Automotive Cybersecurity Validation Strategy

2020-12-10 | Nico Vinzenz | ZF Friedrichshafen AG

Why do we need an Automotive Validation Strategy?

Obligatory “Jeep in the ditch”-Picture

• Jeep Cherokee Hack

➢2015 by Miller and Valasek

But the List goes on..

2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 4

Tesla (2015): Remote vehicle unlock and start

Nissan (2016): Remote instrument panel control

Hyundai (2017): Remote vehicle unlock and start

Mercedes-Benz (2019): Remote vehicle unlock and start

Emerging Challenge – V2X Connectivity

Emerging Challenge – AD Functionality

Emerging Challenge – E/E Architecture

Further Cybersecurity Challenges

Lifetime of

15+ YearsHardware

RestrictionsCompetitive

Profit Margins

Insecure Programming

Languages

Agenda

01 Automotive Development Process

02 Security Validation Strategies

03 Practical Application

04 Reducing Risks in the Future

01Automotive Development Process

System

Requirements

Analysis

System

Qualification Test

System

Architectural

Design

System

Integration and

Integration Test

Software

Requirements

Analysis

Software

Architectural

Design

Software Detailed

Design and Unit

Construction

Software Unit

Verification

Software

Integration and

Integration Test

Software

Qualification Test

Standard V-Model

Cybersecurity V-Model

TARA• Threat Analysis and Risk Assessment (TARA)

➢Input: System Assets

➢Output: Security Goals

• Security Validation Strategies

➢Validate Security Goals

02Security Validation Strategies

Overview

Fuzz Testing

Penetration

Testing

Vulnerability

Scanning

Functional

Testing

Testing against the “known”

Testing against the “unknown”

• Requirement-based Approach

➢Translate functional requirements into test cases

➢Easy to find intended but not implemented behavior

➢Hard to find implemented but notintended behavior

Fuzz Testing

Penetration

Testing

Vulnerability

Scanning

Functional

Testing

Functional Testing

Intended Behaviour(Requirements)

Functional Testing

Implemented Behaviour(Program Code)

Functional Testing

Easy:Positive Test Cases

Functional Testing

Easy:Positive Test Cases

Hard:Negative Test Cases

• Knowledge-DB Approach

➢Static/dynamic code analysis finds weaknesses

➢CVE-matching on Bill of Materials (BoM) finds vulnerabilities

➢Port scanner finds configuration mistakes

➢Oblivious to zero-day and product-unique exploits

Fuzz Testing

Penetration

Testing

Vulnerability

Scanning

Functional

Testing

Vulnerability Scanning

• Testing into the Void

➢Interface supplied with semi-valid data

➢System monitored for suspicious behavior

➢Can find unknown vulnerabilities

➢Challenging to configure correctly and generate “evidence”

Fuzz Testing

Penetration

Testing

Vulnerability

Scanning

Functional

Testing

Fuzz Testing

Fuzz TestingTool

Software/System

Interfaces

Malformed Input

Fuzz Testing

Fuzz TestingTool

Software/System

Interfaces

Malformed Input External Instrumentation

In-bandInstrumentation

Fuzz Testing

Fuzz TestingTool

Software/System

Monitor

Interfaces

Feed-back Channel

Malformed Input External Instrumentation

In-band Instrumentation

• Authorized Cyberattack

➢Security expert tries all available techniques within scope

➢Can find unknown vulnerabilities

➢High demand on effort and expertise makes it expensive

Fuzz Testing

Penetration

Testing

Vulnerability

Scanning

Functional

Testing

Penetration Testing

Penetration Testing Large Budget

•Multiple experts

•High-tech lab for SCA

•Months of work

Small Budget

•“Script kiddies”

•Generic vulnerability scanner/fuzzer

•Days of work

• Iterative Process

1. Findings flow back into the TARA

2. Adaption of security goals and requirements

3. Adaption of security validation strategies

Iterative Process

03Practical Application

Functional Testing

Hardware in the Loop (HiL)

• Execute test cases on …

➢SiL (Software in the Loop)

➢HiL (Hardware in the Loop)

Developer PC

Static/DynamicCode Analysis

BoM CVE-Matching

Incident Response Process

•Interface to supplier and “Responsible Disclosure” researcher

•PSIRT (Product Security Incident Response Team) ensures appropriate reaction

Fuzz Testing

Software Unit Fuzzing

•X.509 certificates

•Custom written parser

•Data input

•Config files

System Interface Fuzzing

•CAN (FD)

•UDS

•Ethernet Stack

•IP, TCP, TLS/DTLS

Penetration Testing

Project

ProjectStart

Start ofProduction

Security FeaturesFunctional

Penetration Testing

Project

ProjectStart

Start ofProduction

Security FeaturesFunctional

04Reducing Risks in the Future

• Upcoming regulation

➢UNECE WP.29 and ISO/SAE 21434

• CEP (Cybersecurity Engineering Process)

• Holistic Cybersecurity Concept

• LTS (Long Time Support)

Reducing Risks in the Future

Thank you!Questions?

ZF Friedrichshafen AG behält sich sämtliche Rechte an den gezeigten

technischen Informationen einschließlich der Rechte zur Hinterlegung von

Schutzrechtsanmeldungen und an daraus entstehenden Schutzrechten im

In- und Ausland vor.

ZF Friedrichshafen AG reserves all rights regarding the shown technical

information including the right to file industrial property right applications and

the industrial property rights resulting from these in Germany and abroad.

nico.vinzenz@zf.com

382020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy

Automotive Cybersecurity Validation Strategy

Documents

Experimental validation of the optimum design of automotive air-to

Cybersecurity Verification and Validation Testing in

VDA China - Automotive SPICE for Cybersecurity · 2021. 4. 12. · The performance of the Cybersecurity PAM requires a VDA scope assessment of Automotive SPICE 3.1. The Cybersecurity

Webinar Automotive SPICE for Cybersecurity...In February 2021, the VDA Yellow Print "Automotive SPICE® for Cybersecurity" has been published. Available for free under vda-qmc.de 2

Automotive Linux, Cybersecurity and Transparency

Test Driving Automotive Virtual Drivability Calibration ... · Test Driving Automotive Virtual Drivability Calibration and BMU ... Real-Time Powertrain Modeling, Model Validation

Outlook on Cybersecurity and Safety - umtri.umich.edu · Outlook on Cybersecurity and Safety The Future of Automotive Safety April 4th, 2018 Bill Hass (whass@lear.com)

Automotive Cybersecurity: It’s More Than ... - NXP Community

Building an Automotive Cybersecurity Testing Lab - … Cybersecurity Summit Building an Automotive Cybersecurity Testing Lab Justin Montalbano 05/01/2017 1

Primer: The top ten automotive cybersecurity vulnerabilities of 2015

5StarS Automotive Cybersecurity Through Assurance€¦ · •The 5StarS project directly counters this with •An innovative assurance methodology for assessing the cybersecurity

Automotive Cybersecurity A Gap Still Exists€¦ · the industry was not yet sufficiently focused on cybersecurity. Although there is some positive movement in 2016, automakers and

Automotive Cybersecurity -Challenges and Practical Guidance · 2019. 11. 18. · Automotive Cybersecurity -Challenges and Practical Guidance Security will be the major liability risk

Automotive cybersecurity - Building a better working …FILE/ey-automotive-cybersecurity.pdfAutomotive cybersecurity 4 Our comprehensive automotive cybersecurity and privacy framework

Automotive Cybersecurity: Foundations for Next-Generation … · 2019-10-03 · security impact of autonomous driving and connected cars. Index Terms—Cybersecurity, Mobility, Automotive,

Approach for Iterative Validation of Automotive Embedded Systems

Automation Platform for Automotive Radar€¦ · The Keysight KS83200A automation platform for automotive radar software offers several features to simplify the validation of automotive

Industry 2.0 Article on Design Validation for Automotive Systems using SolidWorks Simulation

CYBERSECURITY: VERIFICATION AND VALIDATION, AND

A Method for Constructing Automotive Cybersecurity Tests