Automotive Cyber Security Rajeev Shorey (Ph.D.) Principal Scientist TCS Innovation Labs Cincinnati, USA & Bangalore, India Copyright 2013 Tata Consultancy Services Limited Connected Vehicles Chennai, 18 January 2017 1
Smart Cars 2
Driverless Car by Google Velodyne 64-beam laser. San Francisco s Lombard Street 3 3
The GM OnStar System: The First Smart Telematics Solution in the World Enterprise Telematics Platform Cellular Channel Backend Cellular Communication 4
Key Challenge in the Automotive Sector Copyright 2013 Tata Consultancy Services Limited 5
GOAL KEY QUESTIONS CATEGORIES Categories of Automotive Cyber Security Automotive Cybersecurity: Our View Cybersecurity is Critical to Connected Customer Value In-Vehicular Security V2X Security Security of Services Design Build Use How to co-design software and hardware for cybersecurity? How to offer a trusted platform? How to ensure interoperability? How to conform to standards in cybersecurity? How to build connected products that are secure? How to ensure that latest design changes are integrated in production? How to ensure secure usage of connected architecture? How to handle vulnerabilities before, during & after threats? How to allow customers configure features at low risks? Manage Trade-offs for Robust Auto Security Securing content, Authenticating Sender and Receiver of Messages, And Protecting Privacy and Data Across Stakeholders 6
Attack & Defense Scenario Framework for Threat Modeling Attack & Defence Database uses a list of attacks by vulnerable subsystems ensuring that response mechanisms are effective in cost and speed at all levels POTENTIAL VULNERABLE SUBSYSTEMS ATTACK CATEGORIES : EXAMPLES Infotainment Web Applications are Provided In the Vehicle Broken Authentication & Session Management Insecure Direct Object References Sensitive Data Exposure Security Misconfiguration Missing Function Level Access Control Cross-site Request Forgery Unvalidated redirects and forwards 7
What makes Security Critical? Increasing Electronics, Control & Software (ECS) Increasing & Complex Features Infotainment & Entertainment Wireless Links (Bluetooth, WiFi, Cellular, Radio, etc) Drive towards Autonomous Vehicles CISCO world in the Vehicle CAN, Flexray bus ECUs Compute Platform/Gateway Firewalls, 8
Example: V2X Communications X: Vehicle or Infrastructure Copyright 2013 Tata Consultancy Services Limited 9
V2X Communications Avoiding lane change collision Collision mitigation Avoiding rear-end collision Vehicle brakes hard Avoiding intersection collision V2V: Vehicle to Vehicle V2I: Vehicle to Infrastructure V2P: Vehicle to Pedestrian Traffic signal 10
Security Threats in V2V & V2I Figure Source : http://ivc.epfl.ch/ 11
Communication for Active safety Design Drivers & Security Attributes for V2X Safety Applications V2V or V2I scenarios Balancing customer safety and connectivity in a transient multi-modal communication environment is a major challenge Design Drivers for PKI Resource Constrained Platform Limited computation, storage, memory System-wide scalability Many-to-many localized interactions Communication transmission Intermittent connections with lossy or unreliable transmission Interoperability Extensible security framework Message Integrity & Entity Authentication Transmitter is genuine, not tampered in transit Non-repudiation Receiver can prove that it s the sender who transmitted the message Privacy Anonymity, Un-linkability Correctness Detecting compromised units Security Attributes for V2X Robust V2X interfaces developed with rapid validation is an innovation opportunity 12
Concluding Remarks Cyber Security offers rich challenges for both Industry & Academia An excellent example is Autonomous Cars Automotive Cyber Security is an extremely challenging area There are a plethora of technical and business challenges in the space The area is attracting huge interest within OEMs, Tier 1 and Tier 2 organizations 13
Thank You rajeev.shorey@tcs.com rajeevshorey@gmail.com Copyright 2013 Tata Consultancy Services Limited 14