Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Connected Car Security


Published on

Treat Landscape in Connected Car Security, and Potential Risk Mitigation Strategies.

Published in: Automotive

Connected Car Security

  1. 1. CONNECTED CAR SECURITY Threat landscape and Potential Mitigation Strategies Suresh Mandava Cyber Security Lead for IoT/BigData Practice August 4, 2015 @sureshmandava
  2. 2. Hackers Remotely Kill a Jeep on the Highway—With Me in It July 21, 2015 We Drove a Car While It Was Being Hacked, May 29, 2014 Almost Year Before
  3. 3. Before Matrix there was Speed The film tells the story of the LAPD cop who tries to rescue civilians on a city bus rigged with a bomb programmed to explode if the bus slows down or if civilians try to escape. Trapped aboard the ship, Annie and Alex work with the ship's first officer to try to stop the ship, which they discover is programmed to crash into an oil tanker. 1994 1997
  4. 4. Automotive Electronics Systems Example: Lexus LS-460 •  Sep 2006 •  +100 ECU’s •  7 Million Lines of Software Code
  5. 5. Year(s) apart…
  6. 6. SpyCarACT (July 21, 2015) SPY Car Act, the legislation introduced by Markey and Blumenthal The Security and Privacy in Your Car Act (the SPY Car Act) specifies that the NHTSA and FTC together issue •  Notices of Proposed Rulemaking within 18 months, and final regulations within three years of the act’s enactment. •  The SPY Car Act will apply to vehicles made two years after final cybersecurity and privacy regulations are issued.
  7. 7. SpyCarACT : Cybersecurity Standards •  Vehicle System Security. All entry points to a vehicle’s electronic systems must be equipped with reasonable measures to protect against cyberattacks, including isolation measures to separate critical and non-critical software systems; •  Vulnerability Testing and Remediation. Such reasonable security measures shall be evaluated for vulnerabilities following best security practices, including appropriate applications of techniques such as penetration testing, and must be adjusted and updated based on the results of such evaluation; •  Data Security. All driving data9 collected by a vehicle’s electronic systems must be reasonably secured from unauthorized access while data is stored onboard the vehicle, in transit from the vehicle to another location, and in any offboard storage or use; and •  Real-Time Attack Mitigation. All entry points to a vehicle’s electronic systems must be equipped with capabilities to immediately detect, report, and stop unauthorized attempts to intercept driving data or control the vehicle. Violation of such cybersecurity standards would result in liability to the federal government for civil penalties of no more than US$5,000 per violation.
  8. 8. SpyCarACT : Privacy Standards •  Transparency. Foreclosing other notice mechanisms as legally viable, the act would require that each vehicle provide clear and conspicuous notice, in clear and plain language, to owners or lessees of a vehicle of the collection, transmission, retention, and use of any driving data collected; •  Consumer Control. Owners or lessees must be given the option to terminate the collection and retention of driving data without losing access to navigation tools or other features or capabilities, to the extent technically possible (with the exception of driving data stored as part of the electronic data recorder system or other safety systems required for post-incident investigations, emissions history checks, crash avoidance or mitigation, or other regulatory compliance); •  Limitations on Driving Data Use. Manufacturers may not use any driving data collected by a vehicle for advertising or marketing purposes without the affirmative and express consent of the owner or lessee, which must be obtained using a clear and conspicuous consent request in clear and plain language that does not make use of the driving data a condition for the consumer’s use of any nonmarketing feature, capability, or functionality of the vehicle.
  9. 9. With 'recall,' Fiat Chrysler makes its car hack worse The decision of Fiat Chrysler to mail out USB sticks to customers directly to patch the recent vulnerability is the security equivalent of waving a red rag to a bull "It's like if after surgery the doctor forgets a pair of scissors in your stomach, and when you find out, he just sends you a scalpel to fix it yourself." July 27, 2015 Why Chrysler's car hack 'fix' is staggeringly stupid
  10. 10. Recall Costs. GM's total recall cost: $4.1 billion U.S. Department of Transportation's National Highway Traffic Safety Administration (NHTSA) sets the national safety standards and can influence -- or in some cases order -- an auto manufacturer to repair safety-related defects at no cost to the consumer. Even if the fix is something as minor as a missing washer or a faulty electrical connection, the manufacturer stands to lose millions of dollars in the process In their interviews with manufacturers, some identified difficulties in notifying vehicle owners about safety defects. For example, there was mention that not all vehicle owners keep their address information up to date with state motor vehicle registration offices. In addition, the older the vehicle, the more changes of ownership and mailing addresses occur, making it more difficult to identify the current address of the current owner. Toyota's Out-of-Control Gas Pedals, cost of the blunder $5 billion
  11. 11. WillAutonomous Cars Be the Insurance Industry’s Napster Moment ? Autonomous vehicles will make commuting a lot safer. Consumers have to pay out a lot less money with the lower number of claims, but premiums will necessarily drop as well and the overall amount of money within the car insurance system will dwindle. One opportunity for the industry could be selling more coverage to carmakers and other companies developing the automated features for cars. When the technology fails, manufacturers could get stuck with big liabilities that they will want to cover by buying more insurance. There's also a potential for cars to get hacked as they become more networked.
  12. 12. 1996+ : Year the Matrix Started. Modern automobiles are laced with a number of microcontrollers and sensors that monitor and control everything from the throttle position to the ambient air temperature. These devices typically communicate over a wired in-vehicle network like a CAN bus. CAN bus is one of five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. The OBD-II standard has been mandatory for all cars and light trucks sold in the United States since 1996
  13. 13. Network technology existed in E/E architecture Mixoflowdataratecontrolorhigh-cost/proprietarysolutions Technology Data Rate IP Ownership Media Topology Usage LIN 40kbps LIN Consortium Single wire P2P Body electronics CAN 1Mbps ISO-11898 Bosch UTP Shared Power train (Engine, transmission, ABS) CAN-FD 2.5Mbps Bosch UTP Shared Power train (Engine, transmission, ABS) FlexRay 10Mbps ISO-17458 FlexRay Consortium UTP Shared High-perf power train, (Safety, drive-by-wire, active suspension, ACC) •  Low data rate control Technology Data Rate IP Ownership Media Topology Usage MOST 150Mbps SMSC POF Ring infotainment FPDLink LVDS 655Mbps – 3Gbps TI/National Shield coax P2P Camera/display •  High cost/proprietary
  14. 14. Network Technology
  15. 15. Connected through Gateway.
  16. 16. Endangerment of selected automotive bus systems
  17. 17. CANBUS
  18. 18. Can Topology Two twisted differential wires, CAN high and CAN low, with two termination resistors of 120 ohm each. The bus has a maximum signaling rate of 1 Mbps with a bus length of 40 m with a maximum of 30 nodes.
  19. 19. CAN specifies only the two basic layers: Data Link and Physical layer. Only 2 Layers
  20. 20. CAN Frames
  21. 21. CanMessage
  22. 22. CANBUS-FD
  23. 23. Packet Size
  24. 24. CAN FD : Flexible DataRate
  25. 25. Honda’s CAN Network (ManufacturerSpecific)
  26. 26. FLEXRAY
  27. 27. FlexRayArchitecture : 10Mbps Time and EventTriggered Protocol Clock Synchronization Combined Topology (Bus and Star)
  28. 28. FlexRayArchitecture FlexRay Host Controller •  Execute Main Application •  Decide what needs to be send to Communication Controller FlexRay Communications Controller •  Realizes all functions of the FlexRay protocol •  Channel between Bus Driver and Host Controller. FlexRay Bus Guardian •  Prevents the node from sending and receiving outside it’s time slots. •  Recognize synchronization and communication errors •  Monitors changes in the supply which could cause defects in bus •  Important Fault tolerance of the FlexRay. FlexRay Bus Driver •  Send/Receive Data from Bus
  29. 29. Automotive Open SystemArchitecture •  A global partnership of carmakers, car component, electronics, semiconductor and software industries founded in 2003. Ø  Defines methodology that supports distributed, function driven development process Ø  Standardizes the Software Architecture for ECU’s •  9 Core Partners •  BMW, Bosch, Continental, Daimler, Ford, General Motors, Peugeot, Toyota, and Volkswagen •  About 50 Premium Members Ø  OEMs: e.g. Fiat, Honda, Hyundai, Mazda, Porsche, Renault, TATA Ø  Tier1s: e.g. Delphi, DENSO, Magneti Marelli, Valeo Ø  Tool providers: e.g. dSPACE, Elektrobit, ETAS, TTTech, Vector Ø  Chip manufacturers: e.g. Freescale, Infineon, Renesas •  About 90 Associated Members •  About 20 Development Members •  Current Status •  Recent Version (Release 4.2 – Oct 2014) consists of 100+ Specifications and 80 related documents
  30. 30. Automotive Open SystemArchitecture
  31. 31. AutoSAR Vision : standardized architectures and interfaces
  32. 32. AutoSAR BasicArchitecture
  33. 33. AutoSAR with VFB (Virtual Function Bus)
  34. 34. AUTOSAR Layered View with CSM
  35. 35. Software components for encrypted transmission
  36. 36. JapanAutomotive Software Platform andArchitecture
  37. 37. JapanAutomotive Software Platform andArchitecture
  38. 38. JapanAutomotive Software Platform andArchitecture
  39. 39. OBD2 Reader Car Diagnostic Tool Price: $17.95 & FREE Shipping Price: $99.95 Torque is an OBD2 performance and diagnostic tool for any device that runs the Android operating system. It will allow you to access the many sensors within your vehicles Engine Management System, as well as allow you to view and clear trouble codes.
  40. 40. CAN-Bus Shield
  41. 41. Plugin Echo-System
  42. 42. SocketCAN SocketCAN is a set of open source CAN drivers and a networking stack contributed by Volkswagen Research to the Linux kernel.
  43. 43. SocketCAN # ip link set can0 type can bitrate 500000 listen-only on # ip link set can0 up # candump -cae can0,0:0,#FFFFFFFF vdesi@vdesi:~$ candump -cae any,0:0,#FFFFFFFF can0 440 [8] 40 00 80 00 00 00 00 00 '@.......' can0 442 [8] 42 00 80 00 00 00 00 00 'B.......' can0 440 [8] 40 01 80 00 00 00 00 00 '@.......' can0 620 [8] 10 80 00 00 00 40 00 80 '.....@..' can0 442 [8] 42 01 80 00 00 00 00 00 'B.......' can0 440 [8] 42 02 00 00 00 00 00 00 'B.......' can0 442 [8] 40 02 00 00 00 00 00 00 '@.......' can0 440 [8] 42 02 00 00 00 00 00 00 'B.......' can0 620 [8] 10 00 00 00 00 40 00 80 '.....@..' can0 442 [8] 40 02 00 00 00 00 00 00 '@.......' canplayer < candump-2015-08-02_120603.log & mplayer VDESI0012.AVI -ss 1:17 Canberry V 1.1
  44. 44. The general purpose Controller Area Network swiss army knife / development platform. Canb.US Triple (3 CAN Controllers) Read and Dispatch CAN packets Bluetooth 4.0 LE Programmable and Open 79.00 USD
  45. 45.
  46. 46. “In the midst of chaos, there is also opportunity” ― Sun Tzu, A Arte da Guerra “The art of war is of vital importance to the State. It is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected.” ― Sun Tzu, The Art of War
  47. 47. Ethernet Becoming a Standard Ethernet is now being considered as a replacement for legacy bus protocols such as MOST and FlexRay by car OEMs including BMW and Hyundai. Ethernet could be the catalyst for bringing the automotive industry a step closer to connected vehicles,” says Frost & Sullivan Senior Research Analyst, Divya Krishnamurthy. Broadcom has helped set up the OPEN Alliance special interest group (SIG) to promote BroadR-Reach as a de facto automotive Ethernet standard. CAN network doesn’t have enough capacity to carry the encryption overhead necessary to carry and protect messages effectively. From both angles, performance and security, we see a role for Ethernet in the eco networks
  48. 48. 78% of car owners will demand connected features in their next vehicle
  49. 49. Diversity and complexity of ADAS applications Demands high-performance and flexible compute platform Vision Rear View Camera Vision Enhancement Auto dimming headlights Blind Spot Detection 360 View Parking Assist Sign Recognition Traffic Signal Detection Lane Detection Rain/Fog Detection Pedestrian Detection Pedestrian Avoidance Eye Focus Detection Driver Monitoring Sign Recognition Vehicle Detection Audio/Sound Rear Object Detec,on Parking Assist/Auto Park Voice Recogni,on Cabin Noise Reduc,on Emergency Recogni,on Radar Front Collision Avoidance Braking Adaptive Cruise Control 360 degree Hazard Awareness Rear Collision Detection
  50. 50. Global Connected Car Market
  51. 51. V2V : US to push for mandatory car-to-car wireless communications The government believes vehicle-to-vehicle data links will help improve driver safety, and will push for legislation requiring it in "a future year."
  52. 52. NHTSA to require backup cameras on all vehicles Start phasing in on May 1, 2016 models and be at 100% by May 1, 2018.
  53. 53. Over-the-air software coming soon to your next car Tesla's OTA upgrade bumped up the all-electric Model S's 0-60mph speed by about one-tenth (0.1) of a second. Tesla CEO Elon Musk tweeted about the upgrade, saying it was an update to the inverter algorithm. An inverter changes direct current electricity to alternating current. We have a software and firmware team that packages updates. The packages are matched to a VIN [vehicle identification number] to ensure the car has the required hardware to receive all relevant updates
  54. 54. Autonomous Car’s Uber CEO To Tesla: Sell Me Half A Million Autonomous Electric Cars In 2020
  55. 55. SECURITY STRATEGY Protecting Real-world Threats
  56. 56. ECU Module Consolidation Adding a new ECU for new features is no longer sustainable. Dedicated processors, memories and other electronic components for new features increases cost and architecture complexity, says Thomas Wendt, Senior Partner in Roland Berger’s North American Automotive Practice. The solution he suggests is module consolidation. This approach would leverage modern technologies to add speed and flexibility to vehicle electronic architectures, while saving cost. The consultancy estimates at average $175 per vehicle for cockpit electronics. Automotive electronics complexity at tipping point, study warns
  57. 57. Ethernet streamlines automotive E/E architecture From low BW, proprietary, control-centric to high BW, standard-based data network Gateway DLC CAN LIN CAN-FD/FlexRay CAN-FD/FlexRay MOST 1TPCE Powertrain Chassis & Safety InfotainmentBody Electronics CAN-FD/FlexRay Powertrain DCU CAN-FD/FlexRay Chassis & Safety DCU Gateway DLC 1TPCE CAN LIN Body Electronics DCU 1TPCE RTPGE RTPGE RTPGE 1TPCE/RTPGE RTPGE DCU DCU Infotainment ADAS Current Future Standardization •  Time synchronization •  QoS •  Redundancy •  VLAN isolation •  Power efficiency •  PHY Bandwidth scalability •  100Mbps – 1Gbps •  Scales up to 400Gbps Large eco-system •  Wide deployment •  Long-lasting part supply Low cost •  Design to drive UTP •  Volume drives down ASP
  58. 58. Zero Latency Encryption with FPGA’s Secure FlexRay Communication Controller. With a custom network interface, as in the case of an FPGA-based ECU, we can integrate such data security transparently at the network layer, without affecting the real-time guarantees of the time-triggered protocol
  59. 59. Automotive Security Standards and Projects
  60. 60. SECURITY SERVICES Real Time Threat Analytics for Auto Industry Powered by Cloud / BigData Platform
  61. 61. Real-Time SecurityTelemetry Monitoring using BDPaaS
  62. 62. Real-Time SecurityTelemetry Monitoring WorkFlow
  63. 63. Security Processes Risks on Connected Cars Service Backend Dealer 3rd Parties Mobile Connect OBD Bluetooth Bus ECUs Infotainment Key Unauthorized remote turn off of car safety Car Safety Exploits Maleware Unauthorized Usage of Apps Unauthorized Telediagnostic/ Telecoding
  64. 64. Security Processes Countermeasures protecting Connected Cars Service Backend Dealer 3rd Parties WLAN OBD Bluetooth GSM Bus ECUs Infotainment Key Car Safety Cryptography Secure Communicatio n Secure Onboard Communication ECU Hardening Security Integration in Development Stages & Enrollment & Service Processes Security Concept /Security Policy Management & Security Lifecycle AV & Secure Proxy Advanced Backend Security SW- Activation with cryptography Telemonitoring Secure Apps& Services with cryptography SecurityPolicy Inspection Pentesting Lifecycle Message Filter / IPS Secure Patch Management via OTA
  65. 65. THANK YOU Suresh Mandava, CyberSecurity for IoT/BigData Practice Aug 4, 2015