Security and Privacy challenges in Automobile Systems
|
|
- Amelia Hensley
- 5 years ago
- Views:
Transcription
1 Security and Privacy challenges in Automobile Systems Sandip Kundu National Science Foundation on leave from University of Massachusetts, Amherst
2 Automotive Security Breaches Present: Multiple breaches in automotive security reported Future: Problems will get worse as we move towards driverless cars Sources: Second International Workshop on Vehicular Security
3 S&P Landscape Security Challenges: access control, intrusion, malware, Trojans, data contamination, packet forging/injection, data synchronization, side-channels, system failures, black-swan events, privacy leakage, Security Solutions: controlled access, isolation, encryption, trusted code base, intrusion detection, contingency management, anonymization, Technical Solutions are not adequate: perimeter security, usability, responsiveness, maintainability Threats Security Compromises vehicle/passenger safety Privacy Surveilled without explicit consent Second International Workshop on Vehicular Security
4 Security Threats Second International Workshop on Vehicular Security
5 Security Threats Rapid integration of technology, larger attack surface Ever increasing number of sensors, communication technologies Rapid innovation, lack of standardization Car software proprietary to manufacturer Security patch deployment can be uneven similar to cellphone landscape Wireless access No need for physical connection to perform attack Multiple vehicles can be affected simultaneously Hardware/software attacks can affect both safety and privacy Automotive networks 3rd party devices Vehicular software control or infotainment systems Sensors Second International Workshop on Vehicular Security
6 Automotive Network issues
7 Automotive Networks Modern cars offer increasing number of functionalities > 70 Electronic Control Units (ECUs) in current cars Multiple protocols employed for communication varied data rates Courtesy of: L. D Orazio, F. Visintainer, and M. Darin, Sensor networks on the car: State of the art and future challenges, DATE, 2011 Modes of access and Bandwidth requirements will only increase in future Eg. USB, 4G LTE, Vehicle to Vehicle (V2V), Vehicle to Infrastructure (V2I) Second International Workshop on Vehicular Security
8 Car networks are vulnerable Multiple Networks such as Controller Area Network (CAN), Media Oriented Systems Transport (MOST) offer large attack surface 1 eg. Every message sent on CAN is visible to all nodes, not designed for security Attackers can use message spoofing, denial of service, non-repudiation Multiple access points to interface with the networks On-board diagnostics (OBD)-II readily accessible and mandatory in vehicles Vehicular viruses can gain control of various ECUs 2 Greater wireless access in future remote attacks Balancing security of various vehicular access points, protocols and functionalities is a difficult problem More complex with driverless vehicles, Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) systems 1 I. Studnia, V. Nicomette, et al., "Survey on security threats and protection mechanisms in embedded automotive networks, DSN-W, Budapest, Hungary, Nilsson, Dennis K., and Ulf E. Larson. "Simulated attacks Second can International buses: vehicle Workshop virus." IASTED on Vehicular International Security conference 2017 on communication systems and networks (AsiaCSN)
9 Attack Surfaces and capabilities - Examples Courtesy of: Checkoway, Stephen, et al. "Comprehensive Experimental Analyses of Automotive Attack Surfaces." USENIX Security Symposium Second International Workshop on Vehicular Security
10 Potential Solutions Cryptography enabled CAN Eg. Canauth 1, LiBrA-CAN 2 Need dedicated modules like Hardware Security Modules (HSMs) prevent computational loading of existing ECUs Anomaly/Intrusion Detection (IDS) and Prevention (IPS) systems Signature-based: Use pre-characterized anomaly signatures. Need constant updates Anomaly-based: Characterize normal behavior model, raise alerts upon deviation. System complexity prevents accurate modeling Proper handling of False positives and false negatives crucial Miller/Valasek 3 said any CAN anomaly detection would prevent their attacks 1 A. Van Herrewege et al., Canauth-a simple, backward compatible broadcast authentication protocol for can bus, in 9th Embedded Security in Cars Conf., Dresden, Germany, B. Groza, et al., Libra-can: a lightweight broadcast authentication Second International protocol for Workshop controller on area Vehicular networks, Security CANS, 2017 Darmstadt, Germany, Chris Valasek and Charlie Miller, Adventures in Automotive Networks and Control Units, Technical Whitepaper, IOActive, 2014
11 Centralized Gateways Authentication Every valid bus controller needs a certificate Gateway Functions Protected memory area to store secret keys securely Holds list of valid bus controllers and authorizations Certificates of valid controllers Bus group keys additional protection Inter-bus communication done exclusively over the gateway Firewalls: Implement strong firewalls for complete vehicular bus communication security Vehicular controllers with digital signatures Firewall rules based on authorizations given in the certificates Only authorized controllers broadcast valid messages Vehicular controllers without digital signatures Firewall rules established only on authorization of each subnet Second International Workshop on Vehicular Security
12 3 rd Party Device Security Issues
13 3 rd Party Devices Multiple 3 rd party products access OBD-II port Eg. Progressive Snapshot Driving behavior tracking OBD-II port allows comprehensive access to car systems Devices (like Zubie) can also access cloud servers via GPRS or WiFi Send real-time data like driving behavior, vehicle location, fuel level Download updates from remote server Access data analytics from server in real-time (Eg. traffic management) Second International Workshop on Vehicular Security
14 3 rd Party Device Security Issues Insecure connection or erroneous software is security hazard * Unsecured Firmware code can be reverse-engineered to find exploits Unsigned updates attacker can push malicious updates Lax authentication hackers can spoof server Attackers can siphon user data breach of privacy Compromised devices allow access to other systems via OBD-II port and CAN bus Any number of cars with connected insecure devices can be attacked * Second International Workshop on Vehicular Security
15 Potential Solutions Encourage open platforms Higher scrutiny = better vulnerability detection Patches deployed immediately Robust encryption standards must be enforced User data privacy cannot be compromised Secure Firmware updating is a must Signed software Devices still able to access all CAN bus data Restrict device access Second International Workshop on Vehicular Security
16 Software Code Integrity Second International Workshop on Vehicular Security
17 Software Code Vulnerability Telematics, Fleet management, Infotainment system Logs, Forensics Attack on untrusted software can be critical to vehicle/passenger safety Hard to verify software security multiple vendors, firmware updates Poor firewalls between critical components = full access to vehicle Best coding practices need to be enforced Hardware-software co-design Cryptography and secure root of trust Virtualization Second International Workshop on Vehicular Security
18 Engineering Solutions: Trusted Computing Base (TCB) TCB smallest amount of code (or hardware, firmware) that must be trusted in order to meet security requirements TCB modules enforce principle of least privilege TCB software ensures self-protection TCB design complicated by many factors Multiple ECU and related software vendors Automotive system complexity is increasing TCB confidence increased via code inspection, formal verification, testing Reducing TCB complexity/ size = reduced overhead Robust Hardware Security Module (HSM) can facilitate trusted computing Second International Workshop on Vehicular Security
19 Hardware security modules Hardware security modules (HSMs) are primarily used as root of trust * Integrity measurement Cryptography applications like encryption/decryption, digital signature handling, integrity checking Secure key Management Facilitate secure firmware updates For vehicular on board network : scalable and flexible HSMs required Centralized root of trust Integration additional components based on manufacturer requirements Adaptability towards different sensors, ECUs, bus systems Courtesy of: * Idrees M.S., et al., Secure Automotive On-Board Protocols: A Case of Over-the-Air Firmware Updates, Nets4Cars/Nets4Trains'11, 2011 Second International Workshop on Vehicular Security
20 Secure Booting When the device is first powered up, the authenticity and integrity of its software needs to be verified Secure bootloader checks digital signatures before passing control to rest of the software Bootloader is part of HSM Secure booting critical as most vehicle electronics are powered down when user turns off the engine and exits vehicle Always-ON components may not be feasible wasteful power consumption Crucial for secure firmware updates Due to automotive complexity, multiple boot-up stages and bootloaders may be necessary ECUs and Infotainment systems may be separated Second International Workshop on Vehicular Security
21 Secure Firmware Updates Firmware Over-the-air (FOTA) updates are crucial Recalls are a very costly activity and should be avoided where possible Driverless cars in future will need more frequent updates Firmware upgrade issues * Safety Transmission errors (corrupted firmware), Transmission failures (truncated firmware), Information loss (incomplete firmware) Security Firmware modification, Unauthorized firmware transmission, Unauthorized device updated, Code reverse engineering Firmware security needs HSM Secure Booting Digital Signatures, Device Authentication, Encryption * Atmel, Atmel AT02333: Safe and Secure Bootloader Implementation for SAM3/4. sam-at02333-safe-and-securebootloaderimplementationfor-sam3-4 application-note:pdf. Second International Workshop on Vehicular Security
22 Virtualization Automobile electronics are evolving towards hierarchical approach * Functionalities from several ECUs are consolidated into few domain computers Using virtualization allows segregation in time and space of shared resources Objectives: performance and low latency Virtualization reduces attack surfaces and facilitates reuse of legacy applications Offers flexibility across various automotive systems from same manufacturer Virtualization by itself does not guarantee security Needs hardware support (IOMMU, Secure Boot) Specific software solutions (Inter-partition communication protection, secure system update) Virtualization increases complexity conflicts with TCB requirements * O. Sander et al., "Hardware virtualization support for shared resources in mixed-criticality multicore systems," 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, 2014 Second International Workshop on Vehicular Security
23 Execution Isolation Software execution isolation is an attractive security solution Reduce attack surface via isolation More fine-grained and versatile than Virtualization Require hardware support Ex. memory enclaves One-way isolation protects sensitive data Intel offered Software Guard Extensions (SGX) for computers Offers array of defenses against a variety of software and physical attacks Many vulnerabilities have been exposed 1 not secure against sidechannel attacks Need hardware-software co-design solutions for automotive systems Can prove crucial for V2V and V2I environments 1 Costan, Victor, and Srinivas Devadas. "Intel SGX Explained." IACR Cryptology eprint Archive 2016 (2016): Costan, Victor, Ilia Lebedev, and Srinivas Devadas. "Sanctum: Minimal hardware extensions for strong software isolation." USENIX Security. Vol Second International Workshop on Vehicular Security
24 Automotive Sensor Data Second International Workshop on Vehicular Security
25 Automotive Sensors Modern cars have hundreds of sensors Mandatory sensors pollution, tire pressure Optional sensors rear-view camera Large number of sensors Sensors may need replacing over vehicle lifetime Compromised sensor used to replace legitimate part Third-party sensors used due to cost Insecure devices Sensor data can be corrupted or sensor used as gateway for attack on other systems * Ex. Wireless tire sensors mandatory in USA since Feed data to Tire Pressure Monitoring System (TPMS) Attacks on sensors allowed raising false alarms and remote access to various ECUs * Second International Workshop on Vehicular Security
26 Sensor Data Corruption Sensor data may be bad due to Faulty sensor aging, unauthorized sensor, bad calibration Attacks on sensor Can be difficult to tell the difference Sensor can be hacked * False data generate erroneous data to misinform other modules Ex. Tire sensor indicates flat tire Timing attacks change data frequency by delaying, grouping = erroneous responses from downstream modules Ex. Parking sensor delay causes crash Replay attacks use old data to inform current behavior Ex. Self-driving car LIDAR data replayed at later time = wrong response from control systems * Second International Workshop on Vehicular Security
27 Protecting sensors and data Authentication capabilities built into critical sensors Mutual authentication adds extra security Non-repudiation of sensor generated data is vital Strong Validation procedures Help secure vehicle upon sensor replacement during maintenance Sensors Redundancy Multiple sensors feed data more accuracy, greater data reliability Sensor data Feedback facilitates data integrity checking Control unit can test if sensor is working/calibrated correctly Sensor ad hoc networks dynamic, no single point of failure Can be better than CAN Second International Workshop on Vehicular Security
28 Privacy Threats Second International Workshop on Vehicular Security
29 Privacy threats Attackers may be more interested in compromising privacy than harming passenger safety Financial and identity theft more lucrative Location data is highly valuable Reveals behavioral information of vehicle users Legitimate companies also interested in data Sell targeted advertisements Hard to advocate not collecting the data Passenger privacy is not the only thing at risk External sensors (ex. camera) can record people outside the vehicle Second International Workshop on Vehicular Security
30 Vehicular data privacy and security Second International Workshop on Vehicular Security
31 Sensitive Vehicular Data Personally sensitive data contain either (Sensitive) Personally Identifiable Information ((S)PII) or data that could lead to the discovery of (S)PII. Ex. License plates, addresses on in-car GPS etc. Commercially sensitive data include data elements that may compromise the competitive advantage of a business if the data were to be shared publicly. Ex. Commercial trucking origins and destinations Research sensitive data, these data include any data that may compromise the goals and objectives of a research endeavor Ex. Proprietary driverless car test data All such data valuable to many parties Insurance companies, dealerships driving behavior, maintenance Marketing companies sell personalized advertisements Governments track persons of interest, spying Malicious entities identity or financial data theft Second International Workshop on Vehicular Security
32 Vehicular Data Privacy and Security Telematic Systems like OnStar (GM), Car-Net (VW) access large amounts of telemetry data Systems can also remotely control cars, may collect and transmit any kind of data CAN bus gives full access Even more sensors and complex systems in future, especially self-driving vehicles Telematic systems present opportunities to attackers Steal data stored in vehicle Use access to control vehicle remote arrest of vehicle Second International Workshop on Vehicular Security
33 Securing Vehicular Data Secure data storage policies are critical Sensitive data should be encrypted Physical storage medium should be protected, tamper-proofed Identity management Robust access control and data privilege policies Encrypted logs store information on who requested for data, useful for security audits Secure Authentication Data transfer to only authorized parties Second International Workshop on Vehicular Security
34 Location data Second International Workshop on Vehicular Security
35 Location Data Location based services (LBS) have gained prominence Modern vehicles come with in-built GPS modules Location data valuable to 3 rd parties Data can reveal behavioral information like spending habits Malicious entities detect movement patterns, plan burglaries Data anonymization may not be enough Analysis of data can still reveal personally identifiable information. Ex. Driver goes to same address in evening home address Location information must be manipulated so as to protect the enduser Only authorized parties may retrieve relevant data Second International Workshop on Vehicular Security
36 Intelligent Transportation Systems (ITS) Intelligent systems are being widely deployed Enable traffic management Support for future driverless vehicles Vast array of tracking technologies = More security and privacy concerns Malicious nodes may be introduced to obtain vehicular tracking information Robust policies needed Authenticated tracking queries attackers cannot impersonate legitimate parties Minimize tracking time reduce risk of correlating location data with specific identity Second International Workshop on Vehicular Security
37 Pattern Recognition (Driverless Autos) Second International Workshop on Vehicular Security
38 Pattern Recognition systems Cars incorporating systems to assist or replace drivers Ex. automatic parking Self-driving cars with NN infrastructure will become commonplace Ex. NVIDIA DRIVE TM PX 2 open AI car computing system Courtesy of: /drive-px.html Second International Workshop on Vehicular Security
39 Privacy Vulnerabilities External entities PII can be compromised if no privacy policy present Ex. Google StreetView blurs certain objects Greater deployment of V2I attractive to offload certain computation Data sanitization necessary remove fine-grained information Details about people Other car license plates Keeping pattern recognition data local also prevents man-in-themiddle attacks False data injection may alter vehicle behavior Second International Workshop on Vehicular Security
40 Usability Second International Workshop on Vehicular Security
41 Usable security Operation Transition Revision Satisfaction Correctness Usability Maintainability User-fulfilment Integrity Portability Modularity Mission-fulfilment Efficiency Transferability Testability Usability Reliability Flexibility Responsiveness Contingency management Safety Extensibility Lifetime Compatibility Functionality Second International Workshop on Vehicular Security
42 Summary Security and Privacy solutions involve technology, engineering execution, policy, usability Technology: Many of the technology elements are in place Engineering execution: proactive threat analysis, security and cost proportional solutions Policy: via law or via standardization Usability: Pressing problem Second International Workshop on Vehicular Security
43 Thank You Second International Workshop on Vehicular Security
Automotive Cyber Security
Automotive Cyber Security Rajeev Shorey (Ph.D.) Principal Scientist TCS Innovation Labs Cincinnati, USA & Bangalore, India Copyright 2013 Tata Consultancy Services Limited Connected Vehicles Chennai, 18
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationCybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute
Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationCONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018
CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018 Car Hacking Immediately my accelerator stopped working. As I frantically
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationSecurity Concerns in Automotive Systems. James Martin
Security Concerns in Automotive Systems James Martin Main Questions 1. What sort of security vulnerabilities do modern cars face today? 2. To what extent are external attacks possible and practical? Background
More informationSecuring the Connected Car. Eystein Stenberg Product Manager Mender.io
Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationAutomotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division
Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Cybersecurity is not one Entry Point Four Major Aspects of Cybersecurity How
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationAutomotive Gateway: A Key Component to Securing the Connected Car
Automotive : A Key Component to Securing the Connected Car Introduction Building vehicles with gateways electronic devices that enable secure and reliable communications among a vehicle s electronic systems
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationSecuring the Connected Car. Eystein Stenberg CTO Mender.io
Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationDevelopment of Intrusion Detection System for vehicle CAN bus cyber security
Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationTowards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from
More informationConnected Car Solutions Based on IoT
FEATURED ARTICLES Autonomous Driving Technology for Connected Cars Connected Car Solutions Based on IoT With the aim of achieving a prosperous society in which people and vehicles exist in harmony, the
More informationConnect Vehicles: A Security Throwback
Connect Vehicles: A Security Throwback Chris Valasek (@nudehaberdasher) Director of Vehicle Security Research Introduction Hello Chris Valasek Director of Vehicle Security Research IPS Dev -> Windows RE
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationSecurity Analysis of modern Automobile
Security Analysis of modern Automobile Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 20 Apr 2017 Outline Introduction Attack Surfaces
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationAuthentication with Privacy for Connected Cars - A research perspective -
Authentication with Privacy for Connected Cars - A research perspective - Mark Manulis Surrey Centre for Cyber Security, Deputy-Director Department of Computer Science University of Surrey sccs.surrey.ac.uk
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationPreventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security
Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security In less than a year, 100s of millions connected cars Aftermarket connectivity most prevalent
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationFuture Implications for the Vehicle When Considering the Internet of Things (IoT)
Future Implications for the Vehicle When Considering the Internet of Things (IoT) FTF-AUT-F0082 Richard Soja Automotive MCU Systems Engineer A P R. 2 0 1 4 TM External Use Agenda Overview of Existing Automotive
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationAn Experimental Analysis of the SAE J1939 Standard
Truck Hacking: An Experimental Analysis of the SAE J1939 Standard 10th USENIX Workshop On Offensive Technologies (WOOT 16) Liza Burakova, Bill Hass, Leif Millar & Andre Weimerskirch Are trucks more secure
More informationWhite Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.
White Paper February 2005 McAfee Network Protection Solutions Encrypted Threat Protection Network IPS for SSL Encrypted Traffic Network IPS for SSL Encrypted Traffic 2 Introduction SSL Encryption Overview
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop
More informationTrusted Platform for Mobile Devices: Challenges and Solutions
Trusted Platform for Mobile Devices: Challenges and Solutions Lily Chen Motorola Inc. May 13, 2005 Outline Introduction Challenges for a trusted platform Current solutions Standard activities Summary New
More informationIntroduction to VANET
VANET Introduction to VANET -Vehicles connected to each others through an ad hoc formation form a wireless network called Vehicular Ad Hoc Network. -Vehicular ad hoc networks (VANETs) are a subgroup of
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationPENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017
PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationHandling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016
Handling Top Security Threats for Connected Embedded Devices OpenIoT Summit, San Diego, 2016 Jeep Cherokee hacked in July 2015 Presented at Black Hat USA 2015 Charlie Miller Chris Valasek Remote exploit
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationUptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017
Uptane: Securely Updating Automobiles Sam Weber NYU samweber@nyu.edu 14 June 2017 Credits Funded by DHS S&T CSD Work done by New York University University of Michigan Transportation Research Institute
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationBuilding Trust in the Internet of Things
AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches
More informationEmbedded Automotive Systems Security:
The 3 rd International Workshop on Safety and Security of Intelligent Vehicles (SSIV) June 26, 2017 Embedded Automotive Systems Security: A language-based Intrusion Detection Approach Mohamed Kaâniche
More informationKantanMT.com. Security & Infra-Structure Overview
KantanMT.com Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions...
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationConquering Complexity: Addressing Security Challenges of the Connected Vehicle
Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationThe case for a Vehicle Gateway.
The case for a Vehicle Gateway. Equipment and Tool Institute ETI-ToolTech_2015_Gateway.pptx 1 Vehicle Data Access Last year we proposed a Vehicle Station Gateway and its associated Unified Gateway Protocol
More informationAutomotive Attack Surfaces. UCSD and University of Washington
Automotive Attack Surfaces UCSD and University of Washington Current Automotive Environment Modern cars are run by tens of ECUs comprising millions of lines of code ECUs are well connected over internal
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationA Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation
A Security Model for Space Based Communication Thom Stone Computer Sciences Corporation Prolog Everything that is not forbidden is compulsory -T.H. White They are after you Monsters in the Closet Virus
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More information13W-AutoSPIN Automotive Cybersecurity
13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationVideo-Aware Networking: Automating Networks and Applications to Simplify the Future of Video
Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video The future of video is in the network We live in a world where more and more video is shifting to IP and mobile.
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSecurity in Mobile Ad-hoc Networks. Wormhole Attacks
Security in Mobile Ad-hoc Networks Wormhole Attacks What are MANETs Mobile Ad-hoc Network (MANET) is a collection of wireless mobile hosts without fixed network infrastructure and centralized administration.
More informationMigrationWiz Security Overview
MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationSecure Software Update for ITS Communication Devices in ITU-T Standardization
Secure Software Update for ITS Communication Devices in ITU-T Standardization Masashi, Eto Senior Researcher, Cybersecurity Laboratory, Network Security Research Institute, NICT, Japan 1 Background Outline
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationTRENDS IN SECURE MULTICORE EMBEDDED SYSTEMS
TRENDS IN SECURE MULTICORE EMBEDDED SYSTEMS MATTHEW SHORT SR PRODUCT LINE MANAGER DIGITAL NETWORKING MATTHEW.SHORT@NXP.COM A NEW POSITION OF STRENGTH #1 Communications Processors #1 RF Power Transistors
More informationCisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion
Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion What You Will Learn The wireless spectrum is a new frontier for many IT organizations. Like any other networking medium,
More informationIndigoVision. Control Center. Security Hardening Guide
IndigoVision Control Center Security Hardening Guide Control Center THIS MANUAL WAS CREATED ON MONDAY, JANUARY 15, 2018. DOCUMENT ID: IU-SMS-MAN011-2 Legal Considerations LAWS THAT CAN VARY FROM COUNTRY
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationExamining future priorities for cyber security management
Examining future priorities for cyber security management Cybersecurity Focus Day Insurance Telematics 16 Andrew Miller Chief Technical Officer Thatcham Research Owned by the major UK Motor Insurers with
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationDelivering Complex Enterprise Applications via Hybrid Clouds
Whitepaper Delivering Complex Enterprise Applications via Hybrid Clouds As enterprises and industries shake off the effects of the last recession, the focus of IT organizations has shifted from one marked
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationAdversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov
Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationSecurity Challenges with ITS : A law enforcement view
Security Challenges with ITS : A law enforcement view Central Observatory for Intelligent Transportation Systems FRENCH MINISTRY OF INTERIOR GENDARMERIE NATIONALE Colonel Franck MARESCAL franck.marescal@gendarmerie.interieur.gouv.fr
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationUnited Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security
United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security Global Venture chooses McAfee for Complex Security Landscape UAES Customer Profile Joint venture of the United
More information