SlideShare a Scribd company logo

Automotive Security (Connected Vehicle Security Issues)

Priyanka Aash
Priyanka Aash

Connected Car Security Issues: 4 main components- 1- ECU (Electronic Control Unit) 2- CAN Bus (Control Area Network Bus) 3- OBD (Onboard Diagnostics) 4- Infotainment

Technology
1 of 32
May 22, 2017 Proprietary and Confidential - 1 - Connected Car Security IGATE is now a part of Capgemini Arnab Chattopadhayay, Senior Director Date: 13th May, 2017
May 22, 2017 Proprietary and Confidential - 2 - Table of Content  A Car Hack  Evolution of Modern Car  Components of a modern car  Automotive security – Threat Model  Relationship between Safety and Cybersecurity  Secure automotive design  Attack Model  Architectural Issues  Recommendations
May 22, 2017 Proprietary and Confidential - 3 - Chrysler Jeep Hack – Charlie Miller & Chris Valasek
May 22, 2017 Proprietary and Confidential - 4 - Yesterday
May 22, 2017 Proprietary and Confidential - 5 - Today
May 22, 2017 Proprietary and Confidential - 6 - Tomorrow
May 22, 2017 Proprietary and Confidential - 7 - Components of Modern Car
May 22, 2017 Proprietary and Confidential - 8 - List of Car Components •Accident Recorder •Active Aerodynamics •Active Cabin Noise Suppression •Active Exhaust Noise Suppression •Active Suspension •Active Vibration Control •Active Yaw Control •Adaptive Cruise Control •Adaptive Front Lighting •Airbag Deployment •Antilock Braking •Auto-Dimming Mirrors •Autonomous Emergency Braking •Battery Management •Blind Spot Detection •Cabin Environment Controls •Communication Systems •Convertible Top Control •Cylinder Deactivation •DSRC •Driver Alertness Monitoring •Electronic Power Steering •Electronic Seat Control •Electronic Stability Control •Electronic Throttle Control •Electronic Toll Collection •Electronic Valve Timing •Engine Control •Entertainment System •Event Data Recorder •Head-Up Displays •Hill Hold Control •Idle Stop-Start •Instrument Cluster •Intelligent Turn Signals •Interior Lighting •Lane Departure Warning •Lane Keeping Assist •Navigation •Night Vision Systems •On-Board Diagnostics •Parental Controls •Parking Systems •Precrash Safety •Rear-view Camera •Regenerative Braking •Remote Keyless Entry •Security Systems •Tire Pressure Monitoring •Traction Control •Traffic Sign Recognition •Transmission Control •Windshield Wiper Control
May 22, 2017 Proprietary and Confidential - 9 - Schematic view of Connected Components
May 22, 2017 Proprietary and Confidential - 10 - Four Main Components  ECU (Electronic Control Unit)  CAN Bus (Control Area Network Bus)  OBD (Onboard Diagnostics)  Infotainment
May 22, 2017 Proprietary and Confidential - 11 - ECU – Overview  Embedded Digital Computer  Runs closed-control-loop  Reads data from sensors (e.g. temperature, tyre pressure, engine rev, windows movement sensor) – Example: Gather data from different sensors the ECU looks up values in table and performs long mathematical equations to calculate best spark time or determine fuel injector opening time  Types of ECU – ECM – Engine Control Module – EBCM – Electronic Break Control Module – PCM - Powertrain Control Module – VCM – Vehicle Control Module – BCM – Body Control Module  32-bit 40-MHz Processor  Average code size: 1 MB
May 22, 2017 Proprietary and Confidential - 12 - ECU – Functional Block  Power supply – digital and analog (power for analog sensors)  MPU – Flash and RAM  Communication Link (e.g. CAN Bus link)  Discrete Inputs – On/Off switch type  Frequency Inputs – encoder type signals (e.g. crank or vehicle speed)  Analog Inputs – feedback signals from sensor  Switch output – On/Off switch type  PWM Outputs – variable frequency and duty cycle (e.g. injector, ignition)  Frequency Outputs – constant duty cycle (e.g. stepper motor)
May 22, 2017 Proprietary and Confidential - 13 - Example Function of ECU  At high speed circuit, drivers has to throttle more, rather than applying gradually full throttle. The accelerator will be set so that only a small movement will result in full engine acceleration – Read data captured by ADC on the Channel on which Accelerator Pedal is connected – Using the data, look-up the value from a multi-dimensional map which contains the Engine RPM as another input – Take output value from the map, multiply by correction factor – The output is the Torque to be generated by the engine – Repeat this sequence every 20 milliseconds
May 22, 2017 Proprietary and Confidential - 14 - CAN Bus  Multi-master serial bus  Connects ECU  Complexity of nodes can vary – Simple I/O device – Embedded computer with a CAN interface – Gateway to USB or Ethernet port  Nodes are connected through two wire bus with 120 Ohm termination  CAN-Hi – 5V when transmitting 0  CAN-Low – 0V when transmitting 0  Message broadcast to all Nodes – Nodes are expected to ignore message that are not addressed to them  Frame does not include source address
May 22, 2017 Proprietary and Confidential - 15 - CAN Protocol Frame
May 22, 2017 Proprietary and Confidential - 16 - OBD-II  Diagnostics Connector  SAE J1962 – Type A and Type B – both female pin – 16 pin (2 x 8) – D-shaped  Type A connector is used for vehicle that use 12V supply voltage  Type B connector is used for vehicle that use 24V supply voltage
May 22, 2017 Proprietary and Confidential - 17 - Main Hackable Attack Surface  Success of of hacking car depends on: – Remote attack surfaces – Cyber-physical features – In-Vehicle network architecture  20% models (2014- 2015) from different manufacturers are vulnerable to more than seven categories of remote attack From research by Miller and Valasek
May 22, 2017 Proprietary and Confidential - 18 - Relationship between Car Safety and Cyber Security  Strong relationship between automotive safety and cyber security  SAE J3061 – Cyber Security Guidebook for Cyber-Physical Vehicle Systems  System Safety is concerned with protecting against harm to life, property and environment  System Cybersecurity aims to prevent financial, operational, privacy and safety loses – All safety critical systems are security critical but there could be systems e.g. Infotainment that are security critical but not safety critical
May 22, 2017 Proprietary and Confidential - 19 - Cyber Security Threat Model – Threat Agents  Researchers and Hobbyists – Universities, government labs, defense labs. Motivations are usually positive to study and conduct research  Pranksters and Hacktivists – Takes opportunity to demonstrate their skills or promote their cause but with negative outcomes for the product owners and manufacturers  Owners and Operators – Many car hacking tools exists with owners and often they want to hack their own vehicles to improve performance, to bypass restriction set by manufacturers or regulators or disable components to obfuscate their fraudulent actions  Organized crime – Has always been a threat to vehicles. Main motivation is financial gain. DoS, malware, ransomware – Cyber crime-as-a-service !  Nation States – Not easy to determine motivation – Industrial espionage, surveillance, economic and physical warfare – Intervention to assist national manufacturers against foreign competitions – Tracking and audio monitoring of high-value objects  Transportation Infrastructure – Next-gen car V2V communication – Security and safety issue can occur through attacks and misbehavior of the surrounding infrastructure  Example: manipulation of traffic light confusing smart cars causing accidents
May 22, 2017 Proprietary and Confidential - 20 - Cyber Security Threat Model  One-to-many connected ECUs on same CAN Bus as the OBD-II Port  The ability to control the ECU results in attacker getting control of the vehicle  Assume, OBD-II device can be compromised  Determine the attack proximity and vulnerability  Classify vulnerabilities using Microsoft STRIDE and SAE SPFO Impact model the potential areas of vulnerability and particular types of threats that may take e of those vulnerabilities. ying types of vehicle bus architecture and varying types of OBD-II devices, we use a d diagram (Figure 4) to present potential connections in the vehicle. Each ECU in Figure 4 s the one or many connected ECUs on the same bus as the OBD-II port. The ability to control esults in attacker control of that vehicle’s function. Generic OBD-II Device Threat Model Diagram by analyzing the impacts of various attacks assuming the OBD-II device can be ised and an attacker can execute arbitrary code. Although each attack is the same, the impact on the capabilities of the device (e.g., how far away the attacker needs to be). Once the attack y and vulnerability are defined, the vulnerability is classified using Microsoft’s STRIDE ECU A ECU B ECU C Aftermarket OBD-II Device OBD-II Port
May 22, 2017 Proprietary and Confidential - 21 - Cyber Security Threat Model SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 6 [Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. technique (Microsoft, 2005). We also use the Society of Automotive Engineers (SAE) safety, privacy, financial, and operational impact to define how a vulnerability may affect a vehicle (Ward, et al., 2013). (Both STRIDE and the SAE techniques are described in Appendix D.) Table 2: Vulnerability Impact on the Device and the Vehicle Vulnerability ECU Affected Comments Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) Hardcoded credentials None X S0 S0 S0 S0 Arbitrary command injection OBD- connected buses X S0 S3 S0 S0 Vulnerability ECU Affected Comments VulnerabilityImpact (STRIDE) Impact (Ward, et al., 2013) Arbitrary CAN injection OBD- connected buses Full device compromise (See Table 3 for complete impact.) X X X X X X
May 22, 2017 Proprietary and Confidential - 22 - Cyber Security Threat Model Table 3: Vulnerability Impact on Vehicle with Complete Device Compromise by Proximity Vulnerability ECU Affected Proximity Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) S T R I D E S P F O Compromise of OBD-II device OBD- connected buses Physical X X X X X X S1 S1 S2 S2 Compromise of OBD-II device OBD- connected buses Short range (Bluetooth) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Long range (Wi-Fi) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Anywhere (cellular) X X X X X X S4 S4 S4 S4
May 22, 2017 Proprietary and Confidential - 23 - Anatomy of Chrysler Jeep Cherokee Hack  Head Unit is connected to both CAN Buses  Targeted to compromise Radio to get access to ECU connected to CAN-IHS and CAN-C  Radio receives GPS, AM/FM and Satellite Radio signal  Radio unit – Harman Uconnect system  Uconnect runs QNX  Uconnect system has Wifi  Wifi password was compromised  Performed port scan and identify D-Bus service  Exploited D-Bus vulnerability execute expoit as root  Jailbreak Uconnect  Uconnect payload – LUA Script  Uconnect communicates with CAN Buses using V850E/FJ3  The test OMAP chip can only read from CAN not send  Reverse engineer firmware of OMAP  Re-program by uploading code via USB that will allow V850 to send command to CAN  Then use CAN commands to do malicious activities – Jamming steering, slow down accelerator response Network Architecture The architecture of the 2014 Jeep Cherokee was very intriguing to us due to the fact that (Radio) is connected to both CAN buses that are implemented in the vehicle. Figure: 2014 Jeep Cherokee architecture diagram We speculated that if the Radio could be compromised, then we would have access to EC CAN-IHS and CAN-C networks, meaning that messages could be sent to all ECUs that cont attributes of the vehicle. You’ll see later in this paper that our remote compromise of the not directly lead to access to the CAN buses and further exploitation stages were necessa being said, there are no CAN bus architectural restrictions, such as the steering being on a separate bus. If we can send messages from the head unit, we should be able to send the ECU on the CAN bus.
May 22, 2017 Proprietary and Confidential - 24 - Potential Risks  Safety-Critical Risks – Driver Distractions (e.g. volume, wipers) – Engine Shutoff or Degradation – Steering Changes (autonomous vehicles)  Less Safety-Critical Vehicle Specific Risks – Theft of the car or contents – Enabling physical crime against occupants – Insurance or lease fraud – Eavesdropping on occupants – Theft of information (e.g. personal profile, phone list) – Vector for attacking mobile devices in the car – Theft of PII – Tracking the vehicles location
May 22, 2017 Proprietary and Confidential - 25 - Key Vulnerabilities Found in Car  Insecure firmware updates and downloads  Hardcoded or non-existent Bluetooth PIN  Weak WPA2 password  Hardcoded credentials  Internet-enabled administration interface
May 22, 2017 Proprietary and Confidential - 26 - Some Important Attack Vectors  Arbitrarily modify firmware  Maliciously update remote firmware  Lock/unlock doors  Turn on/off vehicle  Affect vehicle GPS tracking, speed, heading and altitude  Read the car’s internal data – temperature, fuel levels, diagnostic trouble codes etc.  Inject arbitrary CAN packet
May 22, 2017 Proprietary and Confidential - 27 - Common Architecture Issues  The Primary Processor – Simple processor – Convert External Network Protocol to CAN and vice versa – Logic is implemented in upstream systems – Do not include any security e.g. authentication, command validation  External Network Interface – Due to no filtering at device and OBD-II port, security is completely dependent on perimeter i.e. external network interface – External network interface security strength varies  WPA2 with not strong password  Easy to guess BT PIN  Widely shared BT PIN  Undocumented features  Insecure Firmware upgrades
May 22, 2017 Proprietary and Confidential - 28 - Recommendations  Hardware Security – Secure Boot and software attestation function – TPM – Tamper Protection – Cryptographic Acceleration – Active Memory Protection – Device Identity Directly on Device  Intel EPID, PUF  Software Security – Secure Boot – Partitioned OS – Authentication – Enforcement of approved and appropriate behavior – Secure SDL
May 22, 2017 Proprietary and Confidential - 29 - Recommendations  Network Security – Message and Device Authentication – Identify and enforce predictably holistic behavior – Access Controls  Cloud Security – Secure authenticated channel to cloud – Remote monitoring of vehicle – Threat intelligence exchange – OTA updates – Credential management
May 22, 2017 Proprietary and Confidential - 30 - Recommendations  Supply-chain Security – Authorized distribution channel – Track and trace – Continuity of supply
May 22, 2017 Proprietary and Confidential - 31 - Recommendations  ISO/IEC – 9797-1, 11889  ISO/IEC 9797-1: Security techniques – Message Authentication Codes  ISO/IEC 11889: Trusted Platform Module  ISO 12207: Systems and software engineering – Software life cycle processes  ISO 15408: Evaluation criteria for IT security  ISO 26262: Functional safety for road vehicles  ISO 27001: Information Security Management System  ISO 27002: Code of Practice – Security  ISO 27018: Code of Practice – Handling PII / SPI (Privacy)  ISO 27034: Application security techniques  ISO 29101: Privacy architecture frameworks  ISO 29119: Software testing standard  IEC 62443: Industrial Network and System Security  SAE J2945: Dedicated Short Range Communication (DSRC) Minimum Performance Requirements.  SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.  SAE J3101: Requirements for Hardware- Protected Security for Ground Vehicle Applications.  E-safety Vehicle Intrusion Protected Applications (EVITA)  Trusted Platform Module  Secure Hardware Extensions (SHE): From the German OEM consortium Hersteller Initiative Software (HIS), these on-chip extensions provide a set of cryptographic services to the application layer and isolate the keys.
May 22, 2017 Proprietary and Confidential - 32 - THANK YOU

Recommended

Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsOnBoard Security, Inc. - a Qualcomm Company
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car Real-Time Innovations (RTI)
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesHARMAN Connected Services
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 

Recommended

Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsOnBoard Security, Inc. - a Qualcomm Company
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car Real-Time Innovations (RTI)
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesHARMAN Connected Services
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking GAURAV. H .TANDON
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
 
The Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarThe Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarJorgen Thelin
 
Software Defined Car
Software Defined CarSoftware Defined Car
Software Defined CarPratik Desai, PhD
 
Electronic Control Unit(ECU)
Electronic Control Unit(ECU)Electronic Control Unit(ECU)
Electronic Control Unit(ECU)Ankul Gupta
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - Automotive IQ
 
Car hackers handbook
Car hackers handbookCar hackers handbook
Car hackers handbookRonald Veisenberger
 
Connected Cars
Connected CarsConnected Cars
Connected CarsTata Consultancy Services
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Alexa and the Connected Car
Alexa and the Connected CarAlexa and the Connected Car
Alexa and the Connected CarEmily (Hong) Lam
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive محمدعبد الحى
 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyEmbitel Technologies (I) PVT LTD
 
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...MaxEye Technologies Private Limited
 
AutoSpice Agile Hand in Hand
AutoSpice Agile Hand in HandAutoSpice Agile Hand in Hand
AutoSpice Agile Hand in HandRuchika Sachdeva
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous carsAmal Jose
 
Connected Car Technology
Connected Car TechnologyConnected Car Technology
Connected Car TechnologyPro Car Mechanics
 
Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsTonex
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsAlison Chaiken
 

More Related Content

What's hot

Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
 
The Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarThe Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarJorgen Thelin
 
Electronic Control Unit(ECU)
Electronic Control Unit(ECU)Electronic Control Unit(ECU)
Electronic Control Unit(ECU)Ankul Gupta
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - Automotive IQ
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Alexa and the Connected Car
Alexa and the Connected CarAlexa and the Connected Car
Alexa and the Connected CarEmily (Hong) Lam
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...MaxEye Technologies Private Limited
 
AutoSpice Agile Hand in Hand
AutoSpice Agile Hand in HandAutoSpice Agile Hand in Hand
AutoSpice Agile Hand in HandRuchika Sachdeva
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous carsAmal Jose
 

What's hot (20)

Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?
 
The Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarThe Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected Car
 
Software Defined Car
Software Defined CarSoftware Defined Car
Software Defined Car
 
Electronic Control Unit(ECU)
Electronic Control Unit(ECU)Electronic Control Unit(ECU)
Electronic Control Unit(ECU)
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
 
Car hackers handbook
Car hackers handbookCar hackers handbook
Car hackers handbook
 
Connected Cars
Connected CarsConnected Cars
Connected Cars
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive Industry
 
Alexa and the Connected Car
Alexa and the Connected CarAlexa and the Connected Car
Alexa and the Connected Car
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional Safety
 
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
Automotive Infotainment Test Solution or In-Vehicle Infotainment Testing (IVI...
 
AutoSpice Agile Hand in Hand
AutoSpice Agile Hand in HandAutoSpice Agile Hand in Hand
AutoSpice Agile Hand in Hand
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Autonomous cars
Autonomous carsAutonomous cars
Autonomous cars
 
Connected Car Technology
Connected Car TechnologyConnected Car Technology
Connected Car Technology
 

Similar to Automotive Security (Connected Vehicle Security Issues)

Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsTonex
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsAlison Chaiken
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionAlexander Schellong
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Mark Goldstein
 
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Dr.Irshad Ahmed Sumra
 
Advanced car security system
Advanced car security systemAdvanced car security system
Advanced car security systemAmi Goswami
 
WHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into CarsWHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into CarsSymantec
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
IRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber SecurityIRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber SecurityIRJET Journal
 
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationIntegration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationSachin Mehta
 
20181116.smart can cable_v2
20181116.smart can cable_v220181116.smart can cable_v2
20181116.smart can cable_v2Mocke Tech
 
Connected cars by Smart Driving Labs
Connected cars by Smart Driving LabsConnected cars by Smart Driving Labs
Connected cars by Smart Driving LabsMauroBenigno4
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
Chapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificChapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificMoe Moe Myint
 
Car electronization trend in automotive industry
Car electronization trend in automotive industryCar electronization trend in automotive industry
Car electronization trend in automotive industryKenji Suzuki
 
SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607Felipe Prado
 
The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)theijes
 

Similar to Automotive Security (Connected Vehicle Security Issues) (20)

Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded Systems
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
 
hamaa2.pdf
hamaa2.pdfhamaa2.pdf
hamaa2.pdf
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive Revolution
 
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
Phoenix Mobile & Emerging Tech Festival Autonomous Vehicles Presentation 11/3/18
 
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
Using Trusted Platform Module (TPM) to Secure Business Communication (SBC) in...
 
Advanced car security system
Advanced car security systemAdvanced car security system
Advanced car security system
 
WHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into CarsWHITE PAPER▶ Building Comprehensive Security Into Cars
WHITE PAPER▶ Building Comprehensive Security Into Cars
 
[IJET-V1I4P10] Authers :EiEi Thwe, Theingi
[IJET-V1I4P10] Authers :EiEi Thwe, Theingi[IJET-V1I4P10] Authers :EiEi Thwe, Theingi
[IJET-V1I4P10] Authers :EiEi Thwe, Theingi
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
Wfcs2019
Wfcs2019Wfcs2019
Wfcs2019
 
IRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber SecurityIRJET- Vehicle Cyber Security
IRJET- Vehicle Cyber Security
 
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationIntegration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and Communication
 
20181116.smart can cable_v2
20181116.smart can cable_v220181116.smart can cable_v2
20181116.smart can cable_v2
 
Connected cars by Smart Driving Labs
Connected cars by Smart Driving LabsConnected cars by Smart Driving Labs
Connected cars by Smart Driving Labs
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
Chapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain SpecificChapter 4 Embedded System: Application and Domain Specific
Chapter 4 Embedded System: Application and Domain Specific
 
Car electronization trend in automotive industry
Car electronization trend in automotive industryCar electronization trend in automotive industry
Car electronization trend in automotive industry
 
SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607SANS - Developments car hacking - 36607
SANS - Developments car hacking - 36607
 
The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)The International Journal of Engineering and Science (IJES)
The International Journal of Engineering and Science (IJES)
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Recently uploaded (20)

React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Automotive Security (Connected Vehicle Security Issues)

  • 1. May 22, 2017 Proprietary and Confidential - 1 - Connected Car Security IGATE is now a part of Capgemini Arnab Chattopadhayay, Senior Director Date: 13th May, 2017
  • 2. May 22, 2017 Proprietary and Confidential - 2 - Table of Content  A Car Hack  Evolution of Modern Car  Components of a modern car  Automotive security – Threat Model  Relationship between Safety and Cybersecurity  Secure automotive design  Attack Model  Architectural Issues  Recommendations
  • 3. May 22, 2017 Proprietary and Confidential - 3 - Chrysler Jeep Hack – Charlie Miller & Chris Valasek
  • 4. May 22, 2017 Proprietary and Confidential - 4 - Yesterday
  • 5. May 22, 2017 Proprietary and Confidential - 5 - Today
  • 6. May 22, 2017 Proprietary and Confidential - 6 - Tomorrow
  • 7. May 22, 2017 Proprietary and Confidential - 7 - Components of Modern Car
  • 8. May 22, 2017 Proprietary and Confidential - 8 - List of Car Components •Accident Recorder •Active Aerodynamics •Active Cabin Noise Suppression •Active Exhaust Noise Suppression •Active Suspension •Active Vibration Control •Active Yaw Control •Adaptive Cruise Control •Adaptive Front Lighting •Airbag Deployment •Antilock Braking •Auto-Dimming Mirrors •Autonomous Emergency Braking •Battery Management •Blind Spot Detection •Cabin Environment Controls •Communication Systems •Convertible Top Control •Cylinder Deactivation •DSRC •Driver Alertness Monitoring •Electronic Power Steering •Electronic Seat Control •Electronic Stability Control •Electronic Throttle Control •Electronic Toll Collection •Electronic Valve Timing •Engine Control •Entertainment System •Event Data Recorder •Head-Up Displays •Hill Hold Control •Idle Stop-Start •Instrument Cluster •Intelligent Turn Signals •Interior Lighting •Lane Departure Warning •Lane Keeping Assist •Navigation •Night Vision Systems •On-Board Diagnostics •Parental Controls •Parking Systems •Precrash Safety •Rear-view Camera •Regenerative Braking •Remote Keyless Entry •Security Systems •Tire Pressure Monitoring •Traction Control •Traffic Sign Recognition •Transmission Control •Windshield Wiper Control
  • 9. May 22, 2017 Proprietary and Confidential - 9 - Schematic view of Connected Components
  • 10. May 22, 2017 Proprietary and Confidential - 10 - Four Main Components  ECU (Electronic Control Unit)  CAN Bus (Control Area Network Bus)  OBD (Onboard Diagnostics)  Infotainment
  • 11. May 22, 2017 Proprietary and Confidential - 11 - ECU – Overview  Embedded Digital Computer  Runs closed-control-loop  Reads data from sensors (e.g. temperature, tyre pressure, engine rev, windows movement sensor) – Example: Gather data from different sensors the ECU looks up values in table and performs long mathematical equations to calculate best spark time or determine fuel injector opening time  Types of ECU – ECM – Engine Control Module – EBCM – Electronic Break Control Module – PCM - Powertrain Control Module – VCM – Vehicle Control Module – BCM – Body Control Module  32-bit 40-MHz Processor  Average code size: 1 MB
  • 12. May 22, 2017 Proprietary and Confidential - 12 - ECU – Functional Block  Power supply – digital and analog (power for analog sensors)  MPU – Flash and RAM  Communication Link (e.g. CAN Bus link)  Discrete Inputs – On/Off switch type  Frequency Inputs – encoder type signals (e.g. crank or vehicle speed)  Analog Inputs – feedback signals from sensor  Switch output – On/Off switch type  PWM Outputs – variable frequency and duty cycle (e.g. injector, ignition)  Frequency Outputs – constant duty cycle (e.g. stepper motor)
  • 13. May 22, 2017 Proprietary and Confidential - 13 - Example Function of ECU  At high speed circuit, drivers has to throttle more, rather than applying gradually full throttle. The accelerator will be set so that only a small movement will result in full engine acceleration – Read data captured by ADC on the Channel on which Accelerator Pedal is connected – Using the data, look-up the value from a multi-dimensional map which contains the Engine RPM as another input – Take output value from the map, multiply by correction factor – The output is the Torque to be generated by the engine – Repeat this sequence every 20 milliseconds
  • 14. May 22, 2017 Proprietary and Confidential - 14 - CAN Bus  Multi-master serial bus  Connects ECU  Complexity of nodes can vary – Simple I/O device – Embedded computer with a CAN interface – Gateway to USB or Ethernet port  Nodes are connected through two wire bus with 120 Ohm termination  CAN-Hi – 5V when transmitting 0  CAN-Low – 0V when transmitting 0  Message broadcast to all Nodes – Nodes are expected to ignore message that are not addressed to them  Frame does not include source address
  • 15. May 22, 2017 Proprietary and Confidential - 15 - CAN Protocol Frame
  • 16. May 22, 2017 Proprietary and Confidential - 16 - OBD-II  Diagnostics Connector  SAE J1962 – Type A and Type B – both female pin – 16 pin (2 x 8) – D-shaped  Type A connector is used for vehicle that use 12V supply voltage  Type B connector is used for vehicle that use 24V supply voltage
  • 17. May 22, 2017 Proprietary and Confidential - 17 - Main Hackable Attack Surface  Success of of hacking car depends on: – Remote attack surfaces – Cyber-physical features – In-Vehicle network architecture  20% models (2014- 2015) from different manufacturers are vulnerable to more than seven categories of remote attack From research by Miller and Valasek
  • 18. May 22, 2017 Proprietary and Confidential - 18 - Relationship between Car Safety and Cyber Security  Strong relationship between automotive safety and cyber security  SAE J3061 – Cyber Security Guidebook for Cyber-Physical Vehicle Systems  System Safety is concerned with protecting against harm to life, property and environment  System Cybersecurity aims to prevent financial, operational, privacy and safety loses – All safety critical systems are security critical but there could be systems e.g. Infotainment that are security critical but not safety critical
  • 19. May 22, 2017 Proprietary and Confidential - 19 - Cyber Security Threat Model – Threat Agents  Researchers and Hobbyists – Universities, government labs, defense labs. Motivations are usually positive to study and conduct research  Pranksters and Hacktivists – Takes opportunity to demonstrate their skills or promote their cause but with negative outcomes for the product owners and manufacturers  Owners and Operators – Many car hacking tools exists with owners and often they want to hack their own vehicles to improve performance, to bypass restriction set by manufacturers or regulators or disable components to obfuscate their fraudulent actions  Organized crime – Has always been a threat to vehicles. Main motivation is financial gain. DoS, malware, ransomware – Cyber crime-as-a-service !  Nation States – Not easy to determine motivation – Industrial espionage, surveillance, economic and physical warfare – Intervention to assist national manufacturers against foreign competitions – Tracking and audio monitoring of high-value objects  Transportation Infrastructure – Next-gen car V2V communication – Security and safety issue can occur through attacks and misbehavior of the surrounding infrastructure  Example: manipulation of traffic light confusing smart cars causing accidents
  • 20. May 22, 2017 Proprietary and Confidential - 20 - Cyber Security Threat Model  One-to-many connected ECUs on same CAN Bus as the OBD-II Port  The ability to control the ECU results in attacker getting control of the vehicle  Assume, OBD-II device can be compromised  Determine the attack proximity and vulnerability  Classify vulnerabilities using Microsoft STRIDE and SAE SPFO Impact model the potential areas of vulnerability and particular types of threats that may take e of those vulnerabilities. ying types of vehicle bus architecture and varying types of OBD-II devices, we use a d diagram (Figure 4) to present potential connections in the vehicle. Each ECU in Figure 4 s the one or many connected ECUs on the same bus as the OBD-II port. The ability to control esults in attacker control of that vehicle’s function. Generic OBD-II Device Threat Model Diagram by analyzing the impacts of various attacks assuming the OBD-II device can be ised and an attacker can execute arbitrary code. Although each attack is the same, the impact on the capabilities of the device (e.g., how far away the attacker needs to be). Once the attack y and vulnerability are defined, the vulnerability is classified using Microsoft’s STRIDE ECU A ECU B ECU C Aftermarket OBD-II Device OBD-II Port
  • 21. May 22, 2017 Proprietary and Confidential - 21 - Cyber Security Threat Model SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 6 [Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. technique (Microsoft, 2005). We also use the Society of Automotive Engineers (SAE) safety, privacy, financial, and operational impact to define how a vulnerability may affect a vehicle (Ward, et al., 2013). (Both STRIDE and the SAE techniques are described in Appendix D.) Table 2: Vulnerability Impact on the Device and the Vehicle Vulnerability ECU Affected Comments Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) Hardcoded credentials None X S0 S0 S0 S0 Arbitrary command injection OBD- connected buses X S0 S3 S0 S0 Vulnerability ECU Affected Comments VulnerabilityImpact (STRIDE) Impact (Ward, et al., 2013) Arbitrary CAN injection OBD- connected buses Full device compromise (See Table 3 for complete impact.) X X X X X X
  • 22. May 22, 2017 Proprietary and Confidential - 22 - Cyber Security Threat Model Table 3: Vulnerability Impact on Vehicle with Complete Device Compromise by Proximity Vulnerability ECU Affected Proximity Vulnerability Impact (STRIDE) Impact (Ward, et al., 2013) S T R I D E S P F O Compromise of OBD-II device OBD- connected buses Physical X X X X X X S1 S1 S2 S2 Compromise of OBD-II device OBD- connected buses Short range (Bluetooth) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Long range (Wi-Fi) X X X X X X S2 S2 S3 S3 Compromise of OBD-II device OBD- connected buses Anywhere (cellular) X X X X X X S4 S4 S4 S4
  • 23. May 22, 2017 Proprietary and Confidential - 23 - Anatomy of Chrysler Jeep Cherokee Hack  Head Unit is connected to both CAN Buses  Targeted to compromise Radio to get access to ECU connected to CAN-IHS and CAN-C  Radio receives GPS, AM/FM and Satellite Radio signal  Radio unit – Harman Uconnect system  Uconnect runs QNX  Uconnect system has Wifi  Wifi password was compromised  Performed port scan and identify D-Bus service  Exploited D-Bus vulnerability execute expoit as root  Jailbreak Uconnect  Uconnect payload – LUA Script  Uconnect communicates with CAN Buses using V850E/FJ3  The test OMAP chip can only read from CAN not send  Reverse engineer firmware of OMAP  Re-program by uploading code via USB that will allow V850 to send command to CAN  Then use CAN commands to do malicious activities – Jamming steering, slow down accelerator response Network Architecture The architecture of the 2014 Jeep Cherokee was very intriguing to us due to the fact that (Radio) is connected to both CAN buses that are implemented in the vehicle. Figure: 2014 Jeep Cherokee architecture diagram We speculated that if the Radio could be compromised, then we would have access to EC CAN-IHS and CAN-C networks, meaning that messages could be sent to all ECUs that cont attributes of the vehicle. You’ll see later in this paper that our remote compromise of the not directly lead to access to the CAN buses and further exploitation stages were necessa being said, there are no CAN bus architectural restrictions, such as the steering being on a separate bus. If we can send messages from the head unit, we should be able to send the ECU on the CAN bus.
  • 24. May 22, 2017 Proprietary and Confidential - 24 - Potential Risks  Safety-Critical Risks – Driver Distractions (e.g. volume, wipers) – Engine Shutoff or Degradation – Steering Changes (autonomous vehicles)  Less Safety-Critical Vehicle Specific Risks – Theft of the car or contents – Enabling physical crime against occupants – Insurance or lease fraud – Eavesdropping on occupants – Theft of information (e.g. personal profile, phone list) – Vector for attacking mobile devices in the car – Theft of PII – Tracking the vehicles location
  • 25. May 22, 2017 Proprietary and Confidential - 25 - Key Vulnerabilities Found in Car  Insecure firmware updates and downloads  Hardcoded or non-existent Bluetooth PIN  Weak WPA2 password  Hardcoded credentials  Internet-enabled administration interface
  • 26. May 22, 2017 Proprietary and Confidential - 26 - Some Important Attack Vectors  Arbitrarily modify firmware  Maliciously update remote firmware  Lock/unlock doors  Turn on/off vehicle  Affect vehicle GPS tracking, speed, heading and altitude  Read the car’s internal data – temperature, fuel levels, diagnostic trouble codes etc.  Inject arbitrary CAN packet
  • 27. May 22, 2017 Proprietary and Confidential - 27 - Common Architecture Issues  The Primary Processor – Simple processor – Convert External Network Protocol to CAN and vice versa – Logic is implemented in upstream systems – Do not include any security e.g. authentication, command validation  External Network Interface – Due to no filtering at device and OBD-II port, security is completely dependent on perimeter i.e. external network interface – External network interface security strength varies  WPA2 with not strong password  Easy to guess BT PIN  Widely shared BT PIN  Undocumented features  Insecure Firmware upgrades
  • 28. May 22, 2017 Proprietary and Confidential - 28 - Recommendations  Hardware Security – Secure Boot and software attestation function – TPM – Tamper Protection – Cryptographic Acceleration – Active Memory Protection – Device Identity Directly on Device  Intel EPID, PUF  Software Security – Secure Boot – Partitioned OS – Authentication – Enforcement of approved and appropriate behavior – Secure SDL
  • 29. May 22, 2017 Proprietary and Confidential - 29 - Recommendations  Network Security – Message and Device Authentication – Identify and enforce predictably holistic behavior – Access Controls  Cloud Security – Secure authenticated channel to cloud – Remote monitoring of vehicle – Threat intelligence exchange – OTA updates – Credential management
  • 30. May 22, 2017 Proprietary and Confidential - 30 - Recommendations  Supply-chain Security – Authorized distribution channel – Track and trace – Continuity of supply
  • 31. May 22, 2017 Proprietary and Confidential - 31 - Recommendations  ISO/IEC – 9797-1, 11889  ISO/IEC 9797-1: Security techniques – Message Authentication Codes  ISO/IEC 11889: Trusted Platform Module  ISO 12207: Systems and software engineering – Software life cycle processes  ISO 15408: Evaluation criteria for IT security  ISO 26262: Functional safety for road vehicles  ISO 27001: Information Security Management System  ISO 27002: Code of Practice – Security  ISO 27018: Code of Practice – Handling PII / SPI (Privacy)  ISO 27034: Application security techniques  ISO 29101: Privacy architecture frameworks  ISO 29119: Software testing standard  IEC 62443: Industrial Network and System Security  SAE J2945: Dedicated Short Range Communication (DSRC) Minimum Performance Requirements.  SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.  SAE J3101: Requirements for Hardware- Protected Security for Ground Vehicle Applications.  E-safety Vehicle Intrusion Protected Applications (EVITA)  Trusted Platform Module  Secure Hardware Extensions (SHE): From the German OEM consortium Hersteller Initiative Software (HIS), these on-chip extensions provide a set of cryptographic services to the application layer and isolate the keys.
  • 32. May 22, 2017 Proprietary and Confidential - 32 - THANK YOU