Computer Security and the Internet of Things

Similar documents
Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington

Security Analysis of modern Automobile

Experimental Security Analysis of a Modern Automobile

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes

Phone: La Jolla, CA Website:

Adversary Models. EECE 571B Computer Security. Konstantin Beznosov

CAN Bus Risk Analysis Revisit

DOWNLOAD OR READ : US CELLULAR ANSWER WIRELESS PDF EBOOK EPUB MOBI

INNOVATIVE AUTOMOBILE SECURITY SYSTEM USING VARIOUS SECURITY MODULES

Experimental Security Analysis of a Modern Automobile

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

Keywords - Bluetooth, DTMF, Arduino Pro-Mini, Arduino IDE, power supply, automobile security, Vehicle theft.

Embedded Automotive Systems Security:

Security of Safety-Critical Devices

Automotive Attack Surfaces. UCSD and University of Washington

Automotive Audio Bus A B Transceiver Data Sheet

Development of Intrusion Detection System for vehicle CAN bus cyber security

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Cybersecurity Solutions for Connected Vehicles

Cross-Domain Security Issues for Connected Autonomous Vehicles

Chalmers Publication Library

Examining future priorities for cyber security management

The Internet of Things. Steven M. Bellovin November 24,

EMBEDDED MAJOR PROJECTS LIST

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210

e-pg Pathshala Subject : Computer Science Paper: Embedded System Module: Microcontrollers and Embedded Processors Module No: CS/ES/2 Quadrant 1 e-text

Security Concerns in Automotive Systems. James Martin

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Automotive Cyber Security

Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network

COMPUTER FUNDAMENTAL COMPUTER FUNDAMENTAL. page 1 / 5

A Formal Model to Facilitate Security Testing in Modern Automotive Systems

The Car as an Internet-Enabled Device, or how to make Trusted Networked Cars

Wireless Communications And Networks Solution Mark Zhuang

Fast and Vulnerable A Story of Telematic Failures

Home Automation: Survivor Privacy Risks & Strategies

ECE 1161/2161 Embedded Computer System Design 2. Introduction. Wei Gao. Spring

Network Security Attacks And Countermeasures By Dileep Kumar G

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

An Experimental Analysis of the SAE J1939 Standard

A Model for Security Analysis of Smart Meters

Innovative M-Tech projects list IEEE papers

Gateway Architecture for Secured Connectivity and in Vehicle Communication

Data Analytics for IoT: Applications to Security and Privacy. Nick Feamster Princeton University

why we need adversary models? Adversary Models elements of an adversary model Dolev-Yao model attacks and countermeasures are meaningless without

Security, Privacy, & User Expectations:

EMBEDDED SYSTEMS 2017 IEEE PROJECT

Connected Medical Devices

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

Securing the future of mobility

Jürgen Frank. Automotive Sr. Systems Engineer. September 2013

CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus

Security Challenges with ITS : A law enforcement view

Regulation and the Internet of Things

Pattern Recognition for Autonomous. Pattern Recognition for Autonomous. Driving. Freie Universität t Berlin. Raul Rojas

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Ubiquitous Computing. Ambient Intelligence

Risk-based design for automotive networks. Eric Evenchik, Linklayer labs & Motivum.io Stefano Zanero, Politecnico di Milano & Motivum.

Resilient Multidimensional Sensor Fusion Using Measurement History

to Address Cyber Physical Systems Security (CPSSEC)

Protecting the Home Front

Authentication with Privacy for Connected Cars - A research perspective -

The Design of Embedded Remote Intelligent Automotive Monitoring System based on GSM. Lijun Gao

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Resilient Multidimensional Sensor Fusion Using Measurement History

Introduction to Cyber Security Issues for Transportation

Achieving End-to-End Security in the Internet of Things (IoT)

The Invisible Trail: Third- Party Tracking on the Web

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy. ACM CCS 2010, Chicago, USA

Nashville MTA: Distracted Driving Bob Baulsir. Metropolitan Transit Authority General Manager of Administration Nashville, TN

Protecting Smart Buildings

Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks

When Not in Use: Remove the batteries if this device is to be left unattended or unused for a long period of time.

Wireless Best Kept Secret For Now

Network Programming I Computer Network Design

Intelligent Transportation Systems (ITS) for Critical Infrastructure Protection

Autorama, Connecting Your Car to

Automotive Cybersecurity: Meeting the High-Stakes Challenge

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Artificial Intelligence Drives the next Generation of Internet Security

Web-based Attacks on Local IoT Devices. Gunes Acar Danny Huang Frank Li Arvind Narayanan Nick Feamster

PRE-ARRIVAL DESTINATION PREPARATION

This is an electronic reprint of the original article. This reprint may differ from the original in pagination and typographic detail.

AQA GCSE Design and Technology 8552

Prevention of Information Mis-translation by a Malicious Gateway in Connected Vehicles

Your guide to getting the most out of the internet

Internet of Things. Transforming How We Live and Work. Chris Perera Senior Director, AT&T International External & Regulatory Affairs.

TomTom Innovation. Hans Aerts VP Software Development Business Unit Automotive November 2015

To realize Connected Vehicle Society. Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan

Managing the Unmanageable: A Risk Model for the Internet of Things

PRACTICING SAFE COMPUTING AT HOME

PLEASE NOTE! THIS IS SELF ARCHIVED VERSION OF THE ORIGINAL ARTICLE

Car Hacking for Ethical Hackers

M2M Evolution Topic: Connected Home of the future IoT. Comcast. Adam Gladsden & Tariq Chowdhury

Authentication with Minimal User Interaction

MANAGEMENT AND CONTROL OF SMART CAR WITH THE USE OF MOBILE APPLICATIONS

Transcription:

Computer Security and the Internet of Things Tadayoshi Kohno Computer Science & Engineering University of Washington At USENIX Enigma, January 2016

The Internet of Things Door Locks Thermostats Furnaces Toys Light Switches Refrigerators Cars Baby Monitors Fitness Tracker IoT: Any consumer device with computation and connectivity

Many Benefits, But Also Risks Door Locks Thermostats Furnaces Toys Light Switches Refrigerators Cars Baby Monitors Fitness Tracker IoT: Any consumer device with computation and connectivity

Many Benefits, But Also Risks Door Locks Thermostats Furnaces Toys Light Switches Refrigerators Cars Baby Monitors Fitness Tracker IoT: Any consumer device with computation and connectivity

Many Benefits, But Also Risks Door Locks Toys Cars This Talk: Security Light Switches and Privacy Risks with IoT Thermostats Baby Monitors Furnaces Refrigerators Fitness Tracker IoT: Any consumer device with computation and connectivity

IoT Security and Privacy Risks: Safety Privacy Inferred information Financial risks Stepping stones Zombies Uncertain future A Broad Set of Issues

IoT Security and Privacy Risks: Safety Privacy Inferred information Financial risks Stepping stones Zombies Uncertain future A Broad Set of Issues

IoT Security and Privacy Risks: Safety Privacy Inferred information Financial risks Stepping stones Zombies Uncertain future A Broad Set of Issues This Talk: Examples Goal: Encourage broad thinking about security and privacy risks (and possible defenses) Thank You: UW students, UW faculty, other students, other faculty, NSF, Google, Intel, Microsoft

Example 1: Modern Cars Engine Brakes Dash Steering Wheel speed sensor Telematics Satellite radio Remote door unlock / lock Diagnostics port Example automotive computer network K. Koscher, et al. Experimental Security Analysis of a Modern Automobile. IEEE S&P, 2010. S. Checkoway, et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces. Usenix Security, 2011. (University of Washington, University of California San Diego.)

Engine Brakes Dash Steering Wheel speed sensor What About Security? Telematics Satellite radio Remote door unlock / lock Diagnostics port? Example automotive computer network K. Koscher, et al. Experimental Security Analysis of a Modern Automobile. IEEE S&P, 2010. S. Checkoway, et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces. Usenix Security, 2011. (University of Washington, University of California San Diego.)

Approach Bought two, 2009-edition modern sedans UW team bought one, kept in Seattle UC San Diego team bought one, kept in San Diego Work published in 2010 and 2011 (Recently, new works published by others) K. Koscher, et al. Experimental Security Analysis of a Modern Automobile. IEEE S&P, 2010. S. Checkoway, et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces. Usenix Security, 2011. (University of Washington, University of California San Diego.)

Multiple Entry Points Engine Brakes Dash Steering Wheel speed sensor Telematics Satellite radio Remote door unlock / lock Diagnostics port 555-555-5555 Internet Telephone Network Telematics Service Provider Example automotive computer network Attacker s Internet Servers Attacker

Road Test: Apply Brakes K. Koscher, et al. Experimental Security Analysis of a Modern Automobile. IEEE S&P, 2010. S. Checkoway, et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces. Usenix Security, 2011. (University of Washington, University of California San Diego.)

Road Test: Disengaging Brakes Lesson: Safety Risks K. Koscher, et al. Experimental Security Analysis of a Modern Automobile. IEEE S&P, 2010. S. Checkoway, et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces. Usenix Security, 2011. (University of Washington, University of California San Diego.)

End-to-end Theft Example Lesson: Financial Risks Call car, exploit vulnerabilities to implant new software, car connects (over Internet) to UW server, then run theft program

End-to-end Surveillance Example Lesson: Privacy Risks Call car, exploit vulnerabilities to implant new software, car connects (over Internet) to UW server, initiate surveillance

Example 2: Children s Toys T. Denning, et al. A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons. International Conference on Ubiquitous Computing, 2009. (University of Washington.)

Example 2: Children s Toys WiFi + webcam children s toys are a thing Unfortunately, webcams accessible to external adversaries Lesson: Privacy Risks Lesson: Financial Risks Lesson: Who Admins Lesson: Who Affected T. Denning, et al. A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons. International Conference on Ubiquitous Computing, 2009. (University of Washington.)

Example 3: More On Cars Engine Brakes Dash Steering Wheel speed sensor Telematics Satellite radio Remote door unlock / lock Diagnostics port Example automotive computer network 555-555-5555 Insurance Dongle Telephone Network Telematics Service Provider Insurance Company M. Enev, et al. Automobile Driver Fingerprinting. Privacy Enhancing Technology Symposium, 2016. (University of Washington.)

Example 3: More On Cars Engine Brakes Dash Steering Wheel speed sensor Telematics Satellite radio Existing network traffic within the Remote door unlock / lock car is sufficient to identify the driver (from a small set of possible drivers) Diagnostics port Example automotive computer network 555-555-5555 Insurance Dongle Telephone Network Telematics Service Provider Lesson: Inferable Information Insurance Company M. Enev, et al. Automobile Driver Fingerprinting. Privacy Enhancing Technology Symposium, 2016. (University of Washington.)

Example 4: Powerline Monitoring Toaster Washing Machine Per-device powerline monitor Stove TV Powerline monitoring enables per-device energy consumption visibility Our results: Infer TV show from from powerline measurements Lesson: Inferable Information M. Enev, et al. Televisions, Video Privacy, and Powerline Electromagnetic Interference. ACM Conference on Computer and Communications Security, 2011. (University of Washington.)

Example 5: Home Automation Door Lock Furnace Home Automation Controller Dimmer CFL Light Bulb Internet T. Oluwafemi, et al. Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security. Learning from Authoritative Security Experiment Results (LASER), 2013. (University of Washington.)

Example 5: Home Automation Door Lock Home Automation Controller Internet Furnace Dimmer CFL Light Bulb Well known: If can compromise home automation controller, can affect devices in home But what about non-networked devices? Lesson: Stepping Stones Lesson: Non-IoT IoT Devices Lesson: Zombies Lesson: Uncertain Future T. Oluwafemi, et al. Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security. Learning from Authoritative Security Experiment Results (LASER), 2013. (University of Washington.)

Thanks! Automotive computer security (UW, UC San Diego) Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage Toy computer security (UW) Tamara Denning, Cynthia Matuszek, Karl Koscher, Joshua R. Smith Automotive driver fingerprinting (UW) Miro Enev, Alex Takakuwa, Karl Koscher Powerline monitoring (UW) Miro Enev, Sidhant Gupta, Shwetak Patel Home automation security (UW) Temitope Oluwafemi, Sidhant Gupta, Shwetak Patel

IoT Security and Privacy Risks: Safety Privacy Inferred information Financial risks Stepping stones Zombies Uncertain future A Broad Set of Issues This Talk: Examples Goal: Encourage broad thinking about security and privacy risks (and possible defenses) Thank You: UW students, UW faculty, other students, other faculty, NSF, Google, Intel, Microsoft

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback