Functional Safety and Cyber Security Experiences and Trends

Similar documents
Functional Safety and Cyber-Security Experiences and Trends

Ensuring Consistency of Critical Systems in Agile Development

Cyber security mechanisms for connected vehicles

Risk Based Security. Automotive Safety & Security, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Consulting Services V1.

Securing the future of mobility

MASP Chapter on Safety and Security

Security analysis and assessment of threats in European signalling systems?

Automotive Security An Overview of Standardization in AUTOSAR

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

Secure Product Design Lifecycle for Connected Vehicles

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

13W-AutoSPIN Automotive Cybersecurity

10 th AUTOSAR Open Conference

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Hardening Attack Vectors to cars by Fuzzing

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Countermeasures against Cyber-attacks

SECURITY & PRIVACY DOCUMENTATION

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

AUTOSAR proofs to be THE automotive software platform for intelligent mobility

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Internet of Things Toolkit for Small and Medium Businesses

Security: The Key to Affordable Unmanned Aircraft Systems

Automotive Security Standardization activities and attacking trend

CCISO Blueprint v1. EC-Council

Cyber Criminal Methods & Prevention Techniques. By

Automotive Security: Challenges and Solutions

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

New ARMv8-R technology for real-time control in safetyrelated

Connected Car Solutions Based on IoT

Governance Ideas Exchange

CYBER SECURITY AND MITIGATING RISKS

Innovation policy for Industry 4.0

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Welcome Note. Dr. Thomas Scharnhorst, AUTOSAR Spokesperson 10 th AUTOSAR Open Conference 8 th Nov 2017, Mountain View, California

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Ingram Micro Cyber Security Portfolio

PREEvision Technical Article

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

How Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Agenda. > AUTOSAR Overview. AUTOSAR Solution. AUTOSAR on the way

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Is This What the Future Will Look Like?

Development of Intrusion Detection System for vehicle CAN bus cyber security

Designing a software framework for automated driving. Dr.-Ing. Sebastian Ohl, 2017 October 12 th

Verizon Software Defined Perimeter (SDP).

Security and networks

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Automotive Gateway: A Key Component to Securing the Connected Car

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Autonomous Driving From Fail-Safe to Fail-Operational Systems

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security

Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing

Trusted Platform Modules Automotive applications and differentiation from HSM

Autonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Automotive Functional Safety

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

Authentication with Privacy for Connected Cars - A research perspective -

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

Compute solutions for mass deployment of autonomy

Functional Safety Architectural Challenges for Autonomous Drive

The Honest Advantage

WELCOME ISO/IEC 27001:2017 Information Briefing

Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, Secure and reliable Redundant communication network and cyber security

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

WE IMPROVE THE WORLD THROUGH ENGINEERING!

Turbocharging Connectivity Beyond Cellular

IoT & SCADA Cyber Security Services

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Security Solutions. Overview. Business Needs

SW-Update. Thomas Fleischmann June 5 th 2015

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Examining future priorities for cyber security management

New Zealand Government IBM Infrastructure as a Service

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

External Supplier Control Obligations. Cyber Security

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SECURING DEVICES IN THE INTERNET OF THINGS

Penetration testing.

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

Data Centers & Technology:

Caribbean Cyber Security: Not Only Government s Responsibility

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team

Transcription:

Functional Safety and Cyber Security Experiences and Trends Vector China Congress, Shanghai, 7. Sep. 2017 Dr. Christof Ebert, Vector Consulting Services V1.0 2017-09-07

Welcome Vector Consulting Services Experts for product development, product strategy and IT in critical systems Interim support, such as virtual security and safety officers and interim management Global presence Trainings on Agile, Requirements, Security, Safety, CMMI/SPICE etc. Part of Vector Group with over 1800 employees www.vector.com/consulting Automotive Aerospace IT & Finance Digital Transformation Medical Railway

Agenda 1. Welcome 2. Safety and Security are Key Risks 3. Risk-Oriented Development 4. Conclusions and Outlook 2/29

Safety and Security are Key Risks Vector Client Survey: Security and Safety are Major Challenges 70% 60% 50% 40% 30% 20% 10% Mid-term challenges Complexity Management Security and Safety Connectivity Distributed Development Governance and Compliance Innovative Products Digital Transformation Efficiency and Cost 0% Others Short-term challenges 0% 10% 20% 30% 40% 50% 60% 70% Vector Client Survey 2017. Details: www.vector.com/trends. Horizontal axis shows short-term challenges; vertical axis shows mid-term challenges. Sum > 100% due to 3 answers per question. Strong validity with >4% response rate of 1500 recipients from different industries worldwide. 3/29

Safety and Security are Key Risks Challenge: Security and Safety Increasing complexity of functions Interactive services and connectivity Rising liability risks with cyber security and safety Quantity: Boost in number of systems Maturity: Inefficient processes and tools Quality: Lack of experts Fuel injection Anti-lock brakes Gearbox control Traction control CAN Anti lock brakes Fuel injection Hybrid powertrain Electronic stability control Active body control Emergency call Electric power steering FLEXRAY Engine /gearbox control Traction control Electric powertrain Adaptive cruise control Lane assistant Stop-/start automatic Emergency break assist Head-up display Electronic brake control Tele diagnostics Online Software Updates AUTOSAR Hybrid powertrain Electronic stability control Active body control... 1975 1985 1995 2005 2015 Mobility services Autonomous driving Brake-by-wire Steer-by-wire Connectivity, Vehicle2X Cloud computing 5G mobile communication Fuel-cell technology Laser-sourced lighting 3D displays Gesture HMI Ethernet/IP backbone Electric powertrain Adaptive cruise control Lane assistant Stop-/start automatic Emergency break assist Head-up display Electronic brake control Remote diagnostics AUTOSAR... Time 4/29

Safety and Security are Key Risks Automotive E/E Trends Mobility: From driving to multi-modal mobility services and sharing culture Business Models: From incumbent tiered supply-chain to flexible new players from IT industry E/E architecture: From distributed electronic controllers to standardized three-tier architecture IT architecture: From proprietary building blocks to open IT systems with off-the-shelf components and adaptive SOA. Development lifecycle: From the classic V model with rather heavy release cycles to agile DevOps-like approach. Governance: From encapsulated safety-critical functions to interwoven quality assurance for liability, safety, cyber security, privacy. Culture: From R&D vs. IT separation to convergence. Competences: From automotive embedded electronics to IT as a core competence of all engineers. Details: IEEE Software May 2017 (Vector Guest Edited) www.vector.com/consulting-mediacenter 5/29

Safety and Security are Key Risks Automotive Trends Impact Safety and Security 1. Powertrain Energy efficiency Unintended speed change 2. Driver Assistance Autonomous driving Signal confusion 3. Connectivity Always connected Sudden Driver distraction 6/29

Safety and Security are Key Risks Vector Was First to Address Automotive Cyber Security First presentation on automotive security in 2007 came from Vector: Automotive Security: A Threat with an End? 7/29

Safety and Security are Key Risks History Repeats Itself Unless We Learn From It 1980s: IT Systems were Complex Distributed Software Intensive Perceived as secure Then came the Morris worm 2016: Automotive Systems are Then Complex Distributed Software Intensive Perceived as secure A 100% perfect solution is not possible. Advanced risk assessment and mitigation is the order of the day. 8/29

Safety and Security are Key Risks Connectivity + Complexity = Cyber Attacks OEM Suppliers ITS Operator Eavesdropping, Data leakage Command injection, data corruption, back doors OBD Man in the DSRC middle attacks 4G LTE Physical attacks, Sensor confusion Trojans, Ransomware Password attacks Rogue clients, Public malware Clouds Application vulnerabilities Service Provider 9/29

Safety and Security are Key Risks Combined Safety and Security Need Holistic Systems Engineering Functional Safety Cyber Security Privacy Goal: Protect health Risk: Accident Governance: ISO 26262 etc. Methods: HARA, FTA, FMEA, Fail operational, Redundancy, Goal: Protect assets Risk: Attack, exploits Governance: ISO 27001 etc. Methods: TARA, Cryptography, ID/IP, Key management, Goal: Protect personal data Risk: Data breach Governance: Privacy laws Methods: TARA, Cryptography, Explicit consent, Liability Risk management Holistic systems engineering 10/29

Agenda 1. Welcome 2. Safety and Security are Key Risks 3. Risk-Oriented Development 4. Conclusions and Outlook 11/29

Risk-Oriented Development Standards Demand Risk-Oriented Approach Functional Safety (IEC 61508, ISO 26262) Assets, Threats and Risk Assessment Op. Scenarios, Hazard, Risk Assessment Safety Management after SOP Security Management in POS Hazard and risk analysis Functions and risk mitigation Safety engineering ISO 26262 ed.2 will not comprehensively address security, but will refer to and include shared methods, such as TARA Security Goals and Requirements Technical Security Concept Security Implementation Safety Goals and Requirements Functional and Technical Safety- Concept Safety Implementation Safety Case, Certification, Approval Safety Validation Safety Verification Security Case, Audit, Compliance Security Validation Security Verification + Security architecture (ISO 27001, ISO 15408, ISO 21434, SAE J3061) methods Threat data formats and risk & analysis functionality Abuse, misuse, confuse cases Security engineering Security and Safety are interacting and demand holistic systems engineering For fast start connect security with safety 12/29

Risk-Oriented Development Functional Safety and Cyber Security Risk based approach Risk = Severity of harmful event Probability of occurrence inacceptable risk Probability acceptable risk Severity Risk-oriented engineering means to intelligently mitigate the residual risk. It does not mean to copy paste standards and thus further increase complexity 13/29

Risk-Oriented Development State of the Art: Functional Safety Functional safety with ISO 26262 is digested Vector Consulting support on all levels for OEM and Tier1 1. Driving Situations OEM 2. Hazards OEM 3. Risks and Safety Integrity Level OEM 4. Safety Goals Safety Requirements OEM 5. Technical Safety Concept OEM/Tier1 6. Safety requirements on ECU level OEM/Tier1 7. Software Safety Requirements Tier1/Vector ISO 26262 ed.2 will demand more consistency and enhancements on safety related methodologies 14/29

Risk-Oriented Development State of the Art: Cyber Security Security demands growing fast Connectivity and open channels allow security attacks Exploits will persist beyond zero-day because so far no OTA governance Safety-critical systems connected to potentially unsecure bus systems Build security engineering on top of existing safety Extend hazard analysis with threat analysis and automotive attack models Reuse existing safety artefacts to ensure robust safety case Define tailored security protection for safety-critical systems Encrypt entire bus communication, e.g. AUTOSAR Protect ECUs with secure boot and HW-defined security Completely separate infotainment and HU There is no safety without security 15/29

Risk-Oriented Development Concept of Combined Threat/Hazard Analysis and Risk Assessment Assets Threat-Model & Risks Measures Concept for Solution Verification General automotive asset categories Example: Identified threats Safety Safety - Vehicle functions 1 Injuries because of malfunctioning Passive Entry Financial Privacy / Legislati on -Private data -ECU SW Operational Performance Finance -Brand Image 2 Loss of annual sales due to damage to brand image Operational Performance Doors locked Privacy/Legislation 3 Theft of private data -Driving performance Security considers a larger scope of threats compared with Safety. 16/29

Risk-Oriented Development Case Study Powertrain: Threats and Hazards Throttle pedal, Engine control Safety Item Adjust Speed Lock/Unlock Change Gears Transmission Velocity ASIL C ASIL C Throttle Function Hazard S/E/C ASIL Adjust speed Speed is unintentionally increased during normal operation in cruise control while driving in a city S3/E3/C1 C Change Gears During driving on high speed (Highway) the gear is changing to a higher gear thus reducing acceleration when it is needed during overtaking S3/E4/C3 C Unlike Safety where we work with probabilities, Security threats always have a probability of 1 for exploits and attacks. 17/29

Risk-Oriented Development Case Study Powertrain: From TARA to Technical Safety/Security Concept 2 Elements of functional architecture 1 Security goal and derived functional security req. Security Goal Functional Security Requirement Entities of Functional Security Architecture ID Level Security Goal ID Requirement Inputs Function Blocks SG05 High It shall be prevented that unauthentic software is installed on vehicle ECUs. The authenticity and integrity of the user_command signal during reading FSR 1 and transmission shall be assured. The authenticity and integrity of the authenticity signal during reading and FSR 2 transmission shall be assured. The authenticity and integrity of the sw_update during reading and FSR 3 transmission shall be assured. FSR 4 FSR 5 FSR 6 FSR 7 It shall be assured that the signal allow_update generated from the input signals is calculated correctly. The authenticity and integrity of the allow_update signal during transmission shall be assured. It shall be assured that the signal change_sw generated from the input signals is calculated correctly. If an error with regards to authenticity and integrity during reading, transmission or calculation of signals or the actuator status occurs, the system will not install the sw update. Update sw command Authenticity and Integrity of sw update (Signature) sw update Prevent unauthorized update Install sw in ECU sw storage (e.g. flash memory).... x x x x x x x x x x x x x x x x x x x x x 3 Allocation of req. to architecture elements Transform technical security concept to security requirements. Handle security requirements exactly like functional requirements. 18/29

Risk-Oriented Development Security by Design: Separate Concerns Diagnostic Interface Instrument Cluster Head Unit DSRC 4G LTE Powertrain DC Chassis DC Central Gateway Connectivity Gateway CU Laptop Body DC Tablet Smartphone ADAS DC Smart Charging Firewall Key Infrastructure Crypto Primitives Monitoring / Logging Hypervisor ID / IP Secure On Board Comm. Secure Off Board Comm. Download Manager Secure Flash/Boot Secure Synchronized Time Manager Incrementally harden your E/E and IT functions, architectures and components. Commit to a roadmap with budget and competences. 19/29

Risk-Oriented Development Implementation, Verification and Validation Design Use programming rules such as MISRA-C Avoid injectable code Enforce high cryptographic strength Assign least privileges to any function Static and dynamic code analysis Test Encryption cracker, vulnerability scanner Network traffic analyzer, stress tester, interface scanner Layered fuzzing testing Life Hacking Penetration testing Governance and social engineering attacks Test for the unknown. Run automatic regression tests with each delivery. 20/29

Risk-Oriented Development Game Changer: OTA Facilitates Security Across the Life-cycle Over the Air (OTA) Updates: Problem and solution at the same time. 21/29

Risk-Oriented Development Conclusion: Apply Different Techniques Across Your Life-Cycle Security Techniques Cost Benefit Quick Wins Vector SafetyCheck and Vector SecurityCheck for initial risk assessment Low Medium and implementation guidance Role of Virtual Security Manager Medium High Safety and Security Training and compliance audits Low High Technology Secure boot, communication, storage High High Secure run-time (e.g. CFI, DFI, MACs) High High IDS/IPS, Firewall with adjusted policies Medium-High Medium Process and Governance Development for safety and security Medium-High High Test strategy, e.g. Fuzz Testing, Penetration Testing etc. High Medium Secure Key Management High Medium Security task force and response team (internal or virtual) Medium High 22/29

Agenda 1. Welcome 2. Safety and Security are Key Risks 3. Risk-Oriented Development 4. Conclusions and Outlook 23/29

Conclusions and Outlook Risk-Oriented Development Must Cover the Entire Life-Cycle Secure by design Secure provisioning Development Services Internal threats Secure supply chain Secure monitoring External threats Production Operations Systematic safety and security engineering Scaleable monitoring Multiple mode of operation (normal, attack, emergency, fail operatoinal, fail safe, etc.) 24/29

Conclusions and Outlook Integrated Safety and Security Engineering Assets and Attack Potentials Threat and Risk Assessment Security Goals Features and Operation Scenarios Hazard and Risk Assessment Safety Goals Safety Case Validate Safety Assumptions Security Case Validate Security Assumptions Security Architecture Functional Safety-Concept Test Safety Mechanisms Test Security Mechanisms & Penetration Tests Technical Security Concept Technical Safety-Concept Verify Safety Mechanisms Verify Security Mechanisms Implement. of Security Mechanisms Implement. of Safety Mechanisms Safety Analysis Security Analysis Safety Activity Secure Implementation of Nominal Functions Security Activity Similar to Safety, Security needs to be an integrated part of the development process. Build security upon existing safety governance. 25/29

Conclusions and Outlook Safety and Security Matter Safety and Security demands a thorough culture change Build necessary competences for safety and security Do not simply copy-paste elements from current standards Enforce strong governance end-to-end Security Safety Risk-oriented development is the order of the day Apply systems engineering for safety and cyber security Systematically use professional tools, such as PREEvision and CANoe Close known vulnerabilities as soon as possible, preferably with OTA Audit your suppliers and achieve a holistic perspective on risks and solutions Use the hacker s view for security risks, and not that of developer or safety expert To know your enemy, you have to become your enemy. (Sun Tzu, The Art of War) In other words: Think like a Criminal and preemptively act as an Engineer. 26/29

Conclusions and Outlook Vector Offers a Comprehensive Portfolio for Cyber Security and Functional Safety Vector Cyber Security and Safety Solutions Security and Safety Consulting AUTOSAR Basic Software HW based Security Tools (PLM with PREEvision, Architecture, Test, Diagnosis etc.) Engineering Services for Safety and Security 27/29

Conclusions and Outlook More Information Annual Vector Security Symposium 12. October 2017 in Stuttgart With all major OEMs and Tier-1 suppliers www.vector.com/security Trainings and Media Free Cyber-Security Webinar (1 hour, continuously updated) www.vector.com/webinar-security Free Functional Safety Webinar (1 hour, continuously updated) www.vector.com/webinar-safety In-house trainings tailored to your needs are worldwide available Vector White Papers www.vector.com/media-consulting 28/29

Thank you for your attention. For more information please contact us. Passion. Partner. Value. Vector Consulting Services www.vector.com/consulting consulting-info@vector.com Phone: +49 711 80670-0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback