VESS, TCG, and NIST Cyber-Physical Systems Groups
alan.tatourian@intel.com