Automotive Cyber Security Safety in a 5G World

Transcription

1 Automotive Cyber Security Safety in a 5G World Billy Kihei, Ph.D. billy@reachrf.com 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 1 / 62

2 Who am I Cyber-Safety Advocate Everything is in Reach. Connected Car Consultant V2X Solutions V2X Deployments Research Collaboration White-Paper Authorship 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 2 / 62

3 What I want you to get from this presentation The reality of your profession. Employ more white-hats into your entire product lifecycle. Think like Steve. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 3 / 62

4 1G 2G 3G 4G 5G 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 4 / 62

5 1G 2G 3G 4G 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 5 / 62

6 5G Requires Larger data pipes Flexible data pipes Robust data pipes Shorter data pips More data pipes 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 6 / 62

7 Network Traffic 5G: The Machines 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 7 / 62

8 Our dependence on connected technology is growing faster than our ability to secure it. -I Am The Cavalry 8

9 Where bits and bytes meet flesh and blood. -Josh Corman, Co-founder IATC 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 9 / 62

10 How you envision the car of the future MaaS 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 10 / 62

11 Steve. He s a hacker. How Steve sees the car of the future 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 11 / 62

12 Any capability that can be used to preserve life, can be used to degrade life in the hands of the adversary. -I Am The Cavalry 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 12 / 62

13 RF Jammers WALNUT Attack Wi-Fi Protocol Attacks GPS Spoofing Row Hammer Social Engineering 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 13 / 62

14 HACK NYC /28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 14 / 62

15 Fake Base Station 4G Cellular enb IMSI Catcher 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 15 / 62

16 WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks by Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. To Appear at IEEE European Symposium on Security and Privacy (Oaklawn), Paris, France, April /28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 16 / 62

17 WALNUT: Mitigation Techniques Deploy MEMS sensors in an a way that limits their exposure to acoustic interference, e.g., surround them with acoustic dampening foam. Deploy data processing algorithms that attempt to reject abnormal acceleration signals, especially those with frequency components around the resonant frequency of the MEMS sensor. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 17 / 62

18 Social Engineering 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 18 / 62

19 Attacks on Wi-Fi Broadpwn Attack surface: Broadcom BCM43XX Wi-Fi controller chipsets No authentication in network association Damage: Remote attack allowing code execution on main processor. 1 st Wi-Fi worm. Enabler: Leaked Source Code 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 19 / 62

20 Attacks on Wi-Fi KRACK Attack surface: WPA2 4-way handshake. Damage: Decrypt and forge and inject packets. Key re-installation attack Enabler: During key reinstallation, nonce and replay counter are reset to initial value. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 20 / 62

21 Attacks on DRAM ROW HAMMER Attack surface: Rows in DRAM. Damage: Flip bits in adjacent rows. Enabler: Repeatedly seeking same memory row can leak bits into adjacent memory lines. Need to catch flips in real-time with memory.. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 21 / 62

22 Aaron Guzman Remotely Exploiting Connected Vehicle APIs and Apps 44CON 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 22 / 62

23 Vulnerabilities Observed Authorized users who the car owner delegates have full control over remote services Owner doesnt get notified of auth user adding XSS in vehicle nickname No anti-csrf tokens for state changing configs URL rewrite everywhere Token never expires.. logout or passwd change New handoff token per device / installed app Auth bypass - handoff token does not require username or password 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 23 / 62

24 Adam Mistick, CMU, Cybersecurity Vulnerabilities in Autonomous Vehicle Development 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 24 / 62

25 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 25 / 62

26 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 26 / 62

27 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 27 / 62

28 Best practice rarely is. Good enough isn t anymore. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 28

29 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 29 / 62

30 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 30 / 62

31 Distributed: 8/8/ /28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 31 / 62

32 Vulnerability Projection Implementation Vulnerability Assessment Detailed Design Requirements and Architecture Integration, Test, and Verification Verification and Validation Concept of Operation Over-The-Air Updating Operation and Maintenance 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 32 / 62

33 Software Liability 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 33 / 62

34 Dependence Complexity Vulnerability Exposure 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 34 / 62

35 If you can t afford to protect it, then you can t afford to connect it. -I Am The Cavalry 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 35 / 62

36 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 36 / 62

37 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 37 / 62

38 Motivations of Security Researchers Protect Puzzle Pride/Prestige Profit/Payment Protest/Patriot 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 38 / 62

39 Who are we defending against? 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 39 / 62

40 But they wouldn t hurt you Murphy s Law I d prefer to know they couldn t. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 40 / 62

41 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 41 / 62

42 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 42 / 62

43 What will 5G cyber threats look like? 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 43 / 62

44 As seen by 5 Steves 1ms latency 10Gbps speeds 10,000+ users 1,000,000 device connections Fastest malware delivery Most persistent threat Higher probability of success Largest scaled attacks 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 44 / 62

45 Timescale 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 45 / 62

46 Urgency 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 46 / 62

47 One Vulnerability 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 47 / 62

48 One Program 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 48 / 62

49 The Internet 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 49 / 62

50 Obfuscation is NOT security. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 50 / 62

51 What you do. What Steve does. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 51 / 62

52 Controlled Access Space Blue Prints Nakatomi Plaza User Space 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 52 / 62

53 Nakatomi Space Nakatomi Space 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 53 / 62

54 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 54 / 62

55 Had the Babylonians been apprised of what Cyrus was about, or had they noticed their danger, they would never have allowed the Persians to enter the city But, as it was, the Persians came upon them by surprise and so took the city. -Herodotus on Cyrus' capture of Babylon 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 55 / 62

56 Had you been apprised of what Steve was about, or had you noticed your customer in danger, you would never have allowed Steve to enter But, as it was, Steve came upon you by surprise and so took your enterprise. -Your Conscious 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 56 / 62

57 Physical 2-Factor Authentication Quantum Computing Deep Learning Quantum Encryption Blockchain Technology 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 57 / 62

58 Security Forecast As digital infrastructure protection becomes more complex, the attack vectors become more primitive. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 58 / 62

59 Replay Messages User-in-the-Loop Internal Dynamics Deny Access 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 59 / 62

60 Cheap. Low-Cost. Hacking. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 60 / 62

61 I have to think like Steve. 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 61 / 62

62 ITS GA, Thank you! Billy Kihei, 02/28/2018 ITS GA - 5G Cyber Security - Atlanta, GA 62 / 62