How Security Mechanisms Can Protect Cars Against Hackers Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec. 3 rd 2015
Driver s Fears Are Being Fueled by Recent News ConnectedCars, new opportunies for hackers IAA: New Autonomous Driving Concepts Elektrobit (EB) 2015 2
Connected Car Offers New Business Models for Hackers? Elektrobit (EB) 2015 3
Autonomous Theft? Elektrobit (EB) 2015 4
Agenda Electronic Control Unit (ECU) Security On-board Network Security Excursion: Security Issues in a Safety Environment Vehicle Security The Connected Car 5
Agenda Electronic Control Unit (ECU) Security On-board Network Security Excursion: Security Issues in a Safety Environment Vehicle Security The Connected Car 6
ECU Security Secure update Secure boot Hardware security module Software as a product Elektrobit (EB) 2015 7
Secure ECU Software Architecture Application RTE OS Applications SW asa product AutoCore CSM CryHSM Bootloader/Flasher Bootloader/ Flasher Authentication SW signature verification OS (opt.) Secure Boot Hardware Hardware Security Module (HSM) EB Software e.g. Ethernet, FlexRay, CAN, LIN Elektrobit (EB) 2015
Elektrobit s Security Solutions Software and Hardware Security Modules Application Interface layer Csm AUTOSAR Csm Implementation layer Cry { data = 42mil/h ; key = 0x1234; secure(data, key); } Software implementation CryShe Security Hardware peripheral Elektrobit (EB), 2015 9
Elektrobit s Security Solutions Software and Hardware Security Modules Application Interface layer Csm AUTOSAR Csm HSM Core SHE-Firmware Implementation layer Cry { data = 42mil/h ; key = 0x1234; secure(data, key); } Software implementation CryHsm/ CryIf HSM Com Security Hardware peripheral EB supports the algorithms you need! Elektrobit (EB), 2015 10
Agenda Electronic Control Unit (ECU) Security On-board Network Security Excursion: Security Issues in a Safety Environment Vehicle Security The Connected Car 11
On-Board Network Security Theft protection Anomaly detection Intrusion detection Secure communication Elektrobit (EB) 2015 12
On-Board Network Security Application Anti theft Milage prot. Applications Intrusion Det. SW asa product Bootloader/Flasher Bootloader/ Flasher RTE Authentication OS (opt.) OS SecOC AutoCore CSM CryHSM SW signature verification Secure Boot Hardware Hardware Security Module (HSM) ECU ECU EB Software Ethernet, FlexRay, CAN, LIN Elektrobit (EB) 2015 13
Agenda Electronic Control Unit (ECU) Security On-board Network Security Excursion: Security Issues in a Safety Environment Vehicle Security The Connected Car 14
Security: Protection against external access, e.g. hacks Safety: reliable execution environment for ECUs. knowing what the system does Security protects Safety There is no safety without security and vice versa Elektrobit (EB) 2015
Agenda Electronic Control Unit (ECU) Security On-board Network Security Excursion: Security Issues in a Safety Environment Vehicle Security The Connected Car 16
Vehicle Security: Various Access Points Car2Infrastructure Car2Car ecall Bluetooth connection Wireless key Internet connection WiFi Hotspot Remote HVAC Remote start Tire pressure monitor Elektrobit (EB) 2015 17
Current Vehicle Systems Architecture Gateway CAN CAN FlexRay Elektrobit (EB) 2015 18
Future Vehicle Systems Architecture Intrusion detection Gateway Anomaly detection Ethernet Ethernet Ethernet Ethernet Ethernet Elektrobit (EB) 2015 19
Use Case: Smart Antenna Elektrobit (EB) 2015 20
Smart Antenna Concentrate Wireless access Cloud App Cloud App Cloud App Firewall ASIL SWCs AS SWCs AS SWCs Secure Separation Threat monitoring e.g. Linux Firewall Secure COM OS RTE SecOC AutoCore CSM CryHSM Denial of Service prev. Hypervisor Hardware Hardware Security Module (HSM) ECU ECU EB Software Ethernet, FlexRay, CAN Elektrobit(EB) 2015 21
Vehicle Security Elektrobit (EB) 2015 22
Agenda Electronic Control Unit (ECU) Security On-board Network Security Excursion: Security Issues in a Safety Environment Vehicle Security The Connected Car 23
The Connected Car Elektrobit (EB) 2015
The Connected Car Elektrobit (EB) 2015
The Connected Car Elektrobit (EB) 2015
How security mechanisms can protect cars against hackers The Connected Car Elektrobit (EB) 2015
Over the Air Functionality 100% security is an illusion Secure Backend Channel Firewall Secure OTA update Remote diagnostics SW storage Secure COM Over theair: SW update agent Remote Diagnostics agent Identity vs. privacy Firewall Hypervisor Hardware Hardware Security Module (HSM) Target ECU Target ECU EB Software Ethernet, FlexRay, CAN Elektrobit(EB) 2015 28
EB Security Platform EB Security Portfolio Secure separation Hypervisor Virtualisation Crypto Algorithms SHE drivers HSM drivers Secure HW HSM firmware Future Security HW Security architecture OTA Secure Connection Update strategies Implementation Backend Security applications Unlock / Download SW as Product Secure Com Testing & Certification Functional Penetration Testing FIPS / Com. Criteria Key management Sym/Asym Key Derivation Initial / Update Secure Communication Firewall Intrusion-/Anomaly detection Security Consulting Architecture Solutions How-To Car2X Consulting Implementation Testing Elektrobit(EB), 2015 29
Summary Summary Security is necessary on all levels In ECUs and between ECUs In the vehicle and between vehicles In the backend A big challenge, but you are not alone Existing and approved mechanisms available EB secures vehicles for more than 15 years Security needs constant care Monitoring on all levels Update over the air is key to keep cars secure Visit us at: https://www.elektrobit.com/security Elektrobit (EB) 2015 30
Thank you Christoph.Dietachmayr@elektrobit.com automotive.elektrobit.com