Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Similar documents
Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Dedicated Short Range Communication: What, Why and How?

Connected Car. Dr. Sania Irwin. Head of Systems & Applications May 27, Nokia Solutions and Networks 2014 For internal use

Automotive Cyber Security

Hardening Attack Vectors to cars by Fuzzing

GNU Radio Software Defined DSRC Radio

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

To realize Connected Vehicle Society. Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan

Cooperative Vehicles Opportunity and Challenges

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Examining future priorities for cyber security management

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Introduction to Internet of Things Prof. Sudip Misra Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

ARM processors driving automotive innovation

13W-AutoSPIN Automotive Cybersecurity

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Securing the future of mobility

Context-Aware Vehicular Cyber-Physical Systems with Cloud Support: Architecture, Challenges, and Solutions

CAV: Industry Perspectives and Impacts. Martha Morecock Eddy

Development of Intrusion Detection System for vehicle CAN bus cyber security

Vehicle Trust Management for Connected Vehicles

A. SERVEL. EuCNC Special Sessions 5G connected car 01/07/2015

The Fully Networked Car. Trends in Car Communication. Geneva March 2, 2005

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Autorama, Connecting Your Car to

Roger C. Lanctot Director, Automotive Connected Mobility

Security Analysis of modern Automobile

Accelerating solutions for highway safety, renewal, reliability, and capacity. Connected Vehicles and the Future of Transportation

Connect Vehicles: A Security Throwback

Vehicle To Android Communication Mode

Secure Product Design Lifecycle for Connected Vehicles

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Virginia Connected Corridor

Vehicle Safety Communications Project Final Overview

Green Lights Forever: Analyzing the Security of Traffic Infrastructure

Automotive Gateway: A Key Component to Securing the Connected Car

SIP Automated driving systems

Security for V2X Communications

Next Generation Infotainment Systems

WardsAuto Interiors Conference Creating the Ultimate User Experience

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Emergency Response: How dedicated short range communication will help in the future. Matthew Henchey and Tejswaroop Geetla, University at Buffalo

MATLAB Expo 2014 Verkehrszeichenerkennung in Fahrerassistenzsystemen Continental

Service Technical Resources MUT-III. (Multi-Use Tester-III*) Quick Reference Guide

NCHRP Project Impacts of Connected Vehicles and Automated Vehicles on State and Local Transportation Agencies

Turbocharging Connectivity Beyond Cellular

Connected Vehicle Safety Pilot Overview and Infrastructure Readiness

Vehicle Connectivity in Intelligent Transport Systems: Today and Future Prof. Dr. Ece Güran Schmidt - Middle East Technical University

Applying Lessons Learned to V2X Communications for China

Industry 4.0 & Transport for Digital Infrastructure

The Future of Mobility

What kind of terminal do vehicles need? China Unicom Research Institute Dr. Menghua TAO July, 2015

Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent

Overvoltage protection with PROTEK TVS diodes in automotive electronics

5G promotes the intelligence connected vehicles. Dr. Menghua Tao Senior Solution Manager China Unicom

Attack Resilient State Estimation for Vehicular Systems

Countermeasures against Cyber-attacks

Connected Cars as the next great consumer electronics device

Wireless LAN Security (RM12/2002)

Advanced IP solutions enabling the autonomous driving revolution

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

Design Considerations And The Impact of CMOS Image Sensors On The Car

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

TRENDS IN SECURE MULTICORE EMBEDDED SYSTEMS

CONNECTED VEHICLE COMMUNICATIONS IN A RURAL SETTING

WeVe: When Smart Wearables Meet Intelligent Vehicles

Development Progress and OEM Perspective of C-V2X in China

Security Concerns in Automotive Systems. James Martin

ARC-IT v8 Workshop ARC-IT TOOL SET

Authentication with Privacy for Connected Cars - A research perspective -

Intelligent Transportation Systems (ITS) for Critical Infrastructure Protection

INSTRUMENT CLUSTER 2.0

Build a Driver Information System with IoT Technology

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Cyber security of automated vehicles

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Functional Safety Architectural Challenges for Autonomous Drive

Wireless Attacks and Countermeasures

Protection Against DDOS Using Secure Code Propagation In The VANETs

Electrification of Mobility

Security Challenges with ITS : A law enforcement view

Goals and prospects of embedded electronic automotive systems

Verification and Validation of High-Integrity Systems

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

to Address Cyber Physical Systems Security (CPSSEC)

Federal Mobility: A Year in Review

2014 Civic Sedan LX and HF

10 FOCUS AREAS FOR BREACH PREVENTION

Internet of Things Toolkit for Small and Medium Businesses

Serial EEPROM for Automotive New Advanced series

V2X: Beyond the Horizon. IBTTA AET Meeting July 18, 2017

An Experimental Analysis of the SAE J1939 Standard

Multimedia Convergence & ACCI Sector Overview

2014 Accord Coupe LX-S

RF and Antenna Consideration

Science & Technology Directorate: R&D Overview

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Transcription:

Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Cars are becoming complex (and CAV is only part of it) 1965: No computers No software 2018: http://www.informationisbeautiful.net Up to ~200 computers Consider TPMS are 4 computers and wireless >100 million lines of code Connected to internet

CAV Overview Cooperative system where vehicles communicate: With each other (V2V) With infrastructure (V2I) With pedestrians, bicycles, etc (V2X) Improves: Safety, Mobility, Environmental Impact Example Applications: Emergency Electronic Brake Lights (V2V) Overheight Vehicle Detection and Warning (V2I) Same can be said for C-V2X

CV Environment (Attack Surfaces) For CAV to be successful it must be integrated into the transportation infrastructure

AV Environment (Attack Surfaces) Sensor suite might include Radar Camera imagery Lidar Ultrasonics GPS Electronics also include Electronically controlled actuators Infotainment systems Software Over the Air (SOTA) Updates

Security is a Balance How much do you want to pay for security? Usually not a lot until you are compromised Like all technology solutions, a balance has to be reached based on funding, accessibility and reality Every organization has to decide the level of acceptable risk

Four Major Aspects of Cybersecurity How can someone gain unauthorized access? What could they do if they gained access? How can we detect unauthorized access? What can be done in response to an attack?

How Do Cyber Attacks Occur: Physical Inspection With physical access to ECU, hacker looks for attack surfaces Recovery of system secrets Cryptographic Keys Passwords Intercept communications Network and IP Traffic Internal Signals Modify and inject traffic Serial Cellular CAN

Vulnerability / Penetration Surfaces Types Cellular CB Radio WiFi Bluetooth GPS Approaches Denial of service Device spoofing Traffic injection Software Over the Air updates

Malware Effects Controller Area Network (CAN) Bus CAN bus replaced point to point wiring, all interconnected Messages are broadcast Messages are easily cracked ECU broadcast any message engine electronics, transmission electronics, chassis electronics, active safety, driver assistance, passenger comfort, entertainment systems, electronic integrated cockpit systems, lambda control, onboard diagnostics, cooling system control, ignition system control, turbo charger control, lubrication system control, fuel injection rate control, throttle control, transmission electronics, chassis electronics, anti-lock braking system, traction control system, electronic brake distribution, electronic stability program, passive safety, air bags, hill descent control, emergency brake assist system, driver assistance, lane assist system, speed assist system, blind spot detection, park assist system, adaptive cruise control system, pre-collision assist, passenger comfort, automatic climate control, electronic seat adjustment with memory, automatic wipers, automatic headlamps - adjusts beam automatically, automatic cooling - temperature adjustment, infotainment systems, navigation system, vehicle audio, information access, tire pressure monitoring system (Wikipedia)

Possible Penetration Effects ECU control via CAN bus messages Auto start/stop Brakes Lane assist / collision avoidance Cruise control Steering Impact of these attacks: Erodes public trust Raises awareness improves security practices Financial cost (recalls, lawsuits, etc)

CAV Environment Potential Attacks Injecting bad data that is then communicated over trusted comms Using comms or physical means to hack vehicle and control it or obtain trusted security credentials Flood DSRC safety & control channels Spoofing, jamming, or subtle skew of GPS signal Use roadway infrastructure to infiltrate TMC network Simulate vehicles that will trigger safety apps. Tough to detect if sensors are occluded Hack RSE and alter SPAT/MAP messages Broadcast incorrect messages to/from Vulnerable Road Users

Detection What makes detection hard Open nature of CAN bus Processing costs money People want to work on their cars (custom ROMs) How do you detect attacks CAN traffic profiling It takes processing power Checksums on file systems

Defense / Response Vehicle manufacturers are taking steps to secure their vehicles Progress is being made to harden SOTA updates mechanisms e.g. DHS Uptane Traffic management infrastructure networks are being hardened, e.g. NCHRP Project 03-127

How to Prevent Attacks: White Hat Hacking (Penetration Testing) Discover & patch vulnerabilities before production Methodical approach ensures that most frequent and most damaging attacks are mitigated Helps create and maintain a secure system at an acceptable level of risk

Summary Key takeaways: CAVs are already here and the number of CAVs will increase in years to come DSRC will add another attack surface for vehicles and infrastructure Almost everything is hackable or trackable DSRC standards are designed to make it much more difficult to hack or track than other communication mechanisms in the CV environment What can we do to prepare for DSRC deployment? Extend security and data privacy systems, practices and policies to handle CAV data and infrastructure Small pilot deployments to analyze security and privacy impacts this can inform a larger deployment in the future

Questions?

Robert Heller, Ph.D. Program Director R&D Intelligent Systems Division 210.522.3824 robert.heller@swri.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback