SlideShare a Scribd company logo

Feasible car cyber defense - ESCAR 2010

Download as PPT, PDF
Iddan Halevy
Iddan Halevy
Technology
1 of 21
Feasible Car Cyber Defense Arilou Information Security Technologies LTD.
Arilou Technologies
General • Intro to modern car • The rising threat • Current solutions • Suggested solution
The modern car • Sophisticated and computerized • Decentralized electronic system  Usually consists of dozens of computers (ECUs – electronic control units) and sensors  New functionalities – hundreds MBs of code  Connected by one or more network segments • Autonomous cars
The modern car
The rising threat • ECUs controlled mechanisms  Brakes  Stability control  Airbags  … • CAN bus connected • Rising wave of cyber attacks
CAN bus protocol • A protocol from the 80’s • Very simple • Not secured in any manner  Priority according to ID  Who is the sender?
Known attacks - TODO •Disable an automotive using the internet •Attack using wireless tire pressure sensors •Attack using On-Star •Attack using the infotainment system – gain control over the vehicle
Attack motivation • Access to the automotive internal communication network  Car theft  Stealing personal data  Extortion  Damaging business competitors reputation  …
Hacking a system • Demonstrated by US researchers - hack using RDS, Bluetooth and more • Hack a widespread infotainment system using hostile files  With no prior knowledge  No budget  Goal: estimate the possibility of such scenario
Infotainment Hack internet
Hacking process • Understand inner working and get binaries • Reversing the binaries – focus on input parsing • Finding exploitable vulnerabilities • Implementing the exploit
The result
Conclusion Cars were designed for safety and functionality – not for Security
The challenge • Huge number of suppliers • Lots of external interfaces • Every cent counts • Time critical communication • Legacy systems • Zero tolerance for mistakes
Possible solutions
Cryptography • Confidentiality • Integrity • Authenticity • Can solve some of the issues  The automotive world is far from ideal for this
Cryptography Difficulties • Key exchange and management • Symmetric keys:  Identical to all units – vulnerable  Not identical – complicated to manage • Asymmetric keys:  Time and computing complexity – cost  PK infrastructure needed • Maintenance nightmare – for a mission critical solution • Export restrictions • The industry is too decentralized • Does not solve vulnerabilities  Exploit can use the crypto mechanisms to encrypt  The more sophisticated the system the larger the attack surface
CAN bus firewall • A rule based CAN bus Firewall  Whitelist  Rate limit  Authentication • Independent device  Single non-expensive chip  aftermarket or integrated SOC  Military grade  Thoroughly tested • Architecture  As general rule does not require redesign of ECU’s software or vehicle’s network
Features • Physical forms  Standalone device with two CAN bus connections  Integrated chip in an ECU • Configuration  CLI (RS-232) interface  GUI  Non volatile memory • Protection  Secure software  Rule based filter  Rate limit against DOS
?Questions

Recommended

Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Real-Time Innovations (RTI)
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel LinaresTI Safe
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)Real-Time Innovations (RTI)
 
Symposium on Securing the IoT - Security is the future of IoT - mbed
Symposium on Securing the IoT - Security is the future of IoT - mbedSymposium on Securing the IoT - Security is the future of IoT - mbed
Symposium on Securing the IoT - Security is the future of IoT - mbedAustin Blackstone
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
NEXCOM Industry 4.0 Solution Map and Topology
NEXCOM Industry 4.0 Solution Map and TopologyNEXCOM Industry 4.0 Solution Map and Topology
NEXCOM Industry 4.0 Solution Map and TopologyEric Lo
 

Recommended

Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Real-Time Innovations (RTI)
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel LinaresTI Safe
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd
 
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
 
Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)Real-Time Innovations (RTI)
 
Symposium on Securing the IoT - Security is the future of IoT - mbed
Symposium on Securing the IoT - Security is the future of IoT - mbedSymposium on Securing the IoT - Security is the future of IoT - mbed
Symposium on Securing the IoT - Security is the future of IoT - mbedAustin Blackstone
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
NEXCOM Industry 4.0 Solution Map and Topology
NEXCOM Industry 4.0 Solution Map and TopologyNEXCOM Industry 4.0 Solution Map and Topology
NEXCOM Industry 4.0 Solution Map and TopologyEric Lo
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Aut Presentation V3
Aut Presentation V3Aut Presentation V3
Aut Presentation V3jsymonds
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsETCenter
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
DEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamDEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamFelipe Prado
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Innovation Summit 2015 - 5 - AirVantage
Innovation Summit 2015 - 5 - AirVantageInnovation Summit 2015 - 5 - AirVantage
Innovation Summit 2015 - 5 - AirVantageThibault Cantegrel
 
An Amazing World of Possibilities (Computex 2017)
An Amazing World of Possibilities (Computex 2017)An Amazing World of Possibilities (Computex 2017)
An Amazing World of Possibilities (Computex 2017)Arm
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
Seminar
SeminarSeminar
SeminarAbhinav Kushwah
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Build Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsBuild Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsReal-Time Innovations (RTI)
 
FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017Craig Hurst
 

More Related Content

What's hot

Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
Aut Presentation V3
Aut Presentation V3Aut Presentation V3
Aut Presentation V3jsymonds
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsETCenter
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
DEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamDEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamFelipe Prado
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Innovation Summit 2015 - 5 - AirVantage
Innovation Summit 2015 - 5 - AirVantageInnovation Summit 2015 - 5 - AirVantage
Innovation Summit 2015 - 5 - AirVantageThibault Cantegrel
 
An Amazing World of Possibilities (Computex 2017)
An Amazing World of Possibilities (Computex 2017)An Amazing World of Possibilities (Computex 2017)
An Amazing World of Possibilities (Computex 2017)Arm
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 

What's hot (20)

Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
 
Aut Presentation V3
Aut Presentation V3Aut Presentation V3
Aut Presentation V3
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assets
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
 
DEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellamDEF CON 23 - vivek ramachadran - chellam
DEF CON 23 - vivek ramachadran - chellam
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Innovation Summit 2015 - 5 - AirVantage
Innovation Summit 2015 - 5 - AirVantageInnovation Summit 2015 - 5 - AirVantage
Innovation Summit 2015 - 5 - AirVantage
 
An Amazing World of Possibilities (Computex 2017)
An Amazing World of Possibilities (Computex 2017)An Amazing World of Possibilities (Computex 2017)
An Amazing World of Possibilities (Computex 2017)
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
Seminar
SeminarSeminar
Seminar
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden ThreatCNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 

Viewers also liked

FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017Craig Hurst
 
Myths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's HospitalMyths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's HospitalNewellNYC
 
Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Joseph Hennawy
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsAndreas Mai
 
Hackers are the new highway threat
Hackers are the new highway threatHackers are the new highway threat
Hackers are the new highway threatHarman Innovation
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionAlexander Schellong
 
Michael W. Meissner - Cyber Security Engineering Biography
Michael W. Meissner - Cyber Security Engineering BiographyMichael W. Meissner - Cyber Security Engineering Biography
Michael W. Meissner - Cyber Security Engineering BiographyMichael W. Meissner, RCDD
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
 
Public policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous VehiclesPublic policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous VehiclesBill Harpley
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT SecurityBill Harpley
 
Automotive security (cvta)
Automotive security (cvta)Automotive security (cvta)
Automotive security (cvta)Alan Tatourian
 
HARMAN Corporate Deck
HARMAN Corporate DeckHARMAN Corporate Deck
HARMAN Corporate DeckDvir Reznik
 
Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)Ankit Singh
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber Security Defense by vulnerability mgmt nov 11 2015
Cyber Security Defense by vulnerability mgmt nov 11 2015Cyber Security Defense by vulnerability mgmt nov 11 2015
Cyber Security Defense by vulnerability mgmt nov 11 2015Kevin Murphy
 

Viewers also liked (17)

Build Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsBuild Safe and Secure Distributed Systems
Build Safe and Secure Distributed Systems
 
FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017
 
Myths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's HospitalMyths vs. Truths at St. Vincent's Hospital
Myths vs. Truths at St. Vincent's Hospital
 
Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
 
Hackers are the new highway threat
Hackers are the new highway threatHackers are the new highway threat
Hackers are the new highway threat
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive Revolution
 
Michael W. Meissner - Cyber Security Engineering Biography
Michael W. Meissner - Cyber Security Engineering BiographyMichael W. Meissner - Cyber Security Engineering Biography
Michael W. Meissner - Cyber Security Engineering Biography
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
 
Public policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous VehiclesPublic policy aspects of Connected and Autonomous Vehicles
Public policy aspects of Connected and Autonomous Vehicles
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT Security
 
Automotive security (cvta)
Automotive security (cvta)Automotive security (cvta)
Automotive security (cvta)
 
HARMAN Corporate Deck
HARMAN Corporate DeckHARMAN Corporate Deck
HARMAN Corporate Deck
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
 
Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Security Defense by vulnerability mgmt nov 11 2015
Cyber Security Defense by vulnerability mgmt nov 11 2015Cyber Security Defense by vulnerability mgmt nov 11 2015
Cyber Security Defense by vulnerability mgmt nov 11 2015
 

Similar to Feasible car cyber defense - ESCAR 2010

Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...Rick G. Garibay
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systemsfajjarrehman
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
From the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerFrom the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerRick G. Garibay
 
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADAAutomotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADAGilad Bandel
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Deepak Shankar
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesThe IOT Academy
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in TransportationOren Elimelech
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfssuser8b324e
 
Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWKapil Kanugo
 

Similar to Feasible car cyber defense - ESCAR 2010 (20)

Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Embedded
EmbeddedEmbedded
Embedded
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systems
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Chapter 1-1.pptx
Chapter 1-1.pptxChapter 1-1.pptx
Chapter 1-1.pptx
 
Wfcs2019
Wfcs2019Wfcs2019
Wfcs2019
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 
From the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerFrom the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's Primer
 
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADAAutomotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
 
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
Mastering IoT Design: Sense, Process, Connect: Processing: Turning IoT Data i...
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in Transportation
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
 
Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOW
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Feasible car cyber defense - ESCAR 2010

  • 1. Feasible Car Cyber Defense Arilou Information Security Technologies LTD.
  • 3. General • Intro to modern car • The rising threat • Current solutions • Suggested solution
  • 4. The modern car • Sophisticated and computerized • Decentralized electronic system  Usually consists of dozens of computers (ECUs – electronic control units) and sensors  New functionalities – hundreds MBs of code  Connected by one or more network segments • Autonomous cars
  • 6. The rising threat • ECUs controlled mechanisms  Brakes  Stability control  Airbags  … • CAN bus connected • Rising wave of cyber attacks
  • 7. CAN bus protocol • A protocol from the 80’s • Very simple • Not secured in any manner  Priority according to ID  Who is the sender?
  • 8. Known attacks - TODO •Disable an automotive using the internet •Attack using wireless tire pressure sensors •Attack using On-Star •Attack using the infotainment system – gain control over the vehicle
  • 9. Attack motivation • Access to the automotive internal communication network  Car theft  Stealing personal data  Extortion  Damaging business competitors reputation  …
  • 10. Hacking a system • Demonstrated by US researchers - hack using RDS, Bluetooth and more • Hack a widespread infotainment system using hostile files  With no prior knowledge  No budget  Goal: estimate the possibility of such scenario
  • 11. Infotainment Hack internet
  • 12. Hacking process • Understand inner working and get binaries • Reversing the binaries – focus on input parsing • Finding exploitable vulnerabilities • Implementing the exploit
  • 14. Conclusion Cars were designed for safety and functionality – not for Security
  • 15. The challenge • Huge number of suppliers • Lots of external interfaces • Every cent counts • Time critical communication • Legacy systems • Zero tolerance for mistakes
  • 17. Cryptography • Confidentiality • Integrity • Authenticity • Can solve some of the issues  The automotive world is far from ideal for this
  • 18. Cryptography Difficulties • Key exchange and management • Symmetric keys:  Identical to all units – vulnerable  Not identical – complicated to manage • Asymmetric keys:  Time and computing complexity – cost  PK infrastructure needed • Maintenance nightmare – for a mission critical solution • Export restrictions • The industry is too decentralized • Does not solve vulnerabilities  Exploit can use the crypto mechanisms to encrypt  The more sophisticated the system the larger the attack surface
  • 19. CAN bus firewall • A rule based CAN bus Firewall  Whitelist  Rate limit  Authentication • Independent device  Single non-expensive chip  aftermarket or integrated SOC  Military grade  Thoroughly tested • Architecture  As general rule does not require redesign of ECU’s software or vehicle’s network
  • 20. Features • Physical forms  Standalone device with two CAN bus connections  Integrated chip in an ECU • Configuration  CLI (RS-232) interface  GUI  Non volatile memory • Protection  Secure software  Rule based filter  Rate limit against DOS