SlideShare a Scribd company logo

Automotive Security (Connected Vehicle Security Issues)

Priyanka Aash
Priyanka Aash

Connected Car Security Issues: 4 main components- 1- ECU (Electronic Control Unit) 2- CAN Bus (Control Area Network Bus) 3- OBD (Onboard Diagnostics) 4- Infotainment

Technology
1 of 32
May 22, 2017 Proprietary and Confidential - 1 - Connected Car Security IGATE is now a part of Capgemini Arnab Chattopadhayay, Senior Director Date: 13th May, 2017
May 22, 2017 Proprietary and Confidential - 2 - Table of Content  A Car Hack  Evolution of Modern Car  Components of a modern car  Automotive security – Threat Model  Relationship between Safety and Cybersecurity  Secure automotive design  Attack Model  Architectural Issues  Recommendations
May 22, 2017 Proprietary and Confidential - 3 - Chrysler Jeep Hack – Charlie Miller & Chris Valasek
May 22, 2017 Proprietary and Confidential - 4 - Yesterday
May 22, 2017 Proprietary and Confidential - 5 - Today
May 22, 2017 Proprietary and Confidential - 6 - Tomorrow
May 22, 2017 Proprietary and Confidential - 7 - Components of Modern Car
May 22, 2017 Proprietary and Confidential - 8 - List of Car Components •Accident Recorder •Active Aerodynamics •Active Cabin Noise Suppression •Active Exhaust Noise Suppression •Active Suspension •Active Vibration Control •Active Yaw Control •Adaptive Cruise Control •Adaptive Front Lighting •Airbag Deployment •Antilock Braking •Auto-Dimming Mirrors •Autonomous Emergency Braking •Battery Management •Blind Spot Detection •Cabin Environment Controls •Communication Systems •Convertible Top Control •Cylinder Deactivation •DSRC •Driver Alertness Monitoring •Electronic Power Steering •Electronic Seat Control •Electronic Stability Control •Electronic Throttle Control •Electronic Toll Collection •Electronic Valve Timing •Engine Control •Entertainment System •Event Data Recorder •Head-Up Displays •Hill Hold Control •Idle Stop-Start •Instrument Cluster •Intelligent Turn Signals •Interior Lighting •Lane Departure Warning •Lane Keeping Assist •Navigation •Night Vision Systems •On-Board Diagnostics •Parental Controls •Parking Systems •Precrash Safety •Rear-view Camera •Regenerative Braking •Remote Keyless Entry •Security Systems •Tire Pressure Monitoring •Traction Control •Traffic Sign Recognition •Transmission Control •Windshield Wiper Control
May 22, 2017 Proprietary and Confidential - 9 - Schematic view of Connected Components
May 22, 2017 Proprietary and Confidential - 10 - Four Main Components  ECU (Electronic Control Unit)  CAN Bus (Control Area Network Bus)  OBD (Onboard Diagnostics)  Infotainment
May 22, 2017 Proprietary and Confidential - 11 - ECU – Overview  Embedded Digital Computer  Runs closed-control-loop  Reads data from sensors (e.g. temperature, tyre pressure, engine rev, windows movement sensor) – Example: Gather data from different sensors the ECU looks up values in table and performs long mathematical equations to calculate best spark time or determine fuel injector opening time  Types of ECU – ECM – Engine Control Module – EBCM – Electronic Break Control Module – PCM - Powertrain Control Module – VCM – Vehicle Control Module – BCM – Body Control Module  32-bit 40-MHz Processor  Average code size: 1 MB
May 22, 2017 Proprietary and Confidential - 12 - ECU – Functional Block  Power supply – digital and analog (power for analog sensors)  MPU – Flash and RAM  Communication Link (e.g. CAN Bus link)  Discrete Inputs – On/Off switch type  Frequency Inputs – encoder type signals (e.g. crank or vehicle speed)  Analog Inputs – feedback signals from sensor  Switch output – On/Off switch type  PWM Outputs – variable frequency and duty cycle (e.g. injector, ignition)  Frequency Outputs – constant duty cycle (e.g. stepper motor)
May 22, 2017 Proprietary and Confidential - 13 - Example Function of ECU  At high speed circuit, drivers has to throttle more, rather than applying gradually full throttle. The accelerator will be set so that only a small movement will result in full engine acceleration – Read data captured by ADC on the Channel on which Accelerator Pedal is connected – Using the data, look-up the value from a multi-dimensional map which contains the Engine RPM as another input – Take output value from the map, multiply by correction factor – The output is the Torque to be generated by the engine – Repeat this sequence every 20 milliseconds
May 22, 2017 Proprietary and Confidential - 14 - CAN Bus  Multi-master serial bus  Connects ECU  Complexity of nodes can vary – Simple I/O device – Embedded computer with a CAN interface – Gateway to USB or Ethernet port  Nodes are connected through two wire bus with 120 Ohm termination  CAN-Hi – 5V when transmitting 0  CAN-Low – 0V when transmitting 0  Message broadcast to all Nodes – Nodes are expected to ignore message that are not addressed to them  Frame does not include source address
May 22, 2017 Proprietary and Confidential - 15 - CAN Protocol Frame
May 22, 2017 Proprietary and Confidential - 16 - OBD-II  Diagnostics Connector  SAE J1962 – Type A and Type B – both female pin – 16 pin (2 x 8) – D-shaped  Type A connector is used for vehicle that use 12V supply voltage  Type B connector is used for vehicle that use 24V supply voltage
May 22, 2017 Proprietary and Confidential - 17 - Main Hackable Attack Surface  Success of of hacking car depends on: – Remote attack surfaces – Cyber-physical features – In-Vehicle network architecture  20% models (2014- 2015) from different manufacturers are vulnerable to more than seven categories of remote attack From research by Miller and Valasek
May 22, 2017 Proprietary and Confidential - 18 - Relationship between Car Safety and Cyber Security  Strong relationship between automotive safety and cyber security  SAE J3061 – Cyber Security Guidebook for Cyber-Physical Vehicle Systems  System Safety is concerned with protecting against harm to life, property and environment  System Cybersecurity aims to prevent financial, operational, privacy and safety loses – All safety critical systems are security critical but there could be systems e.g. Infotainment that are security critical but not safety critical
May 22, 2017 Proprietary and Confidential - 19 - Cyber Security Threat Model – Threat Agents  Researchers and Hobbyists – Universities, government labs, defense labs. Motivations are usually positive to study and conduct research  Pranksters and Hacktivists – Takes opportunity to demonstrate their skills or promote their cause but with negative outcomes for the product owners and manufacturers  Owners and Operators – Many car hacking tools exists with owners and often they want to hack their own vehicles to improve performance, to bypass restriction set by manufacturers or regulators or disable components to obfuscate their fraudulent actions  Organized crime – Has always been a threat to vehicles. Main motivation is financial gain. DoS, malware, ransomware – Cyber crime-as-a-service !  Nation States – Not easy to determine motivation – Industrial espionage, surveillance, economic and physical warfare – Intervention to assist national manufacturers against foreign competitions – Tracking and audio monitoring of high-value objects  Transportation Infrastructure – Next-gen car V2V communication – Security and safety issue can occur through attacks and misbehavior of the surrounding infrastructure  Example: manipulation of traffic light confusing smart cars causing accidents
May 22, 2017 Proprietary and Confidential - 20 - Cyber Security Threat Model  One-to-many connected ECUs on same CAN Bus as the OBD-II Port  The ability to control the ECU results in attacker getting control of the vehicle  Assume, OBD-II device can be compromised  Determine the attack proximity and vulnerability  Classify vulnerabilities using Microsoft STRIDE and SAE SPFO Impact model the potential areas of vulnerability and particular types of threats that may take e of those vulnerabilities. ying types of vehicle bus architecture and varying types of OBD-II devices, we use a d diagram (Figure 4) to present potential connections in the vehicle. Each ECU in Figure 4 s the one or many connected ECUs on the same bus as the OBD-II port. The ability to control esults in attacker control of that vehicle’s function. Generic OBD-II Device Threat Model Diagram by analyzing the impacts of various attacks assuming the OBD-II device can be ised and an attacker can execute arbitrary code. Although each attack is the same, the impact on the capabilities of the device (e.g., how far away the attacker needs to be). Once the attack y and vulnerability are defined, the vulnerability is classified using Microsoft’s STRIDE ECU A ECU B ECU C Aftermarket OBD-II Device OBD-II Port
May 22, 2017 Proprietary and Confidential - 21 - Cyber Security Threat Model SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 6 [Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. technique (Microsoft, 2005). We also use the Society of Automotive Engineers (SAE) safety, privacy, financial, and operational impact to define how a vulnerability may affect a vehicle (Ward, et al., 2013). (Both STRIDE and the SAE techniques are described in Appendix D.) Table 2: Vulnerability Impact on the Device and the Vehicle Vulnerability ECU Affected Comments Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) Hardcoded credentials None X S0 S0 S0 S0 Arbitrary command injection OBD- connected buses X S0 S3 S0 S0 Vulnerability ECU Affected Comments VulnerabilityImpact (STRIDE) Impact (Ward, et al., 2013) Arbitrary CAN injection OBD- connected buses Full device compromise (See Table 3 for complete impact.) X X X X X X
May 22, 2017 Proprietary and Confidential - 22 - Cyber Security Threat Model Table 3: Vulnerability Impact on Vehicle with Complete Device Compromise by Proximity Vulnerability ECU Affected Proximity Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) S T R I D E S P F O Compromise of OBD-II device OBD- connected buses Physical X X X X X X S1 S1 S2 S2 Compromise of OBD-II device OBD- connected buses Short range (Bluetooth) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Long range (Wi-Fi) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Anywhere (cellular) X X X X X X S4 S4 S4 S4
May 22, 2017 Proprietary and Confidential - 23 - Anatomy of Chrysler Jeep Cherokee Hack  Head Unit is connected to both CAN Buses  Targeted to compromise Radio to get access to ECU connected to CAN-IHS and CAN-C  Radio receives GPS, AM/FM and Satellite Radio signal  Radio unit – Harman Uconnect system  Uconnect runs QNX  Uconnect system has Wifi  Wifi password was compromised  Performed port scan and identify D-Bus service  Exploited D-Bus vulnerability execute expoit as root  Jailbreak Uconnect  Uconnect payload – LUA Script  Uconnect communicates with CAN Buses using V850E/FJ3  The test OMAP chip can only read from CAN not send  Reverse engineer firmware of OMAP  Re-program by uploading code via USB that will allow V850 to send command to CAN  Then use CAN commands to do malicious activities – Jamming steering, slow down accelerator response Network Architecture The architecture of the 2014 Jeep Cherokee was very intriguing to us due to the fact that (Radio) is connected to both CAN buses that are implemented in the vehicle. Figure: 2014 Jeep Cherokee architecture diagram We speculated that if the Radio could be compromised, then we would have access to EC CAN-IHS and CAN-C networks, meaning that messages could be sent to all ECUs that cont attributes of the vehicle. You’ll see later in this paper that our remote compromise of the not directly lead to access to the CAN buses and further exploitation stages were necessa being said, there are no CAN bus architectural restrictions, such as the steering being on a separate bus. If we can send messages from the head unit, we should be able to send the ECU on the CAN bus.
May 22, 2017 Proprietary and Confidential - 24 - Potential Risks  Safety-Critical Risks – Driver Distractions (e.g. volume, wipers) – Engine Shutoff or Degradation – Steering Changes (autonomous vehicles)  Less Safety-Critical Vehicle Specific Risks – Theft of the car or contents – Enabling physical crime against occupants – Insurance or lease fraud – Eavesdropping on occupants – Theft of information (e.g. personal profile, phone list) – Vector for attacking mobile devices in the car – Theft of PII – Tracking the vehicles location
May 22, 2017 Proprietary and Confidential - 25 - Key Vulnerabilities Found in Car  Insecure firmware updates and downloads  Hardcoded or non-existent Bluetooth PIN  Weak WPA2 password  Hardcoded credentials  Internet-enabled administration interface
May 22, 2017 Proprietary and Confidential - 26 - Some Important Attack Vectors  Arbitrarily modify firmware  Maliciously update remote firmware  Lock/unlock doors  Turn on/off vehicle  Affect vehicle GPS tracking, speed, heading and altitude  Read the car’s internal data – temperature, fuel levels, diagnostic trouble codes etc.  Inject arbitrary CAN packet
May 22, 2017 Proprietary and Confidential - 27 - Common Architecture Issues  The Primary Processor – Simple processor – Convert External Network Protocol to CAN and vice versa – Logic is implemented in upstream systems – Do not include any security e.g. authentication, command validation  External Network Interface – Due to no filtering at device and OBD-II port, security is completely dependent on perimeter i.e. external network interface – External network interface security strength varies  WPA2 with not strong password  Easy to guess BT PIN  Widely shared BT PIN  Undocumented features  Insecure Firmware upgrades
May 22, 2017 Proprietary and Confidential - 28 - Recommendations  Hardware Security – Secure Boot and software attestation function – TPM – Tamper Protection – Cryptographic Acceleration – Active Memory Protection – Device Identity Directly on Device  Intel EPID, PUF  Software Security – Secure Boot – Partitioned OS – Authentication – Enforcement of approved and appropriate behavior – Secure SDL
May 22, 2017 Proprietary and Confidential - 29 - Recommendations  Network Security – Message and Device Authentication – Identify and enforce predictably holistic behavior – Access Controls  Cloud Security – Secure authenticated channel to cloud – Remote monitoring of vehicle – Threat intelligence exchange – OTA updates – Credential management
May 22, 2017 Proprietary and Confidential - 30 - Recommendations  Supply-chain Security – Authorized distribution channel – Track and trace – Continuity of supply
May 22, 2017 Proprietary and Confidential - 31 - Recommendations  ISO/IEC – 9797-1, 11889  ISO/IEC 9797-1: Security techniques – Message Authentication Codes  ISO/IEC 11889: Trusted Platform Module  ISO 12207: Systems and software engineering – Software life cycle processes  ISO 15408: Evaluation criteria for IT security  ISO 26262: Functional safety for road vehicles  ISO 27001: Information Security Management System  ISO 27002: Code of Practice – Security  ISO 27018: Code of Practice – Handling PII / SPI (Privacy)  ISO 27034: Application security techniques  ISO 29101: Privacy architecture frameworks  ISO 29119: Software testing standard  IEC 62443: Industrial Network and System Security  SAE J2945: Dedicated Short Range Communication (DSRC) Minimum Performance Requirements.  SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.  SAE J3101: Requirements for Hardware- Protected Security for Ground Vehicle Applications.  E-safety Vehicle Intrusion Protected Applications (EVITA)  Trusted Platform Module  Secure Hardware Extensions (SHE): From the German OEM consortium Hersteller Initiative Software (HIS), these on-chip extensions provide a set of cryptographic services to the application layer and isolate the keys.
May 22, 2017 Proprietary and Confidential - 32 - THANK YOU

Recommended

Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsOnBoard Security, Inc. - a Qualcomm Company
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car Real-Time Innovations (RTI)
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 

Recommended

Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsOnBoard Security, Inc. - a Qualcomm Company
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car Real-Time Innovations (RTI)
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESPROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESiQHub
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringBryan Len
 
IoT services in the automotive sector
IoT services in the automotive sectorIoT services in the automotive sector
IoT services in the automotive sectorPRIME
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyEmbitel Technologies (I) PVT LTD
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking GAURAV. H .TANDON
 
Introduction to Connected Cars and Autonomous Vehicles
Introduction to Connected Cars and Autonomous VehiclesIntroduction to Connected Cars and Autonomous Vehicles
Introduction to Connected Cars and Autonomous VehiclesBill Harpley
 
Driver-less cars by avaneesh shuka
Driver-less cars by avaneesh shuka Driver-less cars by avaneesh shuka
Driver-less cars by avaneesh shuka avaneesh shukla
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Driving behavior for ADAS and Autonomous Driving
Driving behavior for ADAS and Autonomous DrivingDriving behavior for ADAS and Autonomous Driving
Driving behavior for ADAS and Autonomous DrivingYu Huang
 
Automotive telematics
Automotive telematicsAutomotive telematics
Automotive telematicsNarendra K Saini
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous carsAmal Jose
 
5G Automotive, V2X Opportunity and Challenges
5G Automotive, V2X Opportunity and Challenges5G Automotive, V2X Opportunity and Challenges
5G Automotive, V2X Opportunity and ChallengesMarie-Paule Odini
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
 
Connected Cars
Connected CarsConnected Cars
Connected CarsTata Consultancy Services
 
GOOGLE'S AUTONOMUS CAR
GOOGLE'S AUTONOMUS CARGOOGLE'S AUTONOMUS CAR
GOOGLE'S AUTONOMUS CARjolsnaj
 
FOTA Upgrade on Automotive and IoT Industry
FOTA Upgrade on Automotive and IoT IndustryFOTA Upgrade on Automotive and IoT Industry
FOTA Upgrade on Automotive and IoT IndustryEmbitel Technologies (I) PVT LTD
 
Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsTonex
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsAlison Chaiken
 

More Related Content

What's hot

PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESPROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESiQHub
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringBryan Len
 
IoT services in the automotive sector
IoT services in the automotive sectorIoT services in the automotive sector
IoT services in the automotive sectorPRIME
 
Introduction to Connected Cars and Autonomous Vehicles
Introduction to Connected Cars and Autonomous VehiclesIntroduction to Connected Cars and Autonomous Vehicles
Introduction to Connected Cars and Autonomous VehiclesBill Harpley
 
Driver-less cars by avaneesh shuka
Driver-less cars by avaneesh shuka Driver-less cars by avaneesh shuka
Driver-less cars by avaneesh shuka avaneesh shukla
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Driving behavior for ADAS and Autonomous Driving
Driving behavior for ADAS and Autonomous DrivingDriving behavior for ADAS and Autonomous Driving
Driving behavior for ADAS and Autonomous DrivingYu Huang
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous carsAmal Jose
 
5G Automotive, V2X Opportunity and Challenges
5G Automotive, V2X Opportunity and Challenges5G Automotive, V2X Opportunity and Challenges
5G Automotive, V2X Opportunity and ChallengesMarie-Paule Odini
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
 
GOOGLE'S AUTONOMUS CAR
GOOGLE'S AUTONOMUS CARGOOGLE'S AUTONOMUS CAR
GOOGLE'S AUTONOMUS CARjolsnaj
 

What's hot (20)

AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPT
 
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESPROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
 
IoT services in the automotive sector
IoT services in the automotive sectorIoT services in the automotive sector
IoT services in the automotive sector
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional Safety
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
 
Introduction to Connected Cars and Autonomous Vehicles
Introduction to Connected Cars and Autonomous VehiclesIntroduction to Connected Cars and Autonomous Vehicles
Introduction to Connected Cars and Autonomous Vehicles
 
Driver-less cars by avaneesh shuka
Driver-less cars by avaneesh shuka Driver-less cars by avaneesh shuka
Driver-less cars by avaneesh shuka
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive Industry
 
Driving behavior for ADAS and Autonomous Driving
Driving behavior for ADAS and Autonomous DrivingDriving behavior for ADAS and Autonomous Driving
Driving behavior for ADAS and Autonomous Driving
 
Automotive telematics
Automotive telematicsAutomotive telematics
Automotive telematics
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous cars
 
5G Automotive, V2X Opportunity and Challenges
5G Automotive, V2X Opportunity and Challenges5G Automotive, V2X Opportunity and Challenges
5G Automotive, V2X Opportunity and Challenges
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?
 
Connected Cars
Connected CarsConnected Cars
Connected Cars
 
GOOGLE'S AUTONOMUS CAR
GOOGLE'S AUTONOMUS CARGOOGLE'S AUTONOMUS CAR
GOOGLE'S AUTONOMUS CAR
 
FOTA Upgrade on Automotive and IoT Industry
FOTA Upgrade on Automotive and IoT IndustryFOTA Upgrade on Automotive and IoT Industry
FOTA Upgrade on Automotive and IoT Industry
 

Similar to Automotive Security (Connected Vehicle Security Issues)

Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsTonex
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsAlison Chaiken
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionAlexander Schellong
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Mark Goldstein
 
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Dr.Irshad Ahmed Sumra
 
Advanced car security system
Advanced car security systemAdvanced car security system
Advanced car security systemAmi Goswami
 
WHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into CarsWHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into CarsSymantec
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
IRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber SecurityIRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber SecurityIRJET Journal
 
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationIntegration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationSachin Mehta
 
20181116.smart can cable_v2
20181116.smart can cable_v220181116.smart can cable_v2
20181116.smart can cable_v2Mocke Tech
 
Connected cars by Smart Driving Labs
Connected cars by Smart Driving LabsConnected cars by Smart Driving Labs
Connected cars by Smart Driving LabsMauroBenigno4
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
Chapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificChapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificMoe Moe Myint
 
Car electronization trend in automotive industry
Car electronization trend in automotive industryCar electronization trend in automotive industry
Car electronization trend in automotive industryKenji Suzuki
 
SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607Felipe Prado
 
The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)theijes
 

Similar to Automotive Security (Connected Vehicle Security Issues) (20)

Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded Systems
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
 
hamaa2.pdf
hamaa2.pdfhamaa2.pdf
hamaa2.pdf
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive Revolution
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
 
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
 
Advanced car security system
Advanced car security systemAdvanced car security system
Advanced car security system
 
WHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into CarsWHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into Cars
 
[IJET-V1I4P10] Authers :EiEi Thwe, Theingi
[IJET-V1I4P10] Authers :EiEi Thwe, Theingi[IJET-V1I4P10] Authers :EiEi Thwe, Theingi
[IJET-V1I4P10] Authers :EiEi Thwe, Theingi
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
Wfcs2019
Wfcs2019Wfcs2019
Wfcs2019
 
IRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber SecurityIRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber Security
 
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationIntegration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and Communication
 
20181116.smart can cable_v2
20181116.smart can cable_v220181116.smart can cable_v2
20181116.smart can cable_v2
 
Connected cars by Smart Driving Labs
Connected cars by Smart Driving LabsConnected cars by Smart Driving Labs
Connected cars by Smart Driving Labs
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
Chapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificChapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain Specific
 
Car electronization trend in automotive industry
Car electronization trend in automotive industryCar electronization trend in automotive industry
Car electronization trend in automotive industry
 
SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607
 
The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Automotive Security (Connected Vehicle Security Issues)

  • 1. May 22, 2017 Proprietary and Confidential - 1 - Connected Car Security IGATE is now a part of Capgemini Arnab Chattopadhayay, Senior Director Date: 13th May, 2017
  • 2. May 22, 2017 Proprietary and Confidential - 2 - Table of Content  A Car Hack  Evolution of Modern Car  Components of a modern car  Automotive security – Threat Model  Relationship between Safety and Cybersecurity  Secure automotive design  Attack Model  Architectural Issues  Recommendations
  • 3. May 22, 2017 Proprietary and Confidential - 3 - Chrysler Jeep Hack – Charlie Miller & Chris Valasek
  • 4. May 22, 2017 Proprietary and Confidential - 4 - Yesterday
  • 5. May 22, 2017 Proprietary and Confidential - 5 - Today
  • 6. May 22, 2017 Proprietary and Confidential - 6 - Tomorrow
  • 7. May 22, 2017 Proprietary and Confidential - 7 - Components of Modern Car
  • 8. May 22, 2017 Proprietary and Confidential - 8 - List of Car Components •Accident Recorder •Active Aerodynamics •Active Cabin Noise Suppression •Active Exhaust Noise Suppression •Active Suspension •Active Vibration Control •Active Yaw Control •Adaptive Cruise Control •Adaptive Front Lighting •Airbag Deployment •Antilock Braking •Auto-Dimming Mirrors •Autonomous Emergency Braking •Battery Management •Blind Spot Detection •Cabin Environment Controls •Communication Systems •Convertible Top Control •Cylinder Deactivation •DSRC •Driver Alertness Monitoring •Electronic Power Steering •Electronic Seat Control •Electronic Stability Control •Electronic Throttle Control •Electronic Toll Collection •Electronic Valve Timing •Engine Control •Entertainment System •Event Data Recorder •Head-Up Displays •Hill Hold Control •Idle Stop-Start •Instrument Cluster •Intelligent Turn Signals •Interior Lighting •Lane Departure Warning •Lane Keeping Assist •Navigation •Night Vision Systems •On-Board Diagnostics •Parental Controls •Parking Systems •Precrash Safety •Rear-view Camera •Regenerative Braking •Remote Keyless Entry •Security Systems •Tire Pressure Monitoring •Traction Control •Traffic Sign Recognition •Transmission Control •Windshield Wiper Control
  • 9. May 22, 2017 Proprietary and Confidential - 9 - Schematic view of Connected Components
  • 10. May 22, 2017 Proprietary and Confidential - 10 - Four Main Components  ECU (Electronic Control Unit)  CAN Bus (Control Area Network Bus)  OBD (Onboard Diagnostics)  Infotainment
  • 11. May 22, 2017 Proprietary and Confidential - 11 - ECU – Overview  Embedded Digital Computer  Runs closed-control-loop  Reads data from sensors (e.g. temperature, tyre pressure, engine rev, windows movement sensor) – Example: Gather data from different sensors the ECU looks up values in table and performs long mathematical equations to calculate best spark time or determine fuel injector opening time  Types of ECU – ECM – Engine Control Module – EBCM – Electronic Break Control Module – PCM - Powertrain Control Module – VCM – Vehicle Control Module – BCM – Body Control Module  32-bit 40-MHz Processor  Average code size: 1 MB
  • 12. May 22, 2017 Proprietary and Confidential - 12 - ECU – Functional Block  Power supply – digital and analog (power for analog sensors)  MPU – Flash and RAM  Communication Link (e.g. CAN Bus link)  Discrete Inputs – On/Off switch type  Frequency Inputs – encoder type signals (e.g. crank or vehicle speed)  Analog Inputs – feedback signals from sensor  Switch output – On/Off switch type  PWM Outputs – variable frequency and duty cycle (e.g. injector, ignition)  Frequency Outputs – constant duty cycle (e.g. stepper motor)
  • 13. May 22, 2017 Proprietary and Confidential - 13 - Example Function of ECU  At high speed circuit, drivers has to throttle more, rather than applying gradually full throttle. The accelerator will be set so that only a small movement will result in full engine acceleration – Read data captured by ADC on the Channel on which Accelerator Pedal is connected – Using the data, look-up the value from a multi-dimensional map which contains the Engine RPM as another input – Take output value from the map, multiply by correction factor – The output is the Torque to be generated by the engine – Repeat this sequence every 20 milliseconds
  • 14. May 22, 2017 Proprietary and Confidential - 14 - CAN Bus  Multi-master serial bus  Connects ECU  Complexity of nodes can vary – Simple I/O device – Embedded computer with a CAN interface – Gateway to USB or Ethernet port  Nodes are connected through two wire bus with 120 Ohm termination  CAN-Hi – 5V when transmitting 0  CAN-Low – 0V when transmitting 0  Message broadcast to all Nodes – Nodes are expected to ignore message that are not addressed to them  Frame does not include source address
  • 15. May 22, 2017 Proprietary and Confidential - 15 - CAN Protocol Frame
  • 16. May 22, 2017 Proprietary and Confidential - 16 - OBD-II  Diagnostics Connector  SAE J1962 – Type A and Type B – both female pin – 16 pin (2 x 8) – D-shaped  Type A connector is used for vehicle that use 12V supply voltage  Type B connector is used for vehicle that use 24V supply voltage
  • 17. May 22, 2017 Proprietary and Confidential - 17 - Main Hackable Attack Surface  Success of of hacking car depends on: – Remote attack surfaces – Cyber-physical features – In-Vehicle network architecture  20% models (2014- 2015) from different manufacturers are vulnerable to more than seven categories of remote attack From research by Miller and Valasek
  • 18. May 22, 2017 Proprietary and Confidential - 18 - Relationship between Car Safety and Cyber Security  Strong relationship between automotive safety and cyber security  SAE J3061 – Cyber Security Guidebook for Cyber-Physical Vehicle Systems  System Safety is concerned with protecting against harm to life, property and environment  System Cybersecurity aims to prevent financial, operational, privacy and safety loses – All safety critical systems are security critical but there could be systems e.g. Infotainment that are security critical but not safety critical
  • 19. May 22, 2017 Proprietary and Confidential - 19 - Cyber Security Threat Model – Threat Agents  Researchers and Hobbyists – Universities, government labs, defense labs. Motivations are usually positive to study and conduct research  Pranksters and Hacktivists – Takes opportunity to demonstrate their skills or promote their cause but with negative outcomes for the product owners and manufacturers  Owners and Operators – Many car hacking tools exists with owners and often they want to hack their own vehicles to improve performance, to bypass restriction set by manufacturers or regulators or disable components to obfuscate their fraudulent actions  Organized crime – Has always been a threat to vehicles. Main motivation is financial gain. DoS, malware, ransomware – Cyber crime-as-a-service !  Nation States – Not easy to determine motivation – Industrial espionage, surveillance, economic and physical warfare – Intervention to assist national manufacturers against foreign competitions – Tracking and audio monitoring of high-value objects  Transportation Infrastructure – Next-gen car V2V communication – Security and safety issue can occur through attacks and misbehavior of the surrounding infrastructure  Example: manipulation of traffic light confusing smart cars causing accidents
  • 20. May 22, 2017 Proprietary and Confidential - 20 - Cyber Security Threat Model  One-to-many connected ECUs on same CAN Bus as the OBD-II Port  The ability to control the ECU results in attacker getting control of the vehicle  Assume, OBD-II device can be compromised  Determine the attack proximity and vulnerability  Classify vulnerabilities using Microsoft STRIDE and SAE SPFO Impact model the potential areas of vulnerability and particular types of threats that may take e of those vulnerabilities. ying types of vehicle bus architecture and varying types of OBD-II devices, we use a d diagram (Figure 4) to present potential connections in the vehicle. Each ECU in Figure 4 s the one or many connected ECUs on the same bus as the OBD-II port. The ability to control esults in attacker control of that vehicle’s function. Generic OBD-II Device Threat Model Diagram by analyzing the impacts of various attacks assuming the OBD-II device can be ised and an attacker can execute arbitrary code. Although each attack is the same, the impact on the capabilities of the device (e.g., how far away the attacker needs to be). Once the attack y and vulnerability are defined, the vulnerability is classified using Microsoft’s STRIDE ECU A ECU B ECU C Aftermarket OBD-II Device OBD-II Port
  • 21. May 22, 2017 Proprietary and Confidential - 21 - Cyber Security Threat Model SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 6 [Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. technique (Microsoft, 2005). We also use the Society of Automotive Engineers (SAE) safety, privacy, financial, and operational impact to define how a vulnerability may affect a vehicle (Ward, et al., 2013). (Both STRIDE and the SAE techniques are described in Appendix D.) Table 2: Vulnerability Impact on the Device and the Vehicle Vulnerability ECU Affected Comments Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) Hardcoded credentials None X S0 S0 S0 S0 Arbitrary command injection OBD- connected buses X S0 S3 S0 S0 Vulnerability ECU Affected Comments VulnerabilityImpact (STRIDE) Impact (Ward, et al., 2013) Arbitrary CAN injection OBD- connected buses Full device compromise (See Table 3 for complete impact.) X X X X X X
  • 22. May 22, 2017 Proprietary and Confidential - 22 - Cyber Security Threat Model Table 3: Vulnerability Impact on Vehicle with Complete Device Compromise by Proximity Vulnerability ECU Affected Proximity Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) S T R I D E S P F O Compromise of OBD-II device OBD- connected buses Physical X X X X X X S1 S1 S2 S2 Compromise of OBD-II device OBD- connected buses Short range (Bluetooth) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Long range (Wi-Fi) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Anywhere (cellular) X X X X X X S4 S4 S4 S4
  • 23. May 22, 2017 Proprietary and Confidential - 23 - Anatomy of Chrysler Jeep Cherokee Hack  Head Unit is connected to both CAN Buses  Targeted to compromise Radio to get access to ECU connected to CAN-IHS and CAN-C  Radio receives GPS, AM/FM and Satellite Radio signal  Radio unit – Harman Uconnect system  Uconnect runs QNX  Uconnect system has Wifi  Wifi password was compromised  Performed port scan and identify D-Bus service  Exploited D-Bus vulnerability execute expoit as root  Jailbreak Uconnect  Uconnect payload – LUA Script  Uconnect communicates with CAN Buses using V850E/FJ3  The test OMAP chip can only read from CAN not send  Reverse engineer firmware of OMAP  Re-program by uploading code via USB that will allow V850 to send command to CAN  Then use CAN commands to do malicious activities – Jamming steering, slow down accelerator response Network Architecture The architecture of the 2014 Jeep Cherokee was very intriguing to us due to the fact that (Radio) is connected to both CAN buses that are implemented in the vehicle. Figure: 2014 Jeep Cherokee architecture diagram We speculated that if the Radio could be compromised, then we would have access to EC CAN-IHS and CAN-C networks, meaning that messages could be sent to all ECUs that cont attributes of the vehicle. You’ll see later in this paper that our remote compromise of the not directly lead to access to the CAN buses and further exploitation stages were necessa being said, there are no CAN bus architectural restrictions, such as the steering being on a separate bus. If we can send messages from the head unit, we should be able to send the ECU on the CAN bus.
  • 24. May 22, 2017 Proprietary and Confidential - 24 - Potential Risks  Safety-Critical Risks – Driver Distractions (e.g. volume, wipers) – Engine Shutoff or Degradation – Steering Changes (autonomous vehicles)  Less Safety-Critical Vehicle Specific Risks – Theft of the car or contents – Enabling physical crime against occupants – Insurance or lease fraud – Eavesdropping on occupants – Theft of information (e.g. personal profile, phone list) – Vector for attacking mobile devices in the car – Theft of PII – Tracking the vehicles location
  • 25. May 22, 2017 Proprietary and Confidential - 25 - Key Vulnerabilities Found in Car  Insecure firmware updates and downloads  Hardcoded or non-existent Bluetooth PIN  Weak WPA2 password  Hardcoded credentials  Internet-enabled administration interface
  • 26. May 22, 2017 Proprietary and Confidential - 26 - Some Important Attack Vectors  Arbitrarily modify firmware  Maliciously update remote firmware  Lock/unlock doors  Turn on/off vehicle  Affect vehicle GPS tracking, speed, heading and altitude  Read the car’s internal data – temperature, fuel levels, diagnostic trouble codes etc.  Inject arbitrary CAN packet
  • 27. May 22, 2017 Proprietary and Confidential - 27 - Common Architecture Issues  The Primary Processor – Simple processor – Convert External Network Protocol to CAN and vice versa – Logic is implemented in upstream systems – Do not include any security e.g. authentication, command validation  External Network Interface – Due to no filtering at device and OBD-II port, security is completely dependent on perimeter i.e. external network interface – External network interface security strength varies  WPA2 with not strong password  Easy to guess BT PIN  Widely shared BT PIN  Undocumented features  Insecure Firmware upgrades
  • 28. May 22, 2017 Proprietary and Confidential - 28 - Recommendations  Hardware Security – Secure Boot and software attestation function – TPM – Tamper Protection – Cryptographic Acceleration – Active Memory Protection – Device Identity Directly on Device  Intel EPID, PUF  Software Security – Secure Boot – Partitioned OS – Authentication – Enforcement of approved and appropriate behavior – Secure SDL
  • 29. May 22, 2017 Proprietary and Confidential - 29 - Recommendations  Network Security – Message and Device Authentication – Identify and enforce predictably holistic behavior – Access Controls  Cloud Security – Secure authenticated channel to cloud – Remote monitoring of vehicle – Threat intelligence exchange – OTA updates – Credential management
  • 30. May 22, 2017 Proprietary and Confidential - 30 - Recommendations  Supply-chain Security – Authorized distribution channel – Track and trace – Continuity of supply
  • 31. May 22, 2017 Proprietary and Confidential - 31 - Recommendations  ISO/IEC – 9797-1, 11889  ISO/IEC 9797-1: Security techniques – Message Authentication Codes  ISO/IEC 11889: Trusted Platform Module  ISO 12207: Systems and software engineering – Software life cycle processes  ISO 15408: Evaluation criteria for IT security  ISO 26262: Functional safety for road vehicles  ISO 27001: Information Security Management System  ISO 27002: Code of Practice – Security  ISO 27018: Code of Practice – Handling PII / SPI (Privacy)  ISO 27034: Application security techniques  ISO 29101: Privacy architecture frameworks  ISO 29119: Software testing standard  IEC 62443: Industrial Network and System Security  SAE J2945: Dedicated Short Range Communication (DSRC) Minimum Performance Requirements.  SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.  SAE J3101: Requirements for Hardware- Protected Security for Ground Vehicle Applications.  E-safety Vehicle Intrusion Protected Applications (EVITA)  Trusted Platform Module  Secure Hardware Extensions (SHE): From the German OEM consortium Hersteller Initiative Software (HIS), these on-chip extensions provide a set of cryptographic services to the application layer and isolate the keys.
  • 32. May 22, 2017 Proprietary and Confidential - 32 - THANK YOU