SlideShare a Scribd company logo
1 of 46
Download to read offline
Presented by :
AUTOMOTIVE
CYBER SECURITY
1
Table of contents
• Automotive Evolution
• Security challenges for connected cars
• Classification of Attackers in the automotive
• Classification of vehicular attacks
• Secure Component Identification
• Vehicular Software Protection
– Secure Software Initialization
– Software Security Architectures
– Secure Software Updates
• Secure Vehicular Communication
2
Phases of Automotive Evolution
3
Innovation in Automotive
Advance drive
assistant system
(ADAS)
Smart lighting
control.
Adaptive cruise
control
Collision
avoidance
Parking assist.
Smart transportation
Traffic
congestion.
Vehicle-to-
infrastructure and
vehicle-to-vehicle
communication.
Traffic line
control.
Advance flee
management
Usage and
behaviour
monitoring
Real-time
telemetric
Package
tracking
Autonomous
driving
Decisive goal is
to made
driverless cars
with zero
fatalities or
collisions.
4
5
With cars incorporating up to 100 ECUs, approaching the upper boundaries of the
wiring harness, So the industry is moving towards
greater integration,
virtualization,
reducing the total number of ECUs,
increasing the number of functions,
Increasing complexity of the software.
6
All these electronic functions bring great benefits to
the driver, increasing comfort, convenience, safety
and efficiency.
Wireless interfaces connect the in-vehicle systems of
these ‘Connected Cars’ to external networks
e.g. internet, enhancing consumer experience
by enabling new features and services.
Connectivity also makes the Connected Car
vulnerable to hackers who attack the vehicle
by seeking and exploiting weaknesses in its
computer systems or networks.
Security challenges for Automotive
New Features
ECall systems bring rapid assistance to
motorists involved in a collision
Car owners may want to chip-tune their
engine, to increase performance of the
engine.
The OBD-II port offers diagnostic and
reporting capabilities.
Autonomous Emergency Braking systems
Car sharing systems allow access to a
vehicle via a smart card or mobile device.
Automated Vehicle Identification allows
the car to identify itself for seamless
access to a parking or a toll road.
If not protected well, a thief might be able to abuse
this system to gain access to the vehicle.
Attackers may use it to gain access to the in-vehicle
network, potentially even remotely.
When not protected, hackers could steal for
example personal data including payment details.
You don’t want third parties to get access to this
personal data.
it should not be possible for hackers to activate this
system by sending fake V2X messages to a vehicle
Threats
OEMs may want to protect against such
manipulation by the vehicle owner.
Attacker 1
Internal
Class 1
Attacker 2
Internal
Class 2
Attacker 3
Internal
Class3
Attacker E0
External
Class 0
Exemplary
attackers
Driver,
Owner
Motor mechanics,
Backyard garage
Organized crime,
Rival, academia
Thief, V2I or V2V
mischief
Physical
Access
Limited to resp.
skills
Extensive, but not
unlimited
Virtually unlimited None or only very
limited
Technical
Resources
Generally low Medium to high Very high Varies, usually low
to medium
Knowledge
Resources
Generally low Medium to high Very high Varies, but can be
high
Financial
Resources
low Medium Very high Generally low
Reliable
Protection
Mostly feasible Varies, but still
feasible
Only by econ. Mostly feasible
Potential attackers in the automotive domain classified according to their access perimeter,
technical and knowledge resources
9
According to access perimeter of attacker, vehicular attacks
can be classified in:-
1.logical attacks: Attacks via logical interface and external communication,
include active as well as passive encroachments.
2.Physical attacks: By direct attacking the hardware to-
1. Access internal secrets (Crpt. Key).
2. Disable (physically) security
measures.
3. Introduce physical signals to do
enable further attacks.
Logical Attacks
Cryptographic Attacks : Tried
to break the security of IT
systems while exploiting
potential conceptual
weaknesses or while just
“brute forcing” the
underlying cryptography of
cryptographic algorithms or
(cryptographic) protocols.
Software Attacks : Software
attacks particularly exploit flaws
and vulnerabilities in design or
implementation3 such as:
1. Integer
2. Heap or buffer overflows
3. Race conditions or infinite
loops
4. Corrupting input and output
data
5. Dependency corruption
6. Resources exhaustion
7. Enforcing restarts or resets.
Communication attacks:
These Attacks on vehicular
communication are probably
the primary challenge for the
most future VC-based
applications. Comprise active
and passive attacks on all
communication channels
accessible by the respective
attacker.
11
Physical Attacks
Monitoring and side channel attack :Mean the passive, noninvasive interception
and examination of all channels susceptible to the attacker that allow him to breach
the security of the respective device
Denial of Service Attacks : Physical denial of service attacks refer to active, invasive
and non-invasive attacks on the physical availability while preventing or
considerably delaying access to critical resources, communication, or functionality.
Fault attacks or perturbation attacks are active, non-invasive attacks that expose
the respective attack target to an anomalous operating environment to induce
faults that could disrupt or modify the execution of some critical instructions.
Penetration Attacks : Penetration attacks are active, invasive attacks that intercept
internal communications, readout internal memories, or monitor any internal
processing behavior to discover internal structures, secrets, and functionality.
Modification Attacks Communication attacks
Secure Component Identification
Cryptographic
Component Identification
Physically Unclonable
Functions
Wireless or
Wired
Communicatio
n Module
Cryptographic Component Identification
Abstract view of a vehicle in a
(Secure vehicular
communication system)
Central Processing Module
Credentials and
Cryptographic
keys
Unique Identity
Vehicle Component
Credential
Certificate
Cryptographic Component Identification (Procedure)
Secret Vehicle Key
Central Processing Module
Vehicle Component
Credential Certificate
(Cryptographic TAG)
Certification Check
during component
Installation
Secret Vehicle Key
Central Processing Module Vehicle Component
Credential Certificate
(Cryptographic TAG)
Secret Vehicle Key
Central Processing Module
Vehicle Component
Credential Certificate
(Cryptographic TAG)Security Key to signal
component legitimacy
Successful Certification
check
Phase Component
Installation
Vehicle Operation Component
Removal
Procedure Verification of the Establishment of the Check for the Deletion of the
Component Identification using (PUF)
PUF is a function that maps a set of challenges to a set of
responses based on an intractably complex physical
system.
Due to smallest individual physical differences of every physical device,
even identical circuits based on identical layouts provide a very individual
and unpredictable response for the same challenge.
Process for generation of Cryptographic key Using (PUF)
In initialization step,
1. An output is generated from the PUF circuit
2. The error correcting syndrome for that output is computed and saved
for later.
3. syndrome and this bit vector are public information and can be stored
anywhere (on-chip, off-chip, or remotely on a server).
Key Regeneration Steps using
PUF:
1. The PUF first produces an output from
the circuit.
2. the PUF uses the syndrome from the
initialization step to correct any changes in
the circuit output.
3. The output of the error correcting code
(ECC) can be simply hashed down to a
desired length and used as a cryptographic
key.
Vehicular
Software
Protection
Secure
Software
Initialization
Secure
Software
Updates
Software
Security
Architectures
1. Integrity.
2. Simple, Fast.
3. Protected
Reference.
1. Integrity.
2. Authenticity.
3. Simple, Fast.
4. Shared Secret.
1. Integrity.
2. Authenticity.
3. Non-repudiation.
4. Adequate
security.
5. Quite slow &
complex.
1. Authenticity.
2. Integrity.
3. Non-repudiation.
4. Freshness
5. Maximum
Security.
6. Most costly and
inflexible
MAC
Digital
signature
Physical
protection
Secure Software Initialization methods
non-repudiation Authenticity
unauthorized
modifications are
detectable
unauthorized
modifications are
infeasible
Hash function
Secure Software Initialization Characteristics
• A hash function is a mathematical, efficiently computable function that
has fixed size output:
– E.g., H : {0,1}*  {0,1}160
– Input is called “message”, output is “digest”
Hash
function
MAC
Digital
signature
Physical
protection
Cryptographic Hash Functions & properties
Name
Digest length
Basic unit of
processing
Number of
steps
Maximum
message size
MD5
128 bits
512 bits
64 (4 rounds
of 16)
infinity
SHA-1
160 bits
512 bits
80 (4 rounds
of 20)
2^64-1 bits
RIPEMD-
160
160 bits
512 bits
160 (5 [paired
rounds of 16)
infinity
Deterministic
Quick to
compute the
hash value
Infeasible to
generate a
message from
its hash value
Small change to
a message
should change
the hash value
Infeasible to find
two different
messages with
the same hash
value
Message Digest 5 (MD5)
Variable length message Divided in 512 Blocks
16 *32 bit words
Padding
Original Message 1 0 0 0 0
64 bit represent length of
the message
4. Input message is "padded" (extended)
its length (in bits) equals to 448 mod 512.
2. At least one bit and at most 512
bits are appended.
1. A single "1" bit is
appended to the
message.
3. Last 64 bit represent
length of the message
MD5 consists of 64 of these operations,
grouped in four rounds of 16 operations.
F is a nonlinear function; one function is
used in each round.
Mi denotes a 32-bit block of the message
input, and Ki denotes a 32-bit constant,
different for each operation.
“S” denotes a left bit rotation by s places,
“S” varies for each operation. denotes
addition modulo 232.
denotes addition modulo 232.
64 bit
128 bit
MD5 Algorithm
Hash
function MAC Digital
signature
Physical
protection
Definition MAC defined over (K, M, T) is a pair of algorithms (E, D):E(k, m):
returns a message authentication code t which belongs to a set T
D(k, m, t): returns a value true or false depending on the correctness of
the received authentication code
Where :
M is a set of all possible messages m,
K is a set of all possible keys k,
T is a set of all possible authentication codes t
The following Block diagram
present RCBC MAC algorithm
Hash
function MAC
Digital
signature
Physical
protection
• Used to provide
– Data integrity
– Message authentication
– Non-repudiation
RSA (Digital signature algorithm )
• Developed in 1978 by Rivest, Shamir and
Adleman (RSA)
• Most popular public key cryptosystem
• Based on the hard problem of “integer
factorization”
Key-Generation for RSA(1)
1. Generate two large random distinct primes
p and q, each roughly the same size
2. Compute n = pq and
3. Select random integer e:
2. Compute unique integer d:
2. Public key is (n, e); Private key is d.
( ) ( 1)( 1)n p qφ = − −
1 , such that gcd( , ) 1e eφ φ< < =
1 , such that 1modd edφ φ< < =
Alice p=5 q=7 n = 35
φ(n) = 4*6=24
e = 5; d: ed = 5d =1 mod 24 ;
=> d = 5
Public key: (n=35, e=5)
Private key: d=5
M = [0, n-1] For all m Є M
R(m)=m m = 26; R(m) = 26
s = 265 mod 35 = 31
message
Signing
algorithm
message signature
Signer’s private key
Unsecured channel
Signer
Signature
verification
algorithm
Signer’s public key
Verifier
Ok / not Ok
28
Hardware-protected
software initialization
enforces:
1. Integrity,
2. Authenticity,
3. Non-repudiation.
Tamper-
Evidence
Tamper-Resistance
Tamper-Detection
Tamper-
Response
Physical Protection
or Tamper
protection
Hash
function
MAC
Digital
signature
Physical
protection
Varifiable Initialization (TCG)
 Trusted Computing Group : An organization formed to develop, define,
and promote open standards for hardware-enabled trusted computing
and security technologies, including hardware building blocks and software
interfaces, across multiple platforms, peripherals, and devices.
Most Important Components of TCG is:
1. Trusted Platform Module (TPM).
2. Core Root of Trust for Measurement (CRTM), a kind of (protected pre-BIOS (Basic I/O System).
3. Trust Software Stack (TSS), which is the software interface to provide TC functionalities to the
Operating system.
TPM (Trusted Platform Module): a
tamper-resistant hardware
module mounted in a platform.
Responsible for: measurement,
root of trust, storage, reporting
and policy enforcement, No direct
memory access, Protected TPM chip
3030
Execution
Engine (8-
Bit/16 Bit uC)
I/O
(33MHz LPC
bus)
Volatile
Memory
PCR
(>=16 *160 Bit)
RAM (~8kB,
secure execution)
Non-volatile
Memory
ROM (~64Kb,
Firmware,
certificate)
EEPROM
(~16kB,Owner secret,
user data, SRK, EK,
counters)
Monotonic
Counters (>=
4*32 Bit)
Tampering
Sensors (U, f,
Shield, reset)
Asymmetric
Key Generation
Asymmetric
Crypto Engine
(RSA >= 2048 Bit)
TRNG (>=256
Bit per call)
Hash Engine
(SHA-1, HMAC)
Internal Structure of a Trusted Platform Module (TPM) according to the recent TCG specification
The Core Root of Trust for Measurement (CRTM)
• The CRTM is the first piece of code that executes on a platform at boot time. (I.e. Bios
or Bios BootBlock in an IA-32 platform)
• It must be trusted to properly report to the TPM what software executes after it.
• Only authorized entities must be able to reflash the CRTM… (those that vouch for its
behavior)
The Authenticated boot process
CRTM and TPM
during the boot
process
Trusted Software Stack 32
•TSS enables application development and
interoperability
– Supply one entry point for applications to the
TPM
functionality
– Provides synchronized access to the TPM
– Hide building command streams with
appropriate
byte ordering and alignment from applications
– Manage TPM resources
• Several implementations available
– IBM
– Infineon
– NTRU
– Open Source (TrouSerS)
Application
CSP
Cryptographic API
TSS Service Services
TSS SPI
TPM Devices Driver
TSS Core Services
TSS CSI
TPM Device Driver Library
TPM DDLI
Vehicular
Software
Protection
Secure
Software
Initialization
Secure
Software
Updates
Software
Security
Architectures
Software Security Architecture
• Enables a single computing
device to securely run
multiple process in parallel
by sharing of resources.
• Provide runtime isolation.
• Subsystem, components
can communicate only via
strictly controlled
communication channel.
• Different types of security
architectures are:
1. Virtualized security
architecture.
2. Hardware isolated
architecture.
3. Monolithic security
architecture.
34
Virtualized Security Architecture
• A small security kernel act as control instance between vehicular
hardware and actual application.
• Kernel provides strong separation of resources and implements
elementary security mechanisms.
35
Virtualized vehicular security architecture
Security Software layer
Application Layer
Separation layer
Hardware layer
36
Security Software layer
Hardware layer
• Conventional hardware and dedicated cryptographic microchip
securely attached to the vehicular hardware.
• It provides fundamental security-critical functions:
1. Cryptographic operation (encryption, decryption or hashing).
2. Secure timing.
3. Secure random number generation.
•During start-up, this layer could enable the verifiable or secure
initialization by cryptography the corresponding boot strapping
process.
• Provide Strong isolation between applications, components or
subsystems.
•Communication will be only via strictly controlled communication
channel.
•Appropriate resources management interface and enforce effective
access control policy.
37
Application Layer
Separation layer
•Provide security functionalities on more abstract level.
•It uses the functionality offered by separation layer.
•Provide elementary security mechanism such as secure
storage or secure communication.
•Multiple legacy operating systems can be executed concurrently,
but strongly isolated.
•Communication between applications as well as potential I/O are
depends on the conditions of the effective security policy enforced
by the underlying kernel.
•Provides all services and application that are not security critical.
Hardware isolated architecture.
• Relay on particular hardware isolation mechanism such as ARM trust zone
Technology.
• In this architecture additional hardware mechanism built in, it virtually provide
additional secure execution environment.
38
• Processor can switch from the legacy
environment (non secure world) to a
virtual security environment (secure
world), each world operates
independently.
• Communication between two world
only possible by calling a privileged
instruction from the non-secure
kernel.
Hardware isolated vehicular security architecture by ARM TrustZone Technology
Monolithic Security Architecture.
• Its for isolated security applications,
employ hardware dedicatedly.
• The security kernel only provides
only basic resources management
services.
• Monolithic applications that
themselves include all necessary
resource management and security
mechanism could even completely
omit a separate security kernel,
running on top of the monolithic
application.
39
Dedicated monolithic vehicular security architecture
Vehicular
Software
Protection
Secure
Software
Initialization
Secure
Software
Updates
Software
Security
Architectures
41
Software updates in automotive
Essential for vehicle OEMs:
• To manage the software efficiently over the lifecycle of the vehicle.
• To provide improvements in performance.
• To deliver corrections to faulty software that endanger lives or the
environment.
42
OEMs is using Software OTA for software updates because:
1. Saves on recall caused by software bugs.
2. Implement into vehicle’s network with as little changes as possible.
3. Cost reduction as compared to manually recall and updating.
Challenges in OTA software update:
1. Cloud connection are active all the time
and thus OTA interfaces are potentially
accessible for hackers.
2. Provide doors for attacks to permanent
endanger the operation of vehicles like
functional changes, tuning, Trojans.
3. Potential to attack vehicles is threatening
Tier1s, OEMs and politicians.
Evolutionary Software OTA Flow (Software Development to Vehicle Reboot)
43
Release
new
software
version
Formatting
for update
handling
Service pack at
OEM’s update server
Transport
Via
INTERNET
Over The Air – Telematics unit TCU › Receive
and decrypt from secure wireless protocol
Download service pack ›
Check OEM authenticity ›
Setup encryption services ›
Stored in vehicles central storage ›
Verify data ›
Unpack for ECUs
Updating the vehicle i.e. using UDS ›
Start UDS programming session ›
Send service packs to ECUs in blocks using
UDS protocol.
Update inside ECUs:
Secure Flash Bootloader and HSM ›
Erase Flash ›
Decrypt and unzip blocks (E2E protection) ›
Write new code into Flash ›
Update and verify signatures (HASH)
Reboot the vehicle with new SW versions ›
Exit update mode ›
Restart all ECUs within the car.
Safety responsibility:
-Vehicle protection and
safety responsibility.
-ECU-IP protection and
safety responsibility.
-Secure update service.
-Secure Flash Boot Loader.
Secure Software update based on Digital Signature
44
Software Development
Digital Signature
Program code
OEM Trust Centre
Signature
PC
Secret Key
Flash Tool
OEM
Certificate
ECU
Security
Module
Public
Key
OEM’s DATABASE
Steps for secure software update by means of digital signature:
1. Software development.
2. Software is signed at the OEM’s trust, it is protected
environment, employs the OEM’s secret key to authenticate
authorized software by creating digital signature.
3. Signature is append to the software.
4. Signature and software stored in the OEM’s
database for distribution.
5. Now signed software can
be loaded into the
prospective flashing tool.
Flashing tool itself can be
authenticate.
6. ECU can verify the loaded
software for integrity and
authenticity by verifying
signature.
Certificate
Validation of vehicle
configuration
Secure Software update based on Trusted Computing
45
Certificate
Generation
And asymmetric key
Current vehicle
hardware and
software
configuration
Vehicle User Content Provider
Content Binding
Bound & encrypted content
Private Key
Public Key
Uses public key to
establish trusted
channel
Trusted channel
configuration
Yes
Decryption and
installation
46

More Related Content

What's hot

Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
 
Dynamic source routing
Dynamic source routingDynamic source routing
Dynamic source routingAshraf Uddin
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Connected car in the cloud
Connected car in the cloudConnected car in the cloud
Connected car in the cloudRajesh kumar saw
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdriveaccenture
 
Chapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificChapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificMoe Moe Myint
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
UPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLES
UPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLESUPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLES
UPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLESiQHub
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network securityAnkit Anand
 

What's hot (20)

It6601 mobile computing unit 5
It6601 mobile computing unit 5It6601 mobile computing unit 5
It6601 mobile computing unit 5
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCL
 
Dynamic source routing
Dynamic source routingDynamic source routing
Dynamic source routing
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPT
 
Connected car in the cloud
Connected car in the cloudConnected car in the cloud
Connected car in the cloud
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdrive
 
Wlan architecture
Wlan architectureWlan architecture
Wlan architecture
 
Chapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificChapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain Specific
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car Security
 
Internet of vehicles
Internet of vehiclesInternet of vehicles
Internet of vehicles
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
The information security audit
The information security auditThe information security audit
The information security audit
 
Unit 2
Unit 2Unit 2
Unit 2
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
UPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLES
UPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLESUPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLES
UPCOMING REGULATIONS AND SAFETY STANDARDS FOR AUTONOMOUS VEHICLES
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
GSM Protocol Stack and Frame Formating
GSM Protocol Stack and Frame FormatingGSM Protocol Stack and Frame Formating
GSM Protocol Stack and Frame Formating
 

Similar to Cyber securityppt

Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWKapil Kanugo
 
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and RemediesConnected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and RemediesMadhur Gupta
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint SecurityBurak DAYIOGLU
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.comNeriVanOtten1
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Survey on Security Aspects Related to DOIP
Survey on Security Aspects Related to DOIPSurvey on Security Aspects Related to DOIP
Survey on Security Aspects Related to DOIPIRJET Journal
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.pptwebhostingguy
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?Alan Tatourian
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 

Similar to Cyber securityppt (20)

Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOW
 
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and RemediesConnected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Netdefender
NetdefenderNetdefender
Netdefender
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Network security
Network securityNetwork security
Network security
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.com
 
Net Defender
Net DefenderNet Defender
Net Defender
 
Day4
Day4Day4
Day4
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Survey on Security Aspects Related to DOIP
Survey on Security Aspects Related to DOIPSurvey on Security Aspects Related to DOIP
Survey on Security Aspects Related to DOIP
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 

Recently uploaded

What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphNetziValdelomar1
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxDr. Asif Anas
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsEugene Lysak
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxSaurabhParmar42
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17Celine George
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a Paragraph
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptx
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George Wells
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptx
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 

Cyber securityppt

  • 2. Table of contents • Automotive Evolution • Security challenges for connected cars • Classification of Attackers in the automotive • Classification of vehicular attacks • Secure Component Identification • Vehicular Software Protection – Secure Software Initialization – Software Security Architectures – Secure Software Updates • Secure Vehicular Communication 2
  • 3. Phases of Automotive Evolution 3
  • 4. Innovation in Automotive Advance drive assistant system (ADAS) Smart lighting control. Adaptive cruise control Collision avoidance Parking assist. Smart transportation Traffic congestion. Vehicle-to- infrastructure and vehicle-to-vehicle communication. Traffic line control. Advance flee management Usage and behaviour monitoring Real-time telemetric Package tracking Autonomous driving Decisive goal is to made driverless cars with zero fatalities or collisions. 4
  • 5. 5 With cars incorporating up to 100 ECUs, approaching the upper boundaries of the wiring harness, So the industry is moving towards greater integration, virtualization, reducing the total number of ECUs, increasing the number of functions, Increasing complexity of the software.
  • 6. 6 All these electronic functions bring great benefits to the driver, increasing comfort, convenience, safety and efficiency. Wireless interfaces connect the in-vehicle systems of these ‘Connected Cars’ to external networks e.g. internet, enhancing consumer experience by enabling new features and services. Connectivity also makes the Connected Car vulnerable to hackers who attack the vehicle by seeking and exploiting weaknesses in its computer systems or networks.
  • 7. Security challenges for Automotive New Features ECall systems bring rapid assistance to motorists involved in a collision Car owners may want to chip-tune their engine, to increase performance of the engine. The OBD-II port offers diagnostic and reporting capabilities. Autonomous Emergency Braking systems Car sharing systems allow access to a vehicle via a smart card or mobile device. Automated Vehicle Identification allows the car to identify itself for seamless access to a parking or a toll road. If not protected well, a thief might be able to abuse this system to gain access to the vehicle. Attackers may use it to gain access to the in-vehicle network, potentially even remotely. When not protected, hackers could steal for example personal data including payment details. You don’t want third parties to get access to this personal data. it should not be possible for hackers to activate this system by sending fake V2X messages to a vehicle Threats OEMs may want to protect against such manipulation by the vehicle owner.
  • 8. Attacker 1 Internal Class 1 Attacker 2 Internal Class 2 Attacker 3 Internal Class3 Attacker E0 External Class 0 Exemplary attackers Driver, Owner Motor mechanics, Backyard garage Organized crime, Rival, academia Thief, V2I or V2V mischief Physical Access Limited to resp. skills Extensive, but not unlimited Virtually unlimited None or only very limited Technical Resources Generally low Medium to high Very high Varies, usually low to medium Knowledge Resources Generally low Medium to high Very high Varies, but can be high Financial Resources low Medium Very high Generally low Reliable Protection Mostly feasible Varies, but still feasible Only by econ. Mostly feasible Potential attackers in the automotive domain classified according to their access perimeter, technical and knowledge resources
  • 9. 9 According to access perimeter of attacker, vehicular attacks can be classified in:- 1.logical attacks: Attacks via logical interface and external communication, include active as well as passive encroachments. 2.Physical attacks: By direct attacking the hardware to- 1. Access internal secrets (Crpt. Key). 2. Disable (physically) security measures. 3. Introduce physical signals to do enable further attacks.
  • 10. Logical Attacks Cryptographic Attacks : Tried to break the security of IT systems while exploiting potential conceptual weaknesses or while just “brute forcing” the underlying cryptography of cryptographic algorithms or (cryptographic) protocols. Software Attacks : Software attacks particularly exploit flaws and vulnerabilities in design or implementation3 such as: 1. Integer 2. Heap or buffer overflows 3. Race conditions or infinite loops 4. Corrupting input and output data 5. Dependency corruption 6. Resources exhaustion 7. Enforcing restarts or resets. Communication attacks: These Attacks on vehicular communication are probably the primary challenge for the most future VC-based applications. Comprise active and passive attacks on all communication channels accessible by the respective attacker.
  • 11. 11 Physical Attacks Monitoring and side channel attack :Mean the passive, noninvasive interception and examination of all channels susceptible to the attacker that allow him to breach the security of the respective device Denial of Service Attacks : Physical denial of service attacks refer to active, invasive and non-invasive attacks on the physical availability while preventing or considerably delaying access to critical resources, communication, or functionality. Fault attacks or perturbation attacks are active, non-invasive attacks that expose the respective attack target to an anomalous operating environment to induce faults that could disrupt or modify the execution of some critical instructions. Penetration Attacks : Penetration attacks are active, invasive attacks that intercept internal communications, readout internal memories, or monitor any internal processing behavior to discover internal structures, secrets, and functionality. Modification Attacks Communication attacks
  • 12. Secure Component Identification Cryptographic Component Identification Physically Unclonable Functions
  • 13. Wireless or Wired Communicatio n Module Cryptographic Component Identification Abstract view of a vehicle in a (Secure vehicular communication system) Central Processing Module Credentials and Cryptographic keys Unique Identity Vehicle Component Credential Certificate
  • 14. Cryptographic Component Identification (Procedure) Secret Vehicle Key Central Processing Module Vehicle Component Credential Certificate (Cryptographic TAG) Certification Check during component Installation Secret Vehicle Key Central Processing Module Vehicle Component Credential Certificate (Cryptographic TAG) Secret Vehicle Key Central Processing Module Vehicle Component Credential Certificate (Cryptographic TAG)Security Key to signal component legitimacy Successful Certification check Phase Component Installation Vehicle Operation Component Removal Procedure Verification of the Establishment of the Check for the Deletion of the
  • 15. Component Identification using (PUF) PUF is a function that maps a set of challenges to a set of responses based on an intractably complex physical system. Due to smallest individual physical differences of every physical device, even identical circuits based on identical layouts provide a very individual and unpredictable response for the same challenge.
  • 16. Process for generation of Cryptographic key Using (PUF) In initialization step, 1. An output is generated from the PUF circuit 2. The error correcting syndrome for that output is computed and saved for later. 3. syndrome and this bit vector are public information and can be stored anywhere (on-chip, off-chip, or remotely on a server).
  • 17. Key Regeneration Steps using PUF: 1. The PUF first produces an output from the circuit. 2. the PUF uses the syndrome from the initialization step to correct any changes in the circuit output. 3. The output of the error correcting code (ECC) can be simply hashed down to a desired length and used as a cryptographic key.
  • 19. 1. Integrity. 2. Simple, Fast. 3. Protected Reference. 1. Integrity. 2. Authenticity. 3. Simple, Fast. 4. Shared Secret. 1. Integrity. 2. Authenticity. 3. Non-repudiation. 4. Adequate security. 5. Quite slow & complex. 1. Authenticity. 2. Integrity. 3. Non-repudiation. 4. Freshness 5. Maximum Security. 6. Most costly and inflexible MAC Digital signature Physical protection Secure Software Initialization methods non-repudiation Authenticity unauthorized modifications are detectable unauthorized modifications are infeasible Hash function Secure Software Initialization Characteristics
  • 20. • A hash function is a mathematical, efficiently computable function that has fixed size output: – E.g., H : {0,1}*  {0,1}160 – Input is called “message”, output is “digest” Hash function MAC Digital signature Physical protection
  • 21. Cryptographic Hash Functions & properties Name Digest length Basic unit of processing Number of steps Maximum message size MD5 128 bits 512 bits 64 (4 rounds of 16) infinity SHA-1 160 bits 512 bits 80 (4 rounds of 20) 2^64-1 bits RIPEMD- 160 160 bits 512 bits 160 (5 [paired rounds of 16) infinity Deterministic Quick to compute the hash value Infeasible to generate a message from its hash value Small change to a message should change the hash value Infeasible to find two different messages with the same hash value
  • 22. Message Digest 5 (MD5) Variable length message Divided in 512 Blocks 16 *32 bit words Padding Original Message 1 0 0 0 0 64 bit represent length of the message 4. Input message is "padded" (extended) its length (in bits) equals to 448 mod 512. 2. At least one bit and at most 512 bits are appended. 1. A single "1" bit is appended to the message. 3. Last 64 bit represent length of the message
  • 23. MD5 consists of 64 of these operations, grouped in four rounds of 16 operations. F is a nonlinear function; one function is used in each round. Mi denotes a 32-bit block of the message input, and Ki denotes a 32-bit constant, different for each operation. “S” denotes a left bit rotation by s places, “S” varies for each operation. denotes addition modulo 232. denotes addition modulo 232. 64 bit 128 bit MD5 Algorithm
  • 24. Hash function MAC Digital signature Physical protection Definition MAC defined over (K, M, T) is a pair of algorithms (E, D):E(k, m): returns a message authentication code t which belongs to a set T D(k, m, t): returns a value true or false depending on the correctness of the received authentication code Where : M is a set of all possible messages m, K is a set of all possible keys k, T is a set of all possible authentication codes t
  • 25. The following Block diagram present RCBC MAC algorithm
  • 26. Hash function MAC Digital signature Physical protection • Used to provide – Data integrity – Message authentication – Non-repudiation RSA (Digital signature algorithm ) • Developed in 1978 by Rivest, Shamir and Adleman (RSA) • Most popular public key cryptosystem • Based on the hard problem of “integer factorization” Key-Generation for RSA(1) 1. Generate two large random distinct primes p and q, each roughly the same size 2. Compute n = pq and 3. Select random integer e: 2. Compute unique integer d: 2. Public key is (n, e); Private key is d. ( ) ( 1)( 1)n p qφ = − − 1 , such that gcd( , ) 1e eφ φ< < = 1 , such that 1modd edφ φ< < =
  • 27. Alice p=5 q=7 n = 35 φ(n) = 4*6=24 e = 5; d: ed = 5d =1 mod 24 ; => d = 5 Public key: (n=35, e=5) Private key: d=5 M = [0, n-1] For all m Є M R(m)=m m = 26; R(m) = 26 s = 265 mod 35 = 31 message Signing algorithm message signature Signer’s private key Unsecured channel Signer Signature verification algorithm Signer’s public key Verifier Ok / not Ok
  • 28. 28 Hardware-protected software initialization enforces: 1. Integrity, 2. Authenticity, 3. Non-repudiation. Tamper- Evidence Tamper-Resistance Tamper-Detection Tamper- Response Physical Protection or Tamper protection Hash function MAC Digital signature Physical protection
  • 29. Varifiable Initialization (TCG)  Trusted Computing Group : An organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. Most Important Components of TCG is: 1. Trusted Platform Module (TPM). 2. Core Root of Trust for Measurement (CRTM), a kind of (protected pre-BIOS (Basic I/O System). 3. Trust Software Stack (TSS), which is the software interface to provide TC functionalities to the Operating system. TPM (Trusted Platform Module): a tamper-resistant hardware module mounted in a platform. Responsible for: measurement, root of trust, storage, reporting and policy enforcement, No direct memory access, Protected TPM chip
  • 30. 3030 Execution Engine (8- Bit/16 Bit uC) I/O (33MHz LPC bus) Volatile Memory PCR (>=16 *160 Bit) RAM (~8kB, secure execution) Non-volatile Memory ROM (~64Kb, Firmware, certificate) EEPROM (~16kB,Owner secret, user data, SRK, EK, counters) Monotonic Counters (>= 4*32 Bit) Tampering Sensors (U, f, Shield, reset) Asymmetric Key Generation Asymmetric Crypto Engine (RSA >= 2048 Bit) TRNG (>=256 Bit per call) Hash Engine (SHA-1, HMAC) Internal Structure of a Trusted Platform Module (TPM) according to the recent TCG specification
  • 31. The Core Root of Trust for Measurement (CRTM) • The CRTM is the first piece of code that executes on a platform at boot time. (I.e. Bios or Bios BootBlock in an IA-32 platform) • It must be trusted to properly report to the TPM what software executes after it. • Only authorized entities must be able to reflash the CRTM… (those that vouch for its behavior) The Authenticated boot process CRTM and TPM during the boot process
  • 32. Trusted Software Stack 32 •TSS enables application development and interoperability – Supply one entry point for applications to the TPM functionality – Provides synchronized access to the TPM – Hide building command streams with appropriate byte ordering and alignment from applications – Manage TPM resources • Several implementations available – IBM – Infineon – NTRU – Open Source (TrouSerS) Application CSP Cryptographic API TSS Service Services TSS SPI TPM Devices Driver TSS Core Services TSS CSI TPM Device Driver Library TPM DDLI
  • 34. Software Security Architecture • Enables a single computing device to securely run multiple process in parallel by sharing of resources. • Provide runtime isolation. • Subsystem, components can communicate only via strictly controlled communication channel. • Different types of security architectures are: 1. Virtualized security architecture. 2. Hardware isolated architecture. 3. Monolithic security architecture. 34
  • 35. Virtualized Security Architecture • A small security kernel act as control instance between vehicular hardware and actual application. • Kernel provides strong separation of resources and implements elementary security mechanisms. 35 Virtualized vehicular security architecture Security Software layer Application Layer Separation layer Hardware layer
  • 36. 36 Security Software layer Hardware layer • Conventional hardware and dedicated cryptographic microchip securely attached to the vehicular hardware. • It provides fundamental security-critical functions: 1. Cryptographic operation (encryption, decryption or hashing). 2. Secure timing. 3. Secure random number generation. •During start-up, this layer could enable the verifiable or secure initialization by cryptography the corresponding boot strapping process. • Provide Strong isolation between applications, components or subsystems. •Communication will be only via strictly controlled communication channel. •Appropriate resources management interface and enforce effective access control policy.
  • 37. 37 Application Layer Separation layer •Provide security functionalities on more abstract level. •It uses the functionality offered by separation layer. •Provide elementary security mechanism such as secure storage or secure communication. •Multiple legacy operating systems can be executed concurrently, but strongly isolated. •Communication between applications as well as potential I/O are depends on the conditions of the effective security policy enforced by the underlying kernel. •Provides all services and application that are not security critical.
  • 38. Hardware isolated architecture. • Relay on particular hardware isolation mechanism such as ARM trust zone Technology. • In this architecture additional hardware mechanism built in, it virtually provide additional secure execution environment. 38 • Processor can switch from the legacy environment (non secure world) to a virtual security environment (secure world), each world operates independently. • Communication between two world only possible by calling a privileged instruction from the non-secure kernel. Hardware isolated vehicular security architecture by ARM TrustZone Technology
  • 39. Monolithic Security Architecture. • Its for isolated security applications, employ hardware dedicatedly. • The security kernel only provides only basic resources management services. • Monolithic applications that themselves include all necessary resource management and security mechanism could even completely omit a separate security kernel, running on top of the monolithic application. 39 Dedicated monolithic vehicular security architecture
  • 41. 41 Software updates in automotive Essential for vehicle OEMs: • To manage the software efficiently over the lifecycle of the vehicle. • To provide improvements in performance. • To deliver corrections to faulty software that endanger lives or the environment.
  • 42. 42 OEMs is using Software OTA for software updates because: 1. Saves on recall caused by software bugs. 2. Implement into vehicle’s network with as little changes as possible. 3. Cost reduction as compared to manually recall and updating. Challenges in OTA software update: 1. Cloud connection are active all the time and thus OTA interfaces are potentially accessible for hackers. 2. Provide doors for attacks to permanent endanger the operation of vehicles like functional changes, tuning, Trojans. 3. Potential to attack vehicles is threatening Tier1s, OEMs and politicians.
  • 43. Evolutionary Software OTA Flow (Software Development to Vehicle Reboot) 43 Release new software version Formatting for update handling Service pack at OEM’s update server Transport Via INTERNET Over The Air – Telematics unit TCU › Receive and decrypt from secure wireless protocol Download service pack › Check OEM authenticity › Setup encryption services › Stored in vehicles central storage › Verify data › Unpack for ECUs Updating the vehicle i.e. using UDS › Start UDS programming session › Send service packs to ECUs in blocks using UDS protocol. Update inside ECUs: Secure Flash Bootloader and HSM › Erase Flash › Decrypt and unzip blocks (E2E protection) › Write new code into Flash › Update and verify signatures (HASH) Reboot the vehicle with new SW versions › Exit update mode › Restart all ECUs within the car. Safety responsibility: -Vehicle protection and safety responsibility. -ECU-IP protection and safety responsibility. -Secure update service. -Secure Flash Boot Loader.
  • 44. Secure Software update based on Digital Signature 44 Software Development Digital Signature Program code OEM Trust Centre Signature PC Secret Key Flash Tool OEM Certificate ECU Security Module Public Key OEM’s DATABASE Steps for secure software update by means of digital signature: 1. Software development. 2. Software is signed at the OEM’s trust, it is protected environment, employs the OEM’s secret key to authenticate authorized software by creating digital signature. 3. Signature is append to the software. 4. Signature and software stored in the OEM’s database for distribution. 5. Now signed software can be loaded into the prospective flashing tool. Flashing tool itself can be authenticate. 6. ECU can verify the loaded software for integrity and authenticity by verifying signature.
  • 45. Certificate Validation of vehicle configuration Secure Software update based on Trusted Computing 45 Certificate Generation And asymmetric key Current vehicle hardware and software configuration Vehicle User Content Provider Content Binding Bound & encrypted content Private Key Public Key Uses public key to establish trusted channel Trusted channel configuration Yes Decryption and installation
  • 46. 46