Click here to load reader

Automotive Cybersecurity: Why is it so Difficult? ... Types of Challenges Experimental -Just trying to make it work Focused on meeting basic performance Security seen as hindrance

  • View
    1

  • Download
    0

Embed Size (px)

Text of Automotive Cybersecurity: Why is it so Difficult? ... Types of Challenges Experimental -Just trying...

  • Automotive Cybersecurity: Why is it so Difficult?

    Steven W. Dellenback, Ph.D. Vice President R&D – Intelligent Systems Division

  • Cybersecurity is not “one” Entry Point

  • Four Major Aspects of Cybersecurity

    How Can Someone Gain Unauthorized Access?

    What Could They do if They Gained Access?

    How Can We Detect Unauthorized Access?

    What Can be Done in Response to an Attack?

  • How Do Cyber Attacks Occur:

    Physical access  Intercept internal Signals  Serial  Cellular  CAN

    Wireless attacks  Cellular  WiFi  Bluetooth®

    Software attacks  Reverse Engineering  Fuzzing  Configuration Analysis  Design Review

  • Cars are becoming complex… (and Connected Vehicle is only part of it)

    1965:  No computers  No software

    2015:  Up to ~200 computers

    –Consider TPMS are 4 computers and wireless…  >100 million lines of code  LTE (or similar) enabled vehicles are becoming commonplace

    http://www.informationisbeautiful.net

  • Today’s Vehicles are “Systems of Systems” (by many vendors)

  • Connected Automated Vehicle (CAV) Cybersecurity

    A “connected automated vehicle” is a system of systems – its NOT just one connection  Not from ONE company / manufacturer  Suppliers change: in mid-stream / repairs

    Where is the responsibility for cybersecurity:  Standards  Network  Vehicle  Etc.

    CV is not just “DSRC” There are MANY entry points into a CAV environment

  • Challenges with Connected Vehicles Recent attacks on Connected Vehicles:  Jeep Cherokee: “Hackers

    Remotely Kill a Jeep on the Highway—With Me in It”

     GM OnStar: “This Gadget Hacks GM Cars to Locate, Unlock, and Start Them”

     Tesla Model S: “Researchers Hacked a Model S, But Tesla’s Already Released a Patch”

     Impact of these attacks:

    – Erodes public trust – Raises awareness – improves security practices – Not a setback for DSRC

  • Security is a Balance…

    How much do you want to pay for security?  Usually not a lot until

    you are compromised 

    Like all technology solutions, a balance has to be reached based on funding, accessibility and reality

    Every organization has to decide the level of “acceptable risk”

  • Consider a CAV Environment

    For Connected Vehicle to be successful it must be integrated into the transportation infrastructure, and general consensus that AVs need CV to be viable

  • Cybersecurity “touch” Points: Need to “worry” each of these…

    Field network Bluetooth Wireless networks Wired networks Vehicles Any device that is connected to one of the above

  • What’s the Problem?

    Problem?  How to apply conventional penetration testing methods to

    autonomous vehicle technology?

    Why address it now?  Autonomous Technology is transitioning out of the lab and

    into the streets.  Proactively address security to avoid “patching in” later.

    What can we do right now?  Evaluate sensors  Influence vendors  Develop requirements Generate discussion

  • Types of Challenges

    Experimental - Just trying to make it work  Focused on meeting basic performance  Security seen as hindrance to prototyping  Operating in controlled environment  “Worry about it later”

    Garbage In = Garbage Out  Sensor data only as good as the source  Making assumptions about sensor performance based on limited

    testing  Sensor perception, sensitivity, and ranges highly variable

    Fusing data sources is difficult  Different units, manufacturers, libraries  Correlating objects between sensor types  Response magnitude may vary for materials/shapes

  • Types of Challenges

    Each sensor from a different manufacturer  Sometimes a sensor is a composition from even more suppliers  Technology layering and abstraction results in compounding

    corner cases Each sensor an embedded system  Firmware updates  Debug ports, flash memory, configuration files  Multiple suppliers / vendors

    Constantly evolving sensor set  Likely different than previous sensor or different manufacturer  Start security assessment all over again

  • Lifecycle Security

    Secure Over-the-Air

    Update

    Penetration Testing

    Secure Code Practices

    Coding Analysis

    Sensor Security

    Secure Interface Design

    Risk Modeling Asset Tracking

    ISO 26262 (Road Vehicles Functional Safety) / J3061 (Cybersecurity Guidebook for Cyber-Physical Vehicle Systems) Process:

    Security Requirements

    Development

  • Source: Ford Motor Company

    Its Complex…

  • Connected Vehicle Environment Potential Attacks

    Spoofing, jamming, or subtle skew of GPS

    signal Injecting bad data that is then communicated over trusted comms

    Use roadway infrastructure to

    infiltrate TMC network

    Using comms or physical means to

    hack vehicle and control it

    or obtain trusted security

    credentials

    Flood DSRC safety & control channels

    Simulate vehicles that will trigger safety apps. Tough

    to detect if sensors are occluded

    Broadcast incorrect messages

    to/from Vulnerable Road Users

    Hack RSE and alter

    SPAT/MAP messages

  • Steven W. Dellenback, Ph.D. Vice President R&D

    Intelligent Systems Division 210.522.3914

    [email protected]

    Questions ?

Search related