Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI

Transcription

1 Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI Bob Gruszczynski VWoA OBD Communication Expert

2

3 Current Cybersecurity Status Challenges to OEMs regarding data access Vehicle data access vs. vehicle security Many entities requesting both legitimate and nonlegitimate access Inspection and Maintenance Workshop/Service Engineering and Environmental Office (EEO) 3

4 Current Cybersecurity Status Vehicle data access vs. vehicle security Insurance telematics Other telematics Prognostics Modification of powertrain components ( tuning ) Malicious attacks ( hacking ) Digital Millennium Copyright Act (DMCA) Engineering and Environmental Office (EEO) 4

5 Initially, due to research activity into vehicle hacking, efforts began to describe/define issues SAE- Electrical and Electronics Diagnostic Committee (J3005), Cybersecurity Systems Engineering Committee (J3061) NHTSA - Request for Comment on Automotive Electronic Control Systems Safety and Security US Government- GAO, US DOT, DHS S&T, NIST ISO TC204, TC32 Engineering and Environmental Office (EEO) 5

6 Current Cybersecurity Status OBD Devices Wirelessly enabled Wireless network can be spoofed Bluetooth enabled Malware installed in phone app Carnegie Mellon University study with NIST Volpe Research Center results at: pdf Preliminary results show poor software design and cybersecurity practices across a high percentage of currently deployed devices. Engineering and Environmental Office (EEO) 6

7 Current situation: scenario hacker attack over the mobile communication to the customer OBD dongle hacker attack hacker starts critical functions over the UDS protocol Engineering and Environmental Office (EEO) 7

8 There are many discussions about further concepts to solve the security problem with e.g. 3 rd -party dongles: 1. concept for a short-term solution Gateway equipped Non-Gateway equipped Hybrid 2. concept for a long-term solution Planned in future as a two step solution first step: protection of diagnostic access second step: protection of diagnostic data Engineering and Environmental Office (EEO) 8

9 Concept for a long-term solution first step: protection of diagnostics access secure channel Electronic Control Unit (ECU) signature verification and public key Diagnostic system private key and certificate signing request routing of security token Individual-ID: (VIN, ECU-ID, Project-ID) IT-Backend creation of security token identity and access management Log saves all events, accesses, and errors Engineering and Environmental Office (EEO) 9

10 Concept for a long-term solution second step: protection of diagnostic data secure channel Electronic Control Unit (ECU) signature verification and public key for every request which change data or start secured functions Engineering and Environmental Office (EEO) Diagnostic system Individual-ID: (VIN, ECU-ID, Project-ID) IT-Backend private key and certificate signing request & data For the second step there are a lot of open questions regarding process and possible advantages/ disadvantages, potential risks and problems (e.g. total dependence on Backend-System) 10

11 Why the Renewed Focus on OBDII Security? September 12: Letter from House Committee on Energy and Commerce to NHTSA RE: OBD-II Security request that NHTSA convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem. September 28: NHTSA requests SAE to take the lead and convene industry group to examine issue October 14: NHTSA response to House Committee highlights SAE role: At NHTSA s urging, SAE International has started a working group that is looking to explore ways to harden the OBD-II port. This group is making good progress and the Agency remains hopeful that the group will move expeditiously to develop a set of recommendations. Engineering and Environmental Office (EEO) 11

12 SAE Committees/Task Forces J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems J3016 Guidebook Helping to Frame Cybersecurity Policy J3005-1, -2 Guidelines for Operation and Security of Devices Connected to the Data Link Connector (DLC) J3138 Next slides Engineering and Environmental Office (EEO) 12

13 SAE hosted invitation-only industry workshop December 1. Goals: 1. Identify common issues, needs, and approach to secure the OBD 2. Gain buy-in to development of an accelerated standards approach Very well-attended by industry Leads: Mark Zachos, DGTech and Bob Gruszczynski, VW OEMS: BMW, Ford, GM, Honda, Hyundai, Isuzu, Toyota, VW Heavy Truck: Volvo, Cummins Associations: MEMA, ETI, Booz-Allen (Auto ISAC) Government/Regulators: ARB, NHTSA, NIST Engineering and Environmental Office (EEO) 13

14 Discussion yielded the following high-level scope items: What are we worried about? DLC access Point (J1939/J1962 connector) Re-programming modules; only concerned about unlocking Someone spoofing normal message content (writing non-diagnostic messages) Overloading the CAN Bus Overloading the gateway Ensuring solution complies with existing regulations and MOUs New on-road vehicles (less than 14K pound GVW) What are we not worried about? Other access points (infotainment, etc.) J1979 functionality Emission-related diagnostics; J1939 equivalent diagnostic functionality Physical attacks to the in-vehicle network Privacy Tool/dongle security Engineering and Environmental Office (EEO) 14

15 Next Steps 1. SAE staff work with volunteer leaders to further define rationale, scope, and process 2. Created new SAE Committee Data Link Connector Vehicle Security Committee 3. Created new Task Force to house New Work Item J3138 (Task Force Name TBD) 4. Committee meets monthly 5. J3138 in ballot 6. New Work Item Proposals started to address long-term items above Engineering and Environmental Office (EEO) 15

16 Thanks for your attention!!! Bob Gruszczynski OBD Communication Expert Volkswagen Group Engineering and Environmental Office (EEO) 16