Cross-Domain Security Issues for Connected Autonomous Vehicles

Transcription

1 Cross-Domain Security Issues for Connected Autonomous Vehicles Anthony Lopez, Mohammad Al Faruque Advanced Integrated Cyber -Physical Systems Lab 1

2 Outline Overview on Connected Vehicle Security Ongoing Work Future Work 2

3 Attack Domains Cross-Domain Security Framework C Cyber Impact Domains P Physical C Virus/ SQL Injection/ Buffer Overflow/ Etc. Cyber Remote vehicle access P Emitted sounds from 3D printer Physical Physical sabotage 3

4 Connected Autonomous Vehicles Requirements Strong Winds o Functionality o Extensibility o Security Smart Transportation (combination of collaborative and autonomous actions) 4

5 Attack Model Attacker is knowledgeable about the targeted components o Understands networking protocols, hardware, software, vulnerabilities, control mechanisms Attacker has sufficient (but not infinite) resources (vehicle, computing device, packet sniffer, etc.) o To communicate with legitimate vehicles o To inject code, packets and/or spoofed signals o Quantifying this is a challenge! 5

6 Access Points Applications o Infotainment (Media, Bluetooth, 3G), Navigation, Cruise Control, Platooning Internal Network Sensors Telematics Infotainment o CAN, LIN, MOST, FlexRay, TPMS External Network o Key Fobs, OTA Updates, V2X (V 2 LC,DSRC,WAVE, Toll, IoT) Hardware Internal Network V2X Comm. Sensors Abstracted View of Automotive System o ECUs, Sensors, Electro-Mechanical Components, Signals 6

7 Cyber Domain Attacks Intrusive: Message Falsification/Replay/ Spoofing/Fuzzing DSRC/WAVE/Telematics/LIDAR/RADAR/TPMS [1-4] Intrusive: Remote Control of Vehicle Infotainment/Telematics/Internet/OTA Update [1-4] Nonintrusive: Eavesdropping DSRC/WAVE/TPMS/CAN (over EV charging station) [1-4] 7

8 Physical Domain Attacks Spoofing/Jamming/DoS/Delay/Replay o Tire Pressure Monitoring System (TPMS) [6], MEMS accelerometers and gyroscopes (with acoustics) [7] o Telematics: GPS (on boats and UAVs), LIDAR (with laser pointer), RADAR, camera [1-4] o Mechanical and Electrical Components (e.g., brakes, battery system) [8-11] 8

9 Our Work Case Study: Physical Layer Key Generation for V2X Communication More Work: Security-Aware Functional Modeling EV Battery System Security Future Work 9

10 Physical Layer Key Generation for Automotive Cyber-Physical Systems Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 1

11 Symmetric Key Algorithm Examples o AES Advantages o Fast Disadvantages Symmetric Key Messages o Deterministic Alice Decrypt Encrypt Bob o Key Management Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 11

12 Asymmetric Key Algorithm Examples Decrypt A A B B o ECC o RSA Advantages Alice A B Messages A B Bob o Key Management Disadvantages o Slow Encrypt Public Key Private Key Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 12

13 Hybrid Solution Advantages Decrypt A A B B o Efficient after key exchange o Key management Disadvantages o Slow key exchange o Memory overhead Alice A B Encrypt A B Public Key Private Key Symmetric Key Bob o Deterministic symmetric key Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 13

14 Related Work Key Generation Based on Indoor Wireless Channel o Static environment Room 1 Room 2 No Variation Some Variation o Low entropy MobiCom 2008: Mathur et al., MobiCom 2009: Jana et al., TIFS 2010: Ye et al., MobiCom 2010: Patwari et al. InfoCom 2010: Zeng et al., IEEE Wireless Communications 2011: Ren et al Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 14

15 Our Contributions Novel Security Solution for Automotive Applications Automotive Model o Wireless channel o Attack model Key Generation Algorithm o Reduces overhead o Keys with more entropy Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 15

16 Attack Model Non-Intrusive Eavesdropper o Knowledgeable o Wants to derive key Alice Bob o More than few wavelengths apart Eve Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 16

17 Algorithm Probe Signals Upper Threshold Alice o Number of Samples in Group: G size o Coherence Time: T c o Sampling Period (Step): τ step T c Lower Threshold Samples. Same Key Bob o τ step T c o G size Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 17

18 Experiments RC Cars Car 1 Car 0 Car 2 Bluetooth Wifi Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 18

19 RSS Value (dbm) Experiments RC Cars Received Signal Strengths Group Size Car 1 from Car 2 Car 2 from Car 1 Car 1 from Car 0 Car 0 from Car 1 RSSI measured in Car 0 from Car 1 RSSI measured in Car 2 from Car 1 Generated 64-Bit Keys RSSI measured in Car 1 from Car _ _ RSSI measured in Car 1 from Car _ _ _ _ _ _ _ _ _ _ Numbers of RSS Values Pair 1: Car 1 and Car 2 Same Keys for Pair 1 Same Keys for Pair 2 Pair 2: Car 1 and Car 0 Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 19

20 Average minentropy Evaluation 100% 80% 60% 40% Security Comparison 20% 67% Min-Entropy 0% 0% 10X faster and 20X smaller than RSA Pre-dist. Latch-PUF DFF-PUF Our Tech. SRAM-PUF 1-2X Performance faster and and 10X Memory Faster smaller Smaller Comparison than ECC Security Strength Pre-Distributed Keys Performance Overhead (seconds) RSA ECC 39% Our Alg. (2 mi/h) Hardware PUF 50% Our Alg. (20 mi/h) 67.69% High Entropy 87% Code Size Overhead (bytes) RSA ECC Our Alg. 80 bits bits Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16 20

21 Other Works: Security-Aware Modeling & EV Battery System Security 1

22 Security-Aware Functional Modeling 22

23 Electric Vehicle Battery System Security Figure Taken From Reference 8 23

24 EV Battery System Security Solutions? Battery Authentication o Deriving unique signature of the battery from measurements Intrusion Detection o Malicious behavior detection and verification Sensor Attack Prevention o Detecting anomalies Battery Authentication Abstraction 24

25 Future Work V2X Malicious Activity Detection and Prevention o Applications: Cooperative Adaptive Cruise Control and Platooning o Deriving a method to detect malicious behavior o Is game theory suitable? o Requires real-time decision making for security and functionality of the system 25

26 Questions? Thank You! 26

27 References 1. V. Thing and J. Wu. Autonomous Vehicle Security: A Taxonomy of Attacks and Defences, In ithings-greencom-cpscom-smartdata K. Thomas, Hackers demo Jeep security hack, 2015, [online] Available: 3. C. Miller, C. Valasek, Remote exploitation of an unaltered passenger vehicle, 2015, [online] Available: speakers.html#miller. 4. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security, SEC 11, pages 6 6, Berkeley, CA, USA, USENIX Association 5. Sandip Ray, Wen Chen, Jayanta Bhadra, and Mohammad Abdullah Al Faruque Extensibility in Automotive Security: Current Practice and Challenges: Invited. In Proceedings of the 54th Annual Design Automation Conference 2017 (DAC '17). ACM, New York, NY, USA, Article 14, 6 pages. DOI: 6. Trippel, T., Weisse, O., Xu, W., Honeyman, P., & Fu, K. WALNUT: Waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In In Proceeding of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017). To appear. 27

28 References 7. Rob Millerb Ishtiaq Roufa, Hossen Mustafaa, Sangho Ohb Travis Taylora, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. 19th USENIX Security Symposium, Washington DC (2010), Lopez, A. B., Vatanparvar, K., Nath, A. P. D., Yang, S., Bhunia, S., & Al Faruque, M. A. (2017). A Security Perspective on Battery Systems of the Internet of Things. Journal of Hardware and Systems Security, Waszecki, P., Mundhenk, P., Steinhorst, S., Lukasiewycz, M., Karri, R., & Chakraborty, S. (2017). Automotive electrical/electronic architecture security via distributed in-vehicle traffic monitoring. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. 10. Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M., Bouard, A., Harris, W. R.,... & Chakraborty, S. (2013, March). Security challenges in automotive hardware/software architecture design. In Proceedings of the Conference on Design, Automation and Test in Europe (pp ). EDA Consortium. 11. Shoukry, Y., Martin, P., Tabuada, P., & Srivastava, M. (2013, August). Noninvasive spoofing attacks for anti-lock braking systems. In International Workshop on Cryptographic Hardware and Embedded Systems (pp ). Springer, Berlin, Heidelberg 28