Development of Intrusion Detection System for vehicle CAN bus cyber security

Similar documents
13W-AutoSPIN Automotive Cybersecurity

Security Analysis of modern Automobile

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Secure Product Design Lifecycle for Connected Vehicles

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Hardening Attack Vectors to cars by Fuzzing

Security Concerns in Automotive Systems. James Martin

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017

Trusted Platform Modules Automotive applications and differentiation from HSM

Automotive Attack Surfaces. UCSD and University of Washington

Securing the future of mobility

Automotive Cyber Security

INSTRUMENT CLUSTER 2.0

An Experimental Analysis of the SAE J1939 Standard

Examining future priorities for cyber security management

Cyber Security and Vehicle Diagnostics. Mark Zachos DG Technologies

SECURING DEVICES IN THE INTERNET OF THINGS

Security Challenges with ITS : A law enforcement view

Context-aware Automotive Intrusion Detection

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

Countermeasures against Cyber-attacks

Securing the Autonomous Automobile

SECURING DEVICES IN THE INTERNET OF THINGS

Autorama, Connecting Your Car to

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI

Audi 2014 Q5-A001 TUTORIAL.

White Paper. Connected Car Brings Intelligence to Transportation

AI & Machine Learning

Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?

Monitoring Driver Behaviour Through Mobile Phones OSeven

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Experimental Security Analysis of a Modern Automobile

InControl INCONTROL OVERVIEW

Securing Devices in the Internet of Things

CAPTURE THE UNEXPECTED

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Application. Diagnosing the dashboard by the CANcheck software. Introduction

How Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

Turbocharging Connectivity Beyond Cellular

Quick Start Guide Pre-and Post-Scanning.

SKYNET HYBRID FLEET SOLUTION ABOUT US. Satellite Communications. SkyNet Satellite Communications

Audi Q key programming- Help File

Achieving End-to-End Security in the Internet of Things (IoT)

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

NEXT Mobile Video Tracking

MASP Chapter on Safety and Security

Cyber security of automated vehicles

SECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University

How AlienVault ICS SIEM Supports Compliance with CFATS

Dealer Ordering Guide

McAfee Network Security Platform 8.3

Cyber security mechanisms for connected vehicles

Connected Car Solutions Based on IoT

SmartWitness KP1S. Installation Guide. v.1.2

Computer Security and the Internet of Things

KNX Secure. KNX Position Paper on Data Security and Privacy

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

Cyberspace : Privacy and Security Issues

SmartWitness SVC1080-LCS

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Splunking Your z/os Mainframe Introducing Syncsort Ironstream

How Safe are Your Vehicles?

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Driving Smarter Fleets & Better Businesses

IJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology

The Eight Components of a Strong Cyber Security Defense System

L2 - Internet of Things

IBM. OA VTAM 3270 Intrusion Detection Services - Overview, Considerations, and Assessment (Prerequisite) z/os Communications Server

Options for collision shops to perform scan services independently

Internet of Things Toolkit for Small and Medium Businesses

A modern diagnostic approach for automobile systems condition monitoring

CS 356 Operating System Security. Fall 2013

Mitsubishi Connected. Mitsubishi Connected User Manual

Vehicle Safety Solutions. Mobile Digital Recording

AWS Connected Vehicle Cloud

Introduction to VANET

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Basic Concepts in Intrusion Detection

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Accident Research Specialists, PLLC

IEEE PROJECTS ON EMBEDDED SYSTEMS

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

Protecting Smart Buildings

Assignment 4. Developing Operational Profiles. Due Date: November 21, Group Number: 6

Car Hacking for Ethical Hackers

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

ANWB Connect Using the Web Portal Contents

Automotive Gateway: A Key Component to Securing the Connected Car

Security

Copyright

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Transcription:

Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia November 10 th, 2016

Index Introduction The Threat of Dongles Cyber Attacks Cause an accident Damage company s image Cause a financial loss Intrusion Detection System Security improvement Vehicle Recovery System IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 2

Introduction: Connected vehicles 2016 saw the explosion of technologies and research for connected vehicles. IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 3

Introduction: Connected vehicles 2016 saw the explosion of technologies and research for connected vehicles. IDS for vehicle CAN bus cyber security Shaping the Future of Urban Mobility with the Connected Vehicle 14 Workshop Automotive SPIN 4

Introduction: The big risk IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 5

The threat of Dongles Also not connected vehicles are subject to the same risk On-Board Diagnostics (OBD) ports, used for diagnostic purposes, are present on every vehicle. Main CAN networks are exposed on OBD port, mapped following the SAE J1962 standard port. They are cheap devices associated also to apps via Wi- Fi or Bluetooth. OBD PORT MAIN VEHICLE NETWORKS They are used by consumers but also from insurance companies to monitor vehicle s state (e.g. speed, s faults) IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 6

The threat of Dongles Also not connected vehicles are subject to the same risks No special controls are applied on messages injected from OBD port OBD PORT Dongles can be easily controlled by a remote attacker. Dongles can be used to sniff all vehicle communication and to inject dangerous messages in vehicle network. MAIN VEHICLE NETWORKS IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 7

Cyber Attacks I Cause an accident The attacker can overwrite one or more critical messages such as: engine speed brake pedal position wheel speed acceleration pedal position Connected Authentic message Heavy message Received and cause an accident IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 8

Cyber Attacks II Damage company s image The attacker can overwrite one or more messages, such as: Fuel level Engine oil temperature Displayed wheel or engine speed Connected Authentic message Heavy message Received Instrument Cluster disturbing and annoying the driver and making him going to the service without solving the problem IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 9

Cyber Attacks III Cause a financial loss The attacker can inject messages in order to: o Tamper anti-theft strategies, such as: Immobilizer Door lock off causing the substitution of components or the theft of the vehicle o Activate optional features changing vehicle calibrations, without paying for them Connected Immo IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 10

Security solutions 1. OBD port firewall A firewall is a device to be mounted behind the OBD port aimed to: monitor the incoming CAN frames filter out the invalid packets 2. Intrusion Detection System (IDS) An IDS is a set of SW and/or HW components aimed to: monitor the traffic of a network raise an alert in case of malicious activities or policy violations record the identified intrusions Different roles in security n. 102016000109368 Firewall IDS Lock to the gates Video surveillance system IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 11

IDS: how does it work? Anomaly-based detection techniques training a preliminary learning phase is required in order to define the reference normal CAN traffic behavior execution while monitoring the CAN traffic, the current state is compared with the previously learned one Main tasks IDS monitoring Check of each CAN frame IDS logging Logging of identified intrusions IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 12

IDS: how is it implemented? A sequential check triggered by each new CAN frame New message Incorrect or Unknown message YES NO Invalid Diagnostic Session YES NO Invalid Rate YES ANOMALY! NO Invalid message Counter YES NO Out of Range values YES NO Correct Message IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 13

IDS: how is it implemented? A sequential check triggered by periodic event Periodic event Denial of Service YES NO Implausible Vehicle State YES ANOMALY! NO Correct Message Check of special patterns triggered by one or more CAN frames First frame Unexpected pattern NO YES ANOMALY! Correct Message IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 14

IDS: why is it useful? Log can be analyzed by OEM IDS monitoring IDS logging Tester Log files download at car service Cloud log files collection Telematic Box Periodical log files upload Black box: helps to manage liability issues Attackers diary: helps to be update on the attacks Tampering history: helps to identify calibration tampering Alarm to driver possibility to be advised in case of critical attacks IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 15

Cyber Attacks I Cause an accident Identified anomalies Invalid Rate Implausible Vehicle State Heavy message IDS Attack Overwrite vehicle dynamics messages Effect Affect driver safety Connected Authentic message IDS usefulness Log file as Black box, Attackers and Tampering diary IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 16

Cyber Attacks II Damage company s image Identified anomalies Invalid Rate Out of Range values Heavy message Attack Overwrite dashboard related messages Authentic message IDS Effect Warning lamps continuously turning on Connected IDS usefulness Log file as Black box, Attackers and Tampering diary Automatic warning lamp reset IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 17

Cyber Attacks III Cause a financial loss Identified anomalies Invalid special pattern IDS Attack Tamper anti-theft strategies Effect Vehicle's theft Connected IDS usefulness Log file as Black box, Attackers and Tampering diary Transmission of GPS position Inhibition of vehicle ignition on IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 18

IDS: let's go a step further! Coupling IDS with a recovery module Intrusion Detection System Vehicle Recovery System Video surveillance system Monitoring the CAN frames transmitted on the bus Surveillance agent Performing suitable actions, when an alert is raised by IDS Modules deployment Distributed IDS/VRS Each security critical node hosts the coupled modules n. 102016000111869 IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 19

VRS: how could it work? Recovery characterization Compromised vehicle functionality Threaten feature Driver safety Vehicle performance Privacy Financial Level of attack impact Examples of recovery actions: Reach the safety state Disable the compromised functionality Ignore the content of threaten CAN ID Inhibit diagnostic service IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 20

Conclusions Vehicles network vulnerability is increasing due to the enhancement of connectivity Cyber attacks are a risk also for low connected vehicles Intrusion Detection System allows monitoring of CAN traffic recording of identified anomalies Starting from IDS anomalies, Vehicle Recovery System is able to perform suitable strategies to reduce the cyber risk IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 21

Anastasia Cornelio anastasia.cornelio@magnetimarelli.com Elisa Bragaglia elisa.bragaglia@magnetimarelli.com Magneti Marelli Technology Innovation SSEC Via del Timavo 33-40134 Bologna, Italy www.magnetimarelli.com IDS for vehicle CAN bus cyber security 14 Workshop Automotive SPIN 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback