Embed Size (px)
Citation preview
DESIGN AND IMPLEMENTATION OF IDS FOR AVB/TSN NETWORKSRodrigo Alves (UFPE/BOSCH)Michael Buchalik (BOSCH)Divanilson R. Campelo (UFPE)Timo Lothspeich (BOSCH)
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Intrusion Detection Systems (IDS)
Motivation
Threat Scenarios
Evaluation & Measurements
Conclusion and Future Work
AgendaDesign and Implementation of IDS for AVB/TSN Networks
INTRUSION DETECTION SYSTEMS (IDS)
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Automotive Security - OverviewDesign and Implementation of IDS for AVB/TSN Networks
4
2
Integrity protection of critical in-vehicle signals and messages
In-vehicle network1
ECU software and data integrity protection
Individual ECU4
Vehicle firewall and security standards for external interfaces
Connected Vehicle
Protected and separated domains by E/E architecture and gateway
3E/E-Architecture
ECU = Electric Control Unit
ADAS = Advanced Driver Assistance System
BCM = Body Control ModulePT = Power TrainGW = GatewayHU = Head Unit
5
Network communication behavior is monitored and analyzed
Intrusion Detection System
OBD
In recent history, the automotive industry has spent significant effort to secure it’s products.Security can be found on different layers.
HU BCM……
Gateway
……
PT…
ADAS…
OBD
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Design and Implementation of IDS for AVB/TSN Networks
© Robert Bosch GmbH 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.5
Intrusion Detection System
A strong push from the U.S. government for “timely detection and rapid response” of potential vehicle cyber security incidents in the field.
MOTIVATION
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Audio Video Bridging / Time Sensitive NetworkingDesign and Implementation of IDS for AVB/TSN Networks
7
Synchronization StreamReservation
Shapers Reliability PrioritizationEnhancements
Security Transport Network Configuration
AVB 802.1AS-2011(gPTP)
802.1Qat-2010(SRP)
802.1Qav(Credit BasedShaper)
- - - 1722-2011(Audio/Video)
-
TSN P802.1AS-Rev(Reliable gPTP )
802.1Qca-2015(Path Reservation)
802.1Qcc-2018(Enhanced SRP + Network Configuration)
802.1Qbv-2015(TT Shaper)
802.1Qch-2017(CyclicScheduling)
P802.1Qcr(Async Traffic Shaper)
802.1CB-2017(Redundant Paths)
802.1Qbu-2016(Frame preemption)
802.1Qci2017(Ingress Filtering andPolicing)
1722-2016(Additional Automotive encapsulationfor: CAN, LIN, FlexRay, etc.)
1722.1-2013(AVDECC)
A set of standards to add deterministic features to the network like precise timing, bounded latency, guaranteed bandwidth, fault tolerant, etc.
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Motivation: Ethernet TSN StackDesign and Implementation of IDS for AVB/TSN Networks
8
End node 1
Eth PHY
Ethernet Stack Rev2
End node 2
Eth PHY
Ethernet Stack Rev1
End node 3
Eth PHY
Ethernet Stack
Vendor AVendor BVendor CVendor DVendor E
Switch
Legend:
What youthink What you
have
“If you want to protect your network, know your network“
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Motivation: One Header, Three ProtocolsDesign and Implementation of IDS for AVB/TSN Networks
9
SRPgPTP
MAAP
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Motivation: Complex Header e.g AVTPDesign and Implementation of IDS for AVB/TSN Networks
10
THREATS SCENARIOS
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
AVB/TSN IDS FocusDesign and Implementation of IDS for AVB/TSN Networks
12
Monitor Time Synchronization (AS)
Monitor Stream Reservation (Qat)
Traffic Shaping (Qbv, Qch)
Network configuration (AVDECC)
Transport Protocols (AVTP)
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Threats and Anomaly Detection - Example 1Design and Implementation of IDS for AVB/TSN Networks
13
Man-In-the-Middle
time
Sync Interval
Missing Follow-up
Sync messages
Follow-up messages
UsualFollow-upInterval
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Design and Implementation of IDS for AVB/TSN Networks
14
Time Source
ECU 1 - Grandmaster
ECU 2
ECU 3
Time Source
ECU 1 - Grandmaster
ECU 2
ECU 3
time
Malicious ECU
Time Source
ECU 1 - Grandmaster
ECU 2
ECU 3
Malicious ECU
I am the
Grandmaster!
I am a better
Grandmaster!
Switch Switch Switch
Threats and Anomaly Detection - Example 2Rogue Grandmaster
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Threats and Anomaly Detection - Example 3Design and Implementation of IDS for AVB/TSN Networks
15
ECU 2
ECU 3
SwitchMalicious ECU
ECU 1
Invalid Stream 1Valid Stream 1
ECU 2
ECU 3
Switch
ECU 1
Flooding
ECU 2
ECU 3
Switch
ECU 1
Version PTP 2 Version PTP 1
Deviations from protocol specificationFlooding attacksSpoofed streams
Malicious ECUMalicious ECU
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Threats and Anomaly Detection - Example 4Design and Implementation of IDS for AVB/TSN Networks
16
ECU 2
ECU 3
Switch
ECU 1 MAAP_DEFENDMAAP_PROBE
Denial of Service
Malicious ECU
time
Address 1 Address 1
ECU 2
ECU 3
Switch
ECU 1MAAP_DEFENDMAAP_PROBE
Address 2 Address 2
ECU 2
ECU 3
Switch
ECU 1MAAP_DEFENDMAAP_PROBE
Address 3 Address 3 …Malicious ECU Malicious ECU
EVALUATION & MEASUREMENTS
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Design and Implementation of IDS for AVB/TSN Networks
© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
PoC Implementation – Preliminary Results
18
0
1 2 3 4 5 6 7
Test Equipment7
Switching
2
IPS
Application
Firmware
0
1 2 3 4 5 6 7
Test Equipment7
IDS
Application
Firmware
0
1 2 3 4 5 6 7
Test Equipment71 3 4 5 6
Application
Firmware
1 2 3 4 5 6 1 2 3 4 5 6
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Test Case 1: Latency
19
Design and Implementation of IDS for AVB/TSN Networks
0
20
40
60
80
100
120
140
Switching IDS IPS
Average Latency (µs)
Average Latency
1.) RFC 2544: Benchmarking Methodology for Network Interconnected Devices
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Test Case 2: gPTP Synchronization – Offset and P2P-DelayDesign and Implementation of IDS for AVB/TSN Networks
-30-25-20-15-10-505
10152025
Switching IDS IPS
Offset (ns)
Negative Offset Positive Offset
0
50000
100000
150000
200000
250000
Switching IDS IPS
Peer-to-Peer Delay (ns)
Min. Mean Path DelayAvg. Mean Path DelayMax. Mean Path Delay
20
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
21
45000
50000
55000
60000
65000
70000
75000
64 128 256 512 1024 1536
Throughput [frame/s]
Packets size
0
100
200
300
400
500
600
700
800
900
64 128 256 512 1024 1536
Throughput [Mbit/s]
Packet size
Test Case 3: CPU Throughput for IPSDesign and Implementation of IDS for AVB/TSN Networks
CONCLUSION ANDFUTURE WORK
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
General Considerations
23
No considerable difference for IDS compared to normal switch operation
IPS use-case adds considerable overhead
Packet Loss and Jitter are also affected
CPU processing power becomes relevant for IDS/IPS performance
More throughput for bigger packets
Network configuration is a key factor
One step sync vs Two step sync
Time Synchronization and Path Delay Calculation intervals
Number of devices on the network
Switch configuration (Number and size of RX buffers) need to fit network characteristics
Design and Implementation of IDS for AVB/TSN Networks
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Future work: IEEE 802.1CBDesign and Implementation of IDS for AVB/TSN Networks
24
Distributed IDS on multiple devices?
Other protocols MACsec, YANG
Performance comparison between different devices
Take safety considerations into concern
E.g. Rate limiting and drop malicious packets
Performance improvements
Take more advantages on HW features
Required processing power for higher bandwidth networks:
2.5Gb/s, 5Gb/s, 10Gb/s +
Interfacing with other Anomaly Detector components, e.g. CAN
1 2 3 4
S1
S2
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.Internal | Automotive Electronics | AE-BE/EKE1 | 2019-05-09© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
74
Thank you for your attention
Please visit us at our boothfor further discussion!
M. Sc. Rodrigo Alves
Automotive ElectronicsProduct Security (AE-BE/ESW9-St)
[email protected].: +49-711-811-10875
BACKUP
26
Automotive Electronics | AE-BE/ESW9-St - Rodrigo Alves | 2019-07-22© Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Firewall vs IDSDesign and implementation of IDS for AVB/TSN networks
27
5 4 3 2Little/No-Delay
Individual Packets
No logging
Individual Components
Deeper Inspection
Traffic History
Logging
Part of bigger System
Connected FleetIDS monitors and analysis offleet data to prevent attacks
Connected VehicleVehicle firewall and security
standards for external interfaces
EE ArchitectureProtected and separated domainsby E/E architectures and gateways
Individual ECUECU software and data
integrity protection
In-Vehicle NetworkingIntegrity protection of critical
in-vehicle signals and messages
5
4
1
2
3
1Firewall Intrusion Detection System
