SlideShare a Scribd company logo
5/26/2012




     Security for Automotive with Multi-
      core-based Embedded Systems


                                     Claudia Eckert
                                     TU München &
                                     Fraunhofer AISEC
                                 1

                                     DATE 2012, 16. March 2012
                                     Dresden

              C. Eckert, AISEC




Outline



1.         Introduction
2.         Security Issues 
3.         Multi‐core architectures: Risks
4.         Multi‐core architectures: Opportunities
5.
5          Research Challenges
           Research Challenges
6.         Take Home Message


©C. Eckert, AISEC,




                                                                        1
5/26/2012




1. Introduction
   Automotive : Today

• > 80 ECUs, security/safety sensitive services
• Tailored ECUs for additional functions
• High energy consumption
• Expensive 




©C. Eckert, AISEC,

                                                                                                3




1. Introduction Tomorrow: more services
                more computational power required
                                        Intelligent Car
                                        Routing and                     Traffic info and
                       Road Billing
                                        Navigation
                                        N i ti                          web cams



                                                                                (Location based)
                     Fleet Management                                           web information



            GPS Street                                                          Inter Car
            Parking                                                             Communication



                      Parking Slots
                      Reservation                         Contactless Gas        Mobile TV
                                                          Station


   High demand for few highly integrated multi-core systems

©C. Eckert, AISEC,




                                                                                                           2
5/26/2012




Outline



1.         Introduction
2.         Security Issues 
3.         Multi‐core architectures: Risks
4.         Multi‐core architectures: Opportunities
5.
5          Research Challenges
           Research Challenges
6.         Take Home Message


©C. Eckert, AISEC,




2. Security Issues
   Automotive Security: Today

Security level today: 
Security level today:
Do modern cars already provide 
• Secure execution environment?
• Hardened ECUs or security modules to reduce 
  vulnerabilities? 
• Security services like intrusion detection, access 
  controls, self‐monitoring?


©C. Eckert, AISEC,

                                                        6




                                                                   3
5/26/2012




    2. Security Issues
       Automotive: Security Risks

       Vulnerabilities: e.g.
       • ECUs which are not hardened:
         Code injection, data manipulation
       • Software updates via CAN/Ethernet
         insufficient access control (or even missing)
       • External interfaces enable :
         remote access/attacks: NFC, C2C



    ©C. Eckert, AISEC,




    2. Security Issues
       Automotive: Security Risks

    M2M interfaces (GSM) 
    • Communication with backend of OEM 
    • Internet access, added‐value services
    Vulnerabilities: 
    • Car logs into every GSM BTS
    • Attacks  with malformed  
      messages from GSM network 
    • Possible damages: 
      manipulation, DoS, malware
    ©C. Eckert, AISEC,

8                                                        8




                                                                    4
5/26/2012




2. Security Issues
   Automotive: Security Risks




©C. Eckert, AISEC,




 Lessons Learned so far


 Multi‐cores 
 • Multi‐core architectures are required to meet
       l         h                     d
    Increasing demands for computational power
    Demands to reduce power consumption
 • Cars are already  exposed to severe security risks
 Questions
 Q    i
 • Multi‐core: a security enhancing technology ?
 • Multi‐core: even more security/safety risks ?
©C. Eckert, AISEC,

                                                        10




                                                                    5
5/26/2012




Outline



1.         Introduction
2.         Security Issues
3.         Multi‐core architectures: Risks
4.         Multi‐core architectures: Opportunities
5.
5          Research Challenges
           Research Challenges
6.         Take Home Message


©C. Eckert, AISEC,




3. Multi-cores
   Even more risks …
Shared resources: memory, caches, network
 • Data leakages: confidentiality, integrity
        l k             fd     l
 • Covert channels, e.g. cache 
   replacement strategy
 • Denial‐of‐service: e.g. occupying 
   shared memory regions: starving 
   safety‐critical tasks
Vulnerable system software, missing separation
• e.g. BO attacks: malware intrusion, manipulation, …
©C. Eckert, AISEC,

                                                     12




                                                                 6
5/26/2012




Outline



1.         Introduction
2.         Security Issues
3.         Multi‐core architectures: Risks
4.         Multi‐core architectures: Opportunities
5.
5          Research Challenges
           Research Challenges
6.         Take Home Message


©C. Eckert, AISEC,




4. Multi-cores
   Opportunities
Attack tolerance
                                                                  FA
e.g. Fault injections with laser
                                                                       not auth


• Inject jump to bypass security checks
                                  FA
                                           0x00            0x80
• Modify register content         00000000             10000000
• Modify alarm signals             alarm
                                          OK

Multi‐core:
  • Redundant cores to tolerate fault‐attacks:  e.g. SLE 78 
    redundant computation, majority voting, monitoring
©C. Eckert, AISEC,
                                                  14
                                                             14




                                                                                         7
5/26/2012




4. Multi-cores
   Opportunities

 Attack tolerance
 Attack tolerance
 e.g. side‐channel attacks
• Timing (execution time of cryptographic operations) and 
  power (power consumption)  attacks  to crack keys   
Multi‐Core
 • Increased resistance against side‐channel attacks:
    e.g. using multi‐cores for randomized  execution of 
    cryptographic algorithms
©C. Eckert, AISEC,

                                                     15




4. Multi-cores
   Opportunities

Attack tolerance
Attack tolerance
e.g. resistance against software‐based modifications 




   • Redundant computation in different cores to detect 
     abnormal behavior (e.g. manipulated code) 
©C. Eckert, AISEC,

                                                     16




                                                                    8
5/26/2012




4. Multi-cores
   Opportunities
Take advantage of multi‐cores
   • Assign security/safety critical  tasks to dedicated 
     security cores (e.g. hardened cores):
        • secure execution environment
        • strict access controls
   • Distribute sensitive functions 
     between different cores to 
     enhance resistance against  
     reverse engineering attacks
©C. Eckert, AISEC,

                                                            17




4. Multi-cores
   Opportunities

Self‐monitoring
 • Separate a security core from data processing cores :
   • Trusted OSs in monitoring system 
   • Collect data in userland OS (e.g. syscall traces)
   • Securely analyze data to detect malbehavior
   • Dynamic health monitoring
 • Extend  VMI to enhance 
   malware detection on 
   multi‐cores
©C. Eckert, AISEC,

                                                            18




                                                                        9
5/26/2012




Outline



1.         Introduction
2.         Security Issues
3.         Multi‐core architectures: Opportunities
4.         Multi‐core architectures: Risks
5.         Research Challenges
           Research Challenges
6.         Take Home Message


©C. Eckert, AISEC,




5. Research Challenges
   Secure Architectures
                                          other System on Chip
                                M2M
                                    SIM
                                                                 ID        ID
                                   GSM                      Actuator    Sensor


                              Trust
                     Core      OS Core     IO-interfaces         Peripherals
                      1             2


                     Core i      Core n   RAM       Flash           Hardware
                                                                    Security
          System on Chip                                             Module

©C. Eckert, AISEC,




                                                                                       10
5/26/2012




   5. Research Challenges
      Secure Elements

 Scalable hardware trust anchors: 
 • Secure storage: 
   keys, credentials, access tokens
 • Integrity measurement: 
   static (TPM‐like)  as well as dynamic attestations
 • Support for virtualized execution environments:
   attaching a virtual Secure Element to individual 
   environments: Secure Boot, secure Updates , … 
 • PUF technology for secure identification
 ©C. Eckert, AISEC,

                                                                21




   5. Research Challenges
      Secure Software
Software Hardening
• Compile‐time Hardening                             Rich OS
• Operating System Extensions                  3rd Party Application
• Process Virtualization / Sandboxing
                                                      Android
• System Virtualization         Secure OS       including Dalvik VM

Secure Monitoring
Secure Monitoring               Trustworthy           L4Linux
                                component      with Android patches
• VMI for malware detection
                                       VMM (L4 Microkernel)
• Attack tolerance
                                             Multi-core (SoC)

 ©C. Eckert, AISEC,

                                                                22




                                                                             11
5/26/2012




6. Take Home Message

Automotive domain: High demand for
•    openess, value-added services, cost and energy efficiency
•    Security is already a big issue (e.g. impact on safety)
Multi-core architectures: security enhancing technology
•    Attack tolerance, self-monitoring
•    Partitioning: critical, non-critical
Research issues: security architectures & controls & crypto

    Secure multi-cores: key enabling technology for CPS!

        ©C. Eckert, AISEC,




                         Thank you for your Attention




                                   Claudia Eckert
                                   Fraunhofer AISEC, Munich
                                   TU Munich, Chair for IT Security
                                   E-Mail: claudia.eckert@aisec.fraunhofer.de
                                   http://www.aisec.fraunhofer.de
                                   http://www aisec fraunhofer de




        ©C. Eckert, AISEC,




                                                                                      12

More Related Content

Similar to Security for Automotive with Multicore-based Embedded Systems

IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
Sofics
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
ssusere142fe
 
seminar ppt.pptx
seminar ppt.pptxseminar ppt.pptx
seminar ppt.pptx
SuprithC2
 
ROUGH DOC.437
ROUGH DOC.437ROUGH DOC.437
ROUGH DOC.437
AKHILA VAKA
 
40 Jahre Informatik Hamburg
40 Jahre Informatik Hamburg40 Jahre Informatik Hamburg
40 Jahre Informatik Hamburg
Fraunhofer AISEC
 
IJCSE Paper
IJCSE PaperIJCSE Paper
IJCSE Paper
Sowmya Kambhampati
 
Cyber security and Industry.pptx
Cyber security and Industry.pptxCyber security and Industry.pptx
Cyber security and Industry.pptx
Sabahat Waheed
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions   stroudDeveloping functional safety systems with arm architecture solutions   stroud
Developing functional safety systems with arm architecture solutions stroud
Arm
 
Challenges of the io t v1
Challenges of the io t v1Challenges of the io t v1
Challenges of the io t v1
Incubation & Industry
 
Bryan Singer S4 Presentation
Bryan Singer   S4 PresentationBryan Singer   S4 Presentation
Bryan Singer S4 Presentation
bsinger74
 
Fundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cipFundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cip
RoutecoMarketing
 
ECI Communication Challenges for Power Utilities EUW2017
ECI Communication Challenges for Power Utilities EUW2017ECI Communication Challenges for Power Utilities EUW2017
ECI Communication Challenges for Power Utilities EUW2017
ECI – THE ELASTIC NETWORK™
 
Sgcp12 england-sentec
Sgcp12 england-sentecSgcp12 england-sentec
Sgcp12 england-sentec
Justin Hayward
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
VEDLIoT Project
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
 
Eliptic Curve cryptography based on image
Eliptic Curve cryptography based on imageEliptic Curve cryptography based on image
Eliptic Curve cryptography based on image
4HG20EC020MouneshGow
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
Yokogawa1
 
Presentation reliable NoC
Presentation reliable NoCPresentation reliable NoC
Presentation reliable NoC
shahanianmol
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
LF Events
 
Enabling utility protocols in Edge gateways
Enabling utility protocols in Edge gatewaysEnabling utility protocols in Edge gateways
Enabling utility protocols in Edge gateways
Nirmal Thaliyil
 

Similar to Security for Automotive with Multicore-based Embedded Systems (20)

IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
seminar ppt.pptx
seminar ppt.pptxseminar ppt.pptx
seminar ppt.pptx
 
ROUGH DOC.437
ROUGH DOC.437ROUGH DOC.437
ROUGH DOC.437
 
40 Jahre Informatik Hamburg
40 Jahre Informatik Hamburg40 Jahre Informatik Hamburg
40 Jahre Informatik Hamburg
 
IJCSE Paper
IJCSE PaperIJCSE Paper
IJCSE Paper
 
Cyber security and Industry.pptx
Cyber security and Industry.pptxCyber security and Industry.pptx
Cyber security and Industry.pptx
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions   stroudDeveloping functional safety systems with arm architecture solutions   stroud
Developing functional safety systems with arm architecture solutions stroud
 
Challenges of the io t v1
Challenges of the io t v1Challenges of the io t v1
Challenges of the io t v1
 
Bryan Singer S4 Presentation
Bryan Singer   S4 PresentationBryan Singer   S4 Presentation
Bryan Singer S4 Presentation
 
Fundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cipFundamentals of ethernet ip osi and cip
Fundamentals of ethernet ip osi and cip
 
ECI Communication Challenges for Power Utilities EUW2017
ECI Communication Challenges for Power Utilities EUW2017ECI Communication Challenges for Power Utilities EUW2017
ECI Communication Challenges for Power Utilities EUW2017
 
Sgcp12 england-sentec
Sgcp12 england-sentecSgcp12 england-sentec
Sgcp12 england-sentec
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Eliptic Curve cryptography based on image
Eliptic Curve cryptography based on imageEliptic Curve cryptography based on image
Eliptic Curve cryptography based on image
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
 
Presentation reliable NoC
Presentation reliable NoCPresentation reliable NoC
Presentation reliable NoC
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Enabling utility protocols in Edge gateways
Enabling utility protocols in Edge gatewaysEnabling utility protocols in Edge gateways
Enabling utility protocols in Edge gateways
 

More from Fraunhofer AISEC

Fraunhofer Magazin weiter.vorn
Fraunhofer Magazin weiter.vornFraunhofer Magazin weiter.vorn
Fraunhofer Magazin weiter.vorn
Fraunhofer AISEC
 
Internet of (Every)Thing
Internet of (Every)ThingInternet of (Every)Thing
Internet of (Every)Thing
Fraunhofer AISEC
 
App Ray: 10000 Apps
App Ray: 10000 AppsApp Ray: 10000 Apps
App Ray: 10000 Apps
Fraunhofer AISEC
 
Produktschutz-Technologien für elektronische Geräte
Produktschutz-Technologien für elektronische GeräteProduktschutz-Technologien für elektronische Geräte
Produktschutz-Technologien für elektronische Geräte
Fraunhofer AISEC
 
Cyber-Sicherheit - Newsletter 2013
Cyber-Sicherheit - Newsletter 2013Cyber-Sicherheit - Newsletter 2013
Cyber-Sicherheit - Newsletter 2013
Fraunhofer AISEC
 
Native Code Execution Control for Attack Mitigation on Android
Native Code Execution Control for Attack Mitigation on AndroidNative Code Execution Control for Attack Mitigation on Android
Native Code Execution Control for Attack Mitigation on Android
Fraunhofer AISEC
 
An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition
Fraunhofer AISEC
 
Marktchancen mit IT-Sicherheit
Marktchancen mit IT-SicherheitMarktchancen mit IT-Sicherheit
Marktchancen mit IT-Sicherheit
Fraunhofer AISEC
 
Cybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for SecurityCybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for Security
Fraunhofer AISEC
 
Sicherheitsgipfel - Chancen und Risiken der IT
Sicherheitsgipfel - Chancen und Risiken der ITSicherheitsgipfel - Chancen und Risiken der IT
Sicherheitsgipfel - Chancen und Risiken der IT
Fraunhofer AISEC
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
Fraunhofer AISEC
 
PEP - Protecting Electronic Products
PEP - Protecting Electronic ProductsPEP - Protecting Electronic Products
PEP - Protecting Electronic ProductsFraunhofer AISEC
 
Firmware Encryption and Secure Remote Update
Firmware Encryption and Secure Remote UpdateFirmware Encryption and Secure Remote Update
Firmware Encryption and Secure Remote Update
Fraunhofer AISEC
 
Infografik Produktschutz
Infografik ProduktschutzInfografik Produktschutz
Infografik Produktschutz
Fraunhofer AISEC
 
Cyber Security aus Sicht der Wissenschaft
Cyber Security aus Sicht der WissenschaftCyber Security aus Sicht der Wissenschaft
Cyber Security aus Sicht der Wissenschaft
Fraunhofer AISEC
 
Produktschutz Infografik
Produktschutz InfografikProduktschutz Infografik
Produktschutz Infografik
Fraunhofer AISEC
 
IKT-Trends und deren Bedeutung für eHealth
IKT-Trends und deren Bedeutung für eHealthIKT-Trends und deren Bedeutung für eHealth
IKT-Trends und deren Bedeutung für eHealth
Fraunhofer AISEC
 
Innovation braucht Sicherheit - Sicherheit braucht Forschung
Innovation braucht Sicherheit - Sicherheit braucht ForschungInnovation braucht Sicherheit - Sicherheit braucht Forschung
Innovation braucht Sicherheit - Sicherheit braucht Forschung
Fraunhofer AISEC
 
Alan Turing
Alan Turing Alan Turing
Alan Turing
Fraunhofer AISEC
 
Sicherheit im Smart Grid
Sicherheit im Smart GridSicherheit im Smart Grid
Sicherheit im Smart Grid
Fraunhofer AISEC
 

More from Fraunhofer AISEC (20)

Fraunhofer Magazin weiter.vorn
Fraunhofer Magazin weiter.vornFraunhofer Magazin weiter.vorn
Fraunhofer Magazin weiter.vorn
 
Internet of (Every)Thing
Internet of (Every)ThingInternet of (Every)Thing
Internet of (Every)Thing
 
App Ray: 10000 Apps
App Ray: 10000 AppsApp Ray: 10000 Apps
App Ray: 10000 Apps
 
Produktschutz-Technologien für elektronische Geräte
Produktschutz-Technologien für elektronische GeräteProduktschutz-Technologien für elektronische Geräte
Produktschutz-Technologien für elektronische Geräte
 
Cyber-Sicherheit - Newsletter 2013
Cyber-Sicherheit - Newsletter 2013Cyber-Sicherheit - Newsletter 2013
Cyber-Sicherheit - Newsletter 2013
 
Native Code Execution Control for Attack Mitigation on Android
Native Code Execution Control for Attack Mitigation on AndroidNative Code Execution Control for Attack Mitigation on Android
Native Code Execution Control for Attack Mitigation on Android
 
An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition An Antivirus API for Android Malware Recognition
An Antivirus API for Android Malware Recognition
 
Marktchancen mit IT-Sicherheit
Marktchancen mit IT-SicherheitMarktchancen mit IT-Sicherheit
Marktchancen mit IT-Sicherheit
 
Cybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for SecurityCybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for Security
 
Sicherheitsgipfel - Chancen und Risiken der IT
Sicherheitsgipfel - Chancen und Risiken der ITSicherheitsgipfel - Chancen und Risiken der IT
Sicherheitsgipfel - Chancen und Risiken der IT
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
 
PEP - Protecting Electronic Products
PEP - Protecting Electronic ProductsPEP - Protecting Electronic Products
PEP - Protecting Electronic Products
 
Firmware Encryption and Secure Remote Update
Firmware Encryption and Secure Remote UpdateFirmware Encryption and Secure Remote Update
Firmware Encryption and Secure Remote Update
 
Infografik Produktschutz
Infografik ProduktschutzInfografik Produktschutz
Infografik Produktschutz
 
Cyber Security aus Sicht der Wissenschaft
Cyber Security aus Sicht der WissenschaftCyber Security aus Sicht der Wissenschaft
Cyber Security aus Sicht der Wissenschaft
 
Produktschutz Infografik
Produktschutz InfografikProduktschutz Infografik
Produktschutz Infografik
 
IKT-Trends und deren Bedeutung für eHealth
IKT-Trends und deren Bedeutung für eHealthIKT-Trends und deren Bedeutung für eHealth
IKT-Trends und deren Bedeutung für eHealth
 
Innovation braucht Sicherheit - Sicherheit braucht Forschung
Innovation braucht Sicherheit - Sicherheit braucht ForschungInnovation braucht Sicherheit - Sicherheit braucht Forschung
Innovation braucht Sicherheit - Sicherheit braucht Forschung
 
Alan Turing
Alan Turing Alan Turing
Alan Turing
 
Sicherheit im Smart Grid
Sicherheit im Smart GridSicherheit im Smart Grid
Sicherheit im Smart Grid
 

Recently uploaded

欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】
欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】
欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】
rllen35178
 
hays salary report for 2024: check out your salaries here
hays salary report for 2024: check out your salaries herehays salary report for 2024: check out your salaries here
hays salary report for 2024: check out your salaries here
johnconnor370852
 
欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】
欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】
欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】
ramaysha335
 
一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理
一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理
一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理
pycfbo
 
一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理
一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理
一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理
cenaws
 
一比一原版(ucb毕业证书)白金汉大学毕业证如何办理
一比一原版(ucb毕业证书)白金汉大学毕业证如何办理一比一原版(ucb毕业证书)白金汉大学毕业证如何办理
一比一原版(ucb毕业证书)白金汉大学毕业证如何办理
lfn5dlg2q
 
美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】
美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】
美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】
jafiradnan336
 
Infineon_AURIX_HSM Revealed_Training_Slides.pdf
Infineon_AURIX_HSM Revealed_Training_Slides.pdfInfineon_AURIX_HSM Revealed_Training_Slides.pdf
Infineon_AURIX_HSM Revealed_Training_Slides.pdf
maicuongdt21
 
定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样
定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样
定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样
utuvvas
 
The last lesson in comic form for English art integrated project class 12
The last lesson in comic form for English art integrated project class 12The last lesson in comic form for English art integrated project class 12
The last lesson in comic form for English art integrated project class 12
YaiphabaChanam
 
欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】
asjpkomrxo
 
gHSM Product Introduction 2022newdocumane.pdf
gHSM Product Introduction 2022newdocumane.pdfgHSM Product Introduction 2022newdocumane.pdf
gHSM Product Introduction 2022newdocumane.pdf
maicuongdt21
 
car rentals in nassau bahamas | atv rental nassau bahamas
car rentals in nassau bahamas | atv rental nassau bahamascar rentals in nassau bahamas | atv rental nassau bahamas
car rentals in nassau bahamas | atv rental nassau bahamas
justinwilson0857
 
Cargdor frontal volvo L180E para trabajar en carga de rocas.
Cargdor frontal volvo L180E para trabajar en carga de rocas.Cargdor frontal volvo L180E para trabajar en carga de rocas.
Cargdor frontal volvo L180E para trabajar en carga de rocas.
Eloy Soto Gomez
 
按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理
按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理
按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理
ggany
 
Kenwood DDX71/491/471/371/3108/30718/271/2071 User Manual
Kenwood DDX71/491/471/371/3108/30718/271/2071 User ManualKenwood DDX71/491/471/371/3108/30718/271/2071 User Manual
Kenwood DDX71/491/471/371/3108/30718/271/2071 User Manual
derekmelino
 
美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】
美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】
美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】
andagarcia212
 
体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】
体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】
体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】
concepsionchomo153
 
欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】
欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】
欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】
arcosarturo900
 
Annual report on mahindra and mahindra on supply chain analysisdf
Annual report on mahindra and mahindra on supply chain analysisdfAnnual report on mahindra and mahindra on supply chain analysisdf
Annual report on mahindra and mahindra on supply chain analysisdf
ssuser470fe9
 

Recently uploaded (20)

欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】
欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】
欧洲杯足彩-滚球欧洲杯足彩-欧洲杯足彩滚球平台|【​网址​🎉ac123.net🎉​】
 
hays salary report for 2024: check out your salaries here
hays salary report for 2024: check out your salaries herehays salary report for 2024: check out your salaries here
hays salary report for 2024: check out your salaries here
 
欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】
欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】
欧洲杯竞猜-欧洲杯竞猜外围竞猜-欧洲杯竞猜竞猜平台|【​网址​🎉ac123.net🎉​】
 
一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理
一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理
一比一原版科廷大学毕业证(Curtin毕业证书)学历如何办理
 
一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理
一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理
一比一原版悉尼大学毕业证(USYD毕业证书)学历如何办理
 
一比一原版(ucb毕业证书)白金汉大学毕业证如何办理
一比一原版(ucb毕业证书)白金汉大学毕业证如何办理一比一原版(ucb毕业证书)白金汉大学毕业证如何办理
一比一原版(ucb毕业证书)白金汉大学毕业证如何办理
 
美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】
美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】
美洲杯买球-美洲杯买球在哪里押注-美洲杯买球在哪里投注|【​网址​🎉ac44.net🎉​】
 
Infineon_AURIX_HSM Revealed_Training_Slides.pdf
Infineon_AURIX_HSM Revealed_Training_Slides.pdfInfineon_AURIX_HSM Revealed_Training_Slides.pdf
Infineon_AURIX_HSM Revealed_Training_Slides.pdf
 
定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样
定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样
定制(london学位证书)英国伦敦大学毕业证本科学历原版一模一样
 
The last lesson in comic form for English art integrated project class 12
The last lesson in comic form for English art integrated project class 12The last lesson in comic form for English art integrated project class 12
The last lesson in comic form for English art integrated project class 12
 
欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯下注-欧洲杯下注下注app-欧洲杯下注盘口app|【​网址​🎉ac22.net🎉​】
 
gHSM Product Introduction 2022newdocumane.pdf
gHSM Product Introduction 2022newdocumane.pdfgHSM Product Introduction 2022newdocumane.pdf
gHSM Product Introduction 2022newdocumane.pdf
 
car rentals in nassau bahamas | atv rental nassau bahamas
car rentals in nassau bahamas | atv rental nassau bahamascar rentals in nassau bahamas | atv rental nassau bahamas
car rentals in nassau bahamas | atv rental nassau bahamas
 
Cargdor frontal volvo L180E para trabajar en carga de rocas.
Cargdor frontal volvo L180E para trabajar en carga de rocas.Cargdor frontal volvo L180E para trabajar en carga de rocas.
Cargdor frontal volvo L180E para trabajar en carga de rocas.
 
按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理
按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理
按照学校原版(UniSA文凭证书)南澳大学毕业证快速办理
 
Kenwood DDX71/491/471/371/3108/30718/271/2071 User Manual
Kenwood DDX71/491/471/371/3108/30718/271/2071 User ManualKenwood DDX71/491/471/371/3108/30718/271/2071 User Manual
Kenwood DDX71/491/471/371/3108/30718/271/2071 User Manual
 
美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】
美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】
美洲杯押注靠谱的软件-美洲杯押注靠谱的软件推荐-美洲杯押注靠谱的软件|【​网址​🎉ac123.net🎉​】
 
体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】
体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】
体育博彩-体育博彩赔率-体育博彩冠军赔率|【​网址​🎉ac44.net🎉​】
 
欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】
欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】
欧洲杯竞猜-欧洲杯竞猜下注平台-欧洲杯竞猜投注平台|【​网址​🎉ac44.net🎉​】
 
Annual report on mahindra and mahindra on supply chain analysisdf
Annual report on mahindra and mahindra on supply chain analysisdfAnnual report on mahindra and mahindra on supply chain analysisdf
Annual report on mahindra and mahindra on supply chain analysisdf
 

Security for Automotive with Multicore-based Embedded Systems

  • 1. 5/26/2012 Security for Automotive with Multi- core-based Embedded Systems Claudia Eckert TU München & Fraunhofer AISEC 1 DATE 2012, 16. March 2012 Dresden C. Eckert, AISEC Outline 1. Introduction 2. Security Issues  3. Multi‐core architectures: Risks 4. Multi‐core architectures: Opportunities 5. 5 Research Challenges Research Challenges 6. Take Home Message ©C. Eckert, AISEC, 1
  • 2. 5/26/2012 1. Introduction Automotive : Today • > 80 ECUs, security/safety sensitive services • Tailored ECUs for additional functions • High energy consumption • Expensive  ©C. Eckert, AISEC, 3 1. Introduction Tomorrow: more services more computational power required Intelligent Car Routing and Traffic info and Road Billing Navigation N i ti web cams (Location based) Fleet Management web information GPS Street Inter Car Parking Communication Parking Slots Reservation Contactless Gas Mobile TV Station High demand for few highly integrated multi-core systems ©C. Eckert, AISEC, 2
  • 3. 5/26/2012 Outline 1. Introduction 2. Security Issues  3. Multi‐core architectures: Risks 4. Multi‐core architectures: Opportunities 5. 5 Research Challenges Research Challenges 6. Take Home Message ©C. Eckert, AISEC, 2. Security Issues Automotive Security: Today Security level today:  Security level today: Do modern cars already provide  • Secure execution environment? • Hardened ECUs or security modules to reduce  vulnerabilities?  • Security services like intrusion detection, access  controls, self‐monitoring? ©C. Eckert, AISEC, 6 3
  • 4. 5/26/2012 2. Security Issues Automotive: Security Risks Vulnerabilities: e.g. • ECUs which are not hardened: Code injection, data manipulation • Software updates via CAN/Ethernet insufficient access control (or even missing) • External interfaces enable : remote access/attacks: NFC, C2C ©C. Eckert, AISEC, 2. Security Issues Automotive: Security Risks M2M interfaces (GSM)  • Communication with backend of OEM  • Internet access, added‐value services Vulnerabilities:  • Car logs into every GSM BTS • Attacks  with malformed   messages from GSM network  • Possible damages:  manipulation, DoS, malware ©C. Eckert, AISEC, 8 8 4
  • 5. 5/26/2012 2. Security Issues Automotive: Security Risks ©C. Eckert, AISEC, Lessons Learned so far Multi‐cores  • Multi‐core architectures are required to meet l h d  Increasing demands for computational power  Demands to reduce power consumption • Cars are already  exposed to severe security risks Questions Q i • Multi‐core: a security enhancing technology ? • Multi‐core: even more security/safety risks ? ©C. Eckert, AISEC, 10 5
  • 6. 5/26/2012 Outline 1. Introduction 2. Security Issues 3. Multi‐core architectures: Risks 4. Multi‐core architectures: Opportunities 5. 5 Research Challenges Research Challenges 6. Take Home Message ©C. Eckert, AISEC, 3. Multi-cores Even more risks … Shared resources: memory, caches, network • Data leakages: confidentiality, integrity l k fd l • Covert channels, e.g. cache  replacement strategy • Denial‐of‐service: e.g. occupying  shared memory regions: starving  safety‐critical tasks Vulnerable system software, missing separation • e.g. BO attacks: malware intrusion, manipulation, … ©C. Eckert, AISEC, 12 6
  • 7. 5/26/2012 Outline 1. Introduction 2. Security Issues 3. Multi‐core architectures: Risks 4. Multi‐core architectures: Opportunities 5. 5 Research Challenges Research Challenges 6. Take Home Message ©C. Eckert, AISEC, 4. Multi-cores Opportunities Attack tolerance FA e.g. Fault injections with laser not auth • Inject jump to bypass security checks FA 0x00 0x80 • Modify register content 00000000 10000000 • Modify alarm signals alarm OK Multi‐core: • Redundant cores to tolerate fault‐attacks:  e.g. SLE 78  redundant computation, majority voting, monitoring ©C. Eckert, AISEC, 14 14 7
  • 8. 5/26/2012 4. Multi-cores Opportunities Attack tolerance Attack tolerance e.g. side‐channel attacks • Timing (execution time of cryptographic operations) and  power (power consumption)  attacks  to crack keys    Multi‐Core • Increased resistance against side‐channel attacks: e.g. using multi‐cores for randomized  execution of  cryptographic algorithms ©C. Eckert, AISEC, 15 4. Multi-cores Opportunities Attack tolerance Attack tolerance e.g. resistance against software‐based modifications  • Redundant computation in different cores to detect  abnormal behavior (e.g. manipulated code)  ©C. Eckert, AISEC, 16 8
  • 9. 5/26/2012 4. Multi-cores Opportunities Take advantage of multi‐cores • Assign security/safety critical  tasks to dedicated  security cores (e.g. hardened cores): • secure execution environment • strict access controls • Distribute sensitive functions  between different cores to  enhance resistance against   reverse engineering attacks ©C. Eckert, AISEC, 17 4. Multi-cores Opportunities Self‐monitoring • Separate a security core from data processing cores : • Trusted OSs in monitoring system  • Collect data in userland OS (e.g. syscall traces) • Securely analyze data to detect malbehavior • Dynamic health monitoring • Extend  VMI to enhance  malware detection on  multi‐cores ©C. Eckert, AISEC, 18 9
  • 10. 5/26/2012 Outline 1. Introduction 2. Security Issues 3. Multi‐core architectures: Opportunities 4. Multi‐core architectures: Risks 5. Research Challenges Research Challenges 6. Take Home Message ©C. Eckert, AISEC, 5. Research Challenges Secure Architectures other System on Chip M2M SIM ID ID GSM Actuator Sensor Trust Core OS Core IO-interfaces Peripherals 1 2 Core i Core n RAM Flash Hardware Security System on Chip Module ©C. Eckert, AISEC, 10
  • 11. 5/26/2012 5. Research Challenges Secure Elements Scalable hardware trust anchors:  • Secure storage:  keys, credentials, access tokens • Integrity measurement:  static (TPM‐like)  as well as dynamic attestations • Support for virtualized execution environments: attaching a virtual Secure Element to individual  environments: Secure Boot, secure Updates , …  • PUF technology for secure identification ©C. Eckert, AISEC, 21 5. Research Challenges Secure Software Software Hardening • Compile‐time Hardening Rich OS • Operating System Extensions 3rd Party Application • Process Virtualization / Sandboxing Android • System Virtualization Secure OS including Dalvik VM Secure Monitoring Secure Monitoring Trustworthy L4Linux component with Android patches • VMI for malware detection VMM (L4 Microkernel) • Attack tolerance Multi-core (SoC) ©C. Eckert, AISEC, 22 11
  • 12. 5/26/2012 6. Take Home Message Automotive domain: High demand for • openess, value-added services, cost and energy efficiency • Security is already a big issue (e.g. impact on safety) Multi-core architectures: security enhancing technology • Attack tolerance, self-monitoring • Partitioning: critical, non-critical Research issues: security architectures & controls & crypto Secure multi-cores: key enabling technology for CPS! ©C. Eckert, AISEC, Thank you for your Attention Claudia Eckert Fraunhofer AISEC, Munich TU Munich, Chair for IT Security E-Mail: claudia.eckert@aisec.fraunhofer.de http://www.aisec.fraunhofer.de http://www aisec fraunhofer de ©C. Eckert, AISEC, 12