Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Automotive Cybersecurity:Why is it so Difficult?
Steven W. Dellenback, Ph.D.Vice President R&D – Intelligent Systems Division
Cybersecurity is not “one” Entry Point
Four Major Aspects of Cybersecurity
How Can Someone Gain Unauthorized Access?
What Could They do if They Gained Access?
How Can We Detect Unauthorized Access?
What Can be Done in Response to an Attack?
How Do Cyber Attacks Occur:
Physical access Intercept internal Signals Serial Cellular CAN
Wireless attacks Cellular WiFi Bluetooth®
Software attacks Reverse Engineering Fuzzing Configuration Analysis Design Review
Cars are becoming complex…(and Connected Vehicle is only part of it)
1965: No computers No software
2015: Up to ~200 computers
–Consider TPMS are 4 computers and wireless… >100 million lines of code LTE (or similar) enabled vehicles are becoming commonplace
http://www.informationisbeautiful.net
Today’s Vehicles are “Systems of Systems” (by many vendors)
Connected Automated Vehicle (CAV) Cybersecurity
A “connected automated vehicle” is a system of systems – its NOT just one connection Not from ONE company / manufacturer Suppliers change: in mid-stream / repairs
Where is the responsibility for cybersecurity: Standards Network Vehicle Etc.
CV is not just “DSRC”There are MANY entry points into a CAV environment
Challenges with Connected VehiclesRecent attacks on Connected Vehicles: Jeep Cherokee: “Hackers
Remotely Kill a Jeep on the Highway—With Me in It”
GM OnStar: “This Gadget Hacks GM Cars to Locate, Unlock, and Start Them”
Tesla Model S: “Researchers Hacked a Model S, But Tesla’s Already Released a Patch”
Impact of these attacks:
– Erodes public trust
– Raises awareness – improves security practices
– Not a setback for DSRC
Security is a Balance…
How much do you want to pay for security? Usually not a lot until
you are compromised
Like all technology solutions, a balance has to be reached based on funding, accessibility and reality
Every organization has to decide the level of “acceptable risk”
Consider a CAV Environment
For Connected Vehicle to be successful it must be integrated into the transportation infrastructure, and general consensus that AVs need CV to be viable
Cybersecurity “touch” Points:Need to “worry” each of these…
Field networkBluetoothWireless networksWired networksVehiclesAny device that is connected to one of the above
What’s the Problem?
Problem? How to apply conventional penetration testing methods to
autonomous vehicle technology?
Why address it now? Autonomous Technology is transitioning out of the lab and
into the streets. Proactively address security to avoid “patching in” later.
What can we do right now? Evaluate sensors Influence vendors Develop requirementsGenerate discussion
Types of Challenges
Experimental - Just trying to make it work Focused on meeting basic performance Security seen as hindrance to prototyping Operating in controlled environment “Worry about it later”
Garbage In = Garbage Out Sensor data only as good as the source Making assumptions about sensor performance based on limited
testing Sensor perception, sensitivity, and ranges highly variable
Fusing data sources is difficult Different units, manufacturers, libraries Correlating objects between sensor types Response magnitude may vary for materials/shapes
Types of Challenges
Each sensor from a different manufacturer Sometimes a sensor is a composition from even more suppliers Technology layering and abstraction results in compounding
corner casesEach sensor an embedded system Firmware updates Debug ports, flash memory, configuration files Multiple suppliers / vendors
Constantly evolving sensor set Likely different than previous sensor or different manufacturer Start security assessment all over again
Lifecycle Security
Secure Over-the-Air
Update
Penetration Testing
Secure Code Practices
Coding Analysis
Sensor Security
Secure Interface Design
Risk ModelingAsset Tracking
ISO 26262 (Road Vehicles Functional Safety) / J3061 (Cybersecurity Guidebook for Cyber-Physical Vehicle Systems) Process:
Security Requirements
Development
Source: Ford Motor Company
Its Complex…
Connected Vehicle EnvironmentPotential Attacks
Spoofing, jamming, or subtle skew of GPS
signalInjecting bad data that is then communicated over trusted comms
Use roadway infrastructure to
infiltrate TMC network
Using comms or physical means to
hack vehicle and control it
or obtain trusted security
credentials
Flood DSRC safety & control channels
Simulate vehicles that will trigger safety apps. Tough
to detect if sensors are occluded
Broadcast incorrect messages
to/from Vulnerable Road Users
Hack RSE and alter
SPAT/MAP messages
Steven W. Dellenback, Ph.D.Vice President R&D
Intelligent Systems Division210.522.3914
Questions ?