Linux in the connected car platform

Similar documents
The Internet of Things. Steven M. Bellovin November 24,

NC1701 ENHANCED VEHICLE COMMUNICATIONS CONTROLLER

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

Securing the Connected Car. Eystein Stenberg CTO Mender.io

How to Build a Culture of Security

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Final Report. Project Title: Dial A Whip

CANSPY A Platform for Auditing CAN Devices

Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent

Resilient IoT Security: The end of flat security models

How to Stay Safe on Public Wi-Fi Networks

GAT Handheld Coder Pro+ User Manual

THE CHAIN OF TRUST. Keeping Computing Systems More Secure. Authors: Richard Wilkins, Ph.D. Phoenix Technologies, Ltd.

Securing Software Updates for IoT Devices with TUF and Uptane. Ricardo Salveti Principal Engineer

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017

IT Chapter 6: Laptops & Portable Devices Online Study Questions - Key

Why This Major Automaker Decided BlackBerry Cybersecurity Consulting was the Right Road to Protecting its Connected Cars

Perform Manual System Restore Xp Safe Mode Not Working

UART Thou Mad? An Introduction to the UART Hardware Interface. Mickey Shkatov. Toby Kohlenberg

WiZi-Cloud: Application-transparent Dual ZigBee-WiFi Radios for Low Power Internet Access

CompTIA Linux+ Guide to Linux Certification Fourth Edition. Chapter 2 Linux Installation and Usage

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Securing IoT with the ARM mbed ecosystem

ReadyNAS OS 6 Desktop Storage Systems Hardware Manual

OBD Auto Doctor. User Manual for ios (iphone and ipad) Copyright 2018 Creosys Ltd

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

whitepaper ClickShare Security

Manufacturing Tools in the UEFI Secure Boot Environment

The PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference

Getting Started. Here's how to get started using your Zip 250 drive: 1. Unpack the Zip 250 drive and accessories.

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Productizing Linux Applications. What We ll Cover

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Skywire Software Developer s Guide

Open Source in Automotive Infotainment

User s Guide Version 0.5.1

Secure Desktop KVM Switch Update. Keep classified information classified.

LAUNCH. X-431 PADII Product Introduction

Through the years we ve come

SMiRF v1 Serial Miniature RF Link 8/25/2004

My Personal Flasher (MPF) - User Guide for Android

P2P. 1 Introduction. 2 Napster. Alex S. 2.1 Client/Server. 2.2 Problems

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Linux+ Guide to Linux Certification, Third Edition. Chapter 6 Advanced Installation

PRE-INSTALL QUESTIONS

In-Vehicle Computers

I/O Management Software. Chapter 5

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Software Updates for Connected Devices

Android System Development Training 4-day session

Fastboot Techniques for the x86 Architecture. Ben Biron QNX Software Systems

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

Diagnostic Trends 2017 An Overview

IoT The gift that keeps on giving

Embedded Systems. Octav Chipara. Thursday, September 13, 12

Power Management for Embedded Systems

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Flash Drive Won T Mount Windows 7 Won't Recognize

MOD MyFord Touch Installation Manual Full plug and play programming and power kit, for Ford Vehicles with 8" MyFord Touch Displays

Active Power Programmer Instructions

ctio Computer Hygiene /R S E R ich

10 Steps to Virtualization

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Vitheia IoT Services

Pmod ESP32 Reference Manual

Security Concerns in Automotive Systems. James Martin

What every attorney should know about E-security Also, ESI

RouterCheck Installation and Usage

Protecting the Platforms. When it comes to the cost of keeping computers in good working order, Chapter10

MDVR 800 QUICK START GUIDE

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

The case for a Vehicle Gateway.

Honey Pot Be afraid Be very afraid

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

Countermeasures against Cyber-attacks

Operating Systems Concepts

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

The Information Age has brought enormous

Wind River. All Rights Reserved.

breathehr security, reliability and GDPR

A NEW CONCEPT IN OTA UPDATING FOR AUTOMOTIVE

Another difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Bluetooth Keyless Entry System - Lite

Parrot MINIKIT Neo 2 HD. User guide

Wireless Home Control System

CompTIA A+ Accelerated course for & exams

M2MD Communications Gateway: fast, secure, efficient

Windows. Not just for houses

Manual Boot Camp Install Windows 7 Greyed Out Boot

Flux family secrets strategy guide

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016

Transcription:

Linux in the connected car platform

Background Long time desktop Linux user Designed several capes for the BeagleBone Black Currently an Embedded engineer for Dialexa

What is a connected car anyway? A physical device, either original equipment or aftermarket, that provides data about your car to a web service. Can also allow remote control of some aspects of your car, such as starting the car, controlling the locks, and more.

Connected cars now Connected cars now are where cell phones were back in the late 90s. Proprietary operating systems, archaic interfaces, and little cross platform standardization This is set to change rapidly as connected car hardware becomes commoditized, just as happened with cell phones

Challenges Security of OBDII bus Firmware updates Power consumption Reliability Boot time

Security Automakers have historically relied on security through obscurity OBDII defines no means of securing access to the car s network Devices already embedded in the car could be compromised

Security J1850 and older ISO protocols communicate only with the ECU Still potentially an attack vector, but not as bad as CAN bus More recent cars are partitioning critical systems onto a separate bus, but there are still devices which bridge between the two networks

Security Legislators are beginning to pay attention to the area of vehicle security [2] Hackers are beginning to pay very close attention to the area of vehicle security [3]

CAN bus CAN became the standard in 2003 and is now the required protocol The standard for outside interfacing to cars is ISO11898-2, which is high speed CAN High speed can is limited to a linear bus structure

CAN bus Being a two wire differential protocol, if you can read you can write A malicious device on the high speed CAN bus can halt communications, or fake transmissions from critical sensors

Firmware updates Vulnerabilities are being announced at an ever increasing rate Updating the device firmware is even more important in a critical application such as this A firmware update is useless if the process can be subverted to load malicious code

Firmware updates The Progressive device was hacked by someone emulating a cell tower. What seems like a great deal of effort to hijack firmware is not as difficult as we may believe

Power There is no way to detect that a car is in the Accessory state from the OBD port Accidentally waking from sleep and staying on is unacceptable, nobody wants to come back to a flat battery

Power Reading the voltage present on the OBD port is dicey, you aren t guaranteed anything about the car s battery chemistry or setup, you would just be making assumptions

Reliability People treat their cars, largely, as an appliance If it doesn t work, they aren t interested in troubleshooting, they just need to get it to a working state. They will remove your device if they think it causes a problem

Boot time People want starting the car to be a seamless experience, everything starts up together Boot time is difficult to minimize on embedded systems due to slow flash and lack of suspend

How does Linux solve these challenges? It doesn t. Linux is a kernel. The system you design must solve these challenges. Linux is, however, a powerful tool to help you solve them.

Do one thing and do it well The tendency to want to have one system do everything is dangerous in this context One of Linux s greatest tools is that it integrates well into a larger system This flexibility lets you pick the best solutions, as opposed to the ones your vendor supports

How we approached the problem

Improving Security - Define the threat Everything is not a valid answer Neither is the bad guys Physical attacks against the device are very difficult to mitigate in a consumer setting, but also are far more rare than remote attacks over a network interface

Improving Security Even then, just as a lock on the door of your house will not stop a determined attacker, neither will our security measures guarantee that the device cannot be broken Our best course is then to limit the amount of damage that can be done if someone does gain control of a device with a network interface

Separation of responsibilities An STM32F1 is responsible for communication with the car. It streams data back to the rest of the system via UART and receives single byte commands only. The programing pins are not exposed, its firmware is sealed at manufacture.

Separation of responsibilities Bluetooth communications with a phone are handled with a CC2451 which sits in line with the Linux SoM and the STM32. It retransmits messages going in both directions, and send the data from the STM32 to the phone

Separation of responsibilities The Linux SoM is an AR9331 based module with 64M of RAM and 16M of Flash Kernel version 3.10 Provides a WiFi hotspot via a USB LTE module, and handles packaging data to send to the back end web service

The Firmware The STM32 runs a custom OBDII stack capable of any standard supported by the OBDII standard The CC2541 has a minimal firmware to pass data back and forth, and populate a GATT database for collection by a phone The firmware on both of these are fixed at manufacture

Choice of distribution OpenWRT has mainline support not only for the AR9331 but for our particular SoM Mainline support is huge Evil vendor trees are just that, evil

Package updates on the SoM In 16M of flash there wasn t enough room for us to update the entire OS image over the air while having a fallback image, so the kernel is fixed at manufacture The packages, however, can be updated Packages are signed by us, and updates are hosted on our server

Securing back end communications Each device is issued a private key at manufacture, the public key is sent to the back end along with the device ID Each message is signed when it is sent, inside of an HTTPS connection with certificate verification

Power management Handled by the STM32 Successful communication with the ECU will start up the CC2541 and the SoM Loss of communication will send a graceful shutdown message to the rest of the system before the STM32 shuts off power and goes into a sleep cycle itself

Boot time Suspend to disk is a huge help here, but unfortunately there is not enough space Suspend to ram is not supported on many embedded processors Boot time is more than just kernel and userspace, the LTE module takes time to come up as well

Boot time OBDII interface and BLE are on almost immediately, SoM boot time is about 30 seconds OpenWRT uses plain init scripts, optimizations have been to bring the LTE interface up as fast as possible

Conclusions Security is paramount. All the nifty features in the world won t make up for damaging someone s car or worse. Linux won t solve your problems, but it will be a powerful tool in solving them. Connected cars are another opportunity to show the flexibility of Linux based solutions.

Questions

More info Slides at voidptr.org @carpman on twitter, Daniel Jackson on google+ (for as long as Google lets it live)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback