Automotive Cybersecurity:Why is it so Difficult?

Steven W. Dellenback, Ph.D.Vice President R&D – Intelligent Systems Division

Cybersecurity is not “one” Entry Point

Four Major Aspects of Cybersecurity

How Can Someone Gain Unauthorized Access?

What Could They do if They Gained Access?

How Can We Detect Unauthorized Access?

What Can be Done in Response to an Attack?

How Do Cyber Attacks Occur:

Physical access Intercept internal Signals Serial Cellular CAN

Wireless attacks Cellular WiFi Bluetooth®

Software attacks Reverse Engineering Fuzzing Configuration Analysis Design Review

Cars are becoming complex…(and Connected Vehicle is only part of it)

1965: No computers No software

2015: Up to ~200 computers

–Consider TPMS are 4 computers and wireless… >100 million lines of code LTE (or similar) enabled vehicles are becoming commonplace

http://www.informationisbeautiful.net

Today’s Vehicles are “Systems of Systems” (by many vendors)

Connected Automated Vehicle (CAV) Cybersecurity

A “connected automated vehicle” is a system of systems – its NOT just one connection Not from ONE company / manufacturer Suppliers change: in mid-stream / repairs

Where is the responsibility for cybersecurity: Standards Network Vehicle Etc.

CV is not just “DSRC”There are MANY entry points into a CAV environment

Challenges with Connected VehiclesRecent attacks on Connected Vehicles: Jeep Cherokee: “Hackers

Remotely Kill a Jeep on the Highway—With Me in It”

GM OnStar: “This Gadget Hacks GM Cars to Locate, Unlock, and Start Them”

Tesla Model S: “Researchers Hacked a Model S, But Tesla’s Already Released a Patch”

Impact of these attacks:

– Erodes public trust

– Raises awareness – improves security practices

– Not a setback for DSRC

Security is a Balance…

How much do you want to pay for security? Usually not a lot until

you are compromised

Like all technology solutions, a balance has to be reached based on funding, accessibility and reality

Every organization has to decide the level of “acceptable risk”

Consider a CAV Environment

For Connected Vehicle to be successful it must be integrated into the transportation infrastructure, and general consensus that AVs need CV to be viable

Cybersecurity “touch” Points:Need to “worry” each of these…

Field networkBluetoothWireless networksWired networksVehiclesAny device that is connected to one of the above

What’s the Problem?

Problem? How to apply conventional penetration testing methods to

autonomous vehicle technology?

Why address it now? Autonomous Technology is transitioning out of the lab and

into the streets. Proactively address security to avoid “patching in” later.

What can we do right now? Evaluate sensors Influence vendors Develop requirementsGenerate discussion

Types of Challenges

Experimental - Just trying to make it work Focused on meeting basic performance Security seen as hindrance to prototyping Operating in controlled environment “Worry about it later”

Garbage In = Garbage Out Sensor data only as good as the source Making assumptions about sensor performance based on limited

testing Sensor perception, sensitivity, and ranges highly variable

Fusing data sources is difficult Different units, manufacturers, libraries Correlating objects between sensor types Response magnitude may vary for materials/shapes

Types of Challenges

Each sensor from a different manufacturer Sometimes a sensor is a composition from even more suppliers Technology layering and abstraction results in compounding

corner casesEach sensor an embedded system Firmware updates Debug ports, flash memory, configuration files Multiple suppliers / vendors

Constantly evolving sensor set Likely different than previous sensor or different manufacturer Start security assessment all over again

Lifecycle Security

Secure Over-the-Air

Update

Penetration Testing

Secure Code Practices

Coding Analysis

Sensor Security

Secure Interface Design

Risk ModelingAsset Tracking

ISO 26262 (Road Vehicles Functional Safety) / J3061 (Cybersecurity Guidebook for Cyber-Physical Vehicle Systems) Process:

Security Requirements

Development

Source: Ford Motor Company

Its Complex…

Connected Vehicle EnvironmentPotential Attacks

Spoofing, jamming, or subtle skew of GPS

signalInjecting bad data that is then communicated over trusted comms

Use roadway infrastructure to

infiltrate TMC network

Using comms or physical means to

hack vehicle and control it

or obtain trusted security

credentials

Flood DSRC safety & control channels

Simulate vehicles that will trigger safety apps. Tough

to detect if sensors are occluded

Broadcast incorrect messages

to/from Vulnerable Road Users

Hack RSE and alter

SPAT/MAP messages

Steven W. Dellenback, Ph.D.Vice President R&D

Intelligent Systems Division210.522.3914

sdellenback@swri.org

Questions ?