automotive cybersecurity validation strategy
TRANSCRIPT
© ZF Friedrichshafen AG
Automotive Cybersecurity Validation Strategy
2020-12-10 | Nico Vinzenz | ZF Friedrichshafen AG
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 2
Why do we need an Automotive Validation Strategy?
© ZF Friedrichshafen AG
Obligatory “Jeep in the ditch”-Picture
• Jeep Cherokee Hack
➢2015 by Miller and Valasek
3
© ZF Friedrichshafen AG
But the List goes on..
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 4
Tesla (2015): Remote vehicle unlock and start
Nissan (2016): Remote instrument panel control
Hyundai (2017): Remote vehicle unlock and start
Mercedes-Benz (2019): Remote vehicle unlock and start
© ZF Friedrichshafen AG
Emerging Challenge – V2X Connectivity
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 5
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 6© ZF Friedrichshafen AG
Emerging Challenge – AD Functionality
© ZF Friedrichshafen AG
Emerging Challenge – E/E Architecture
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 7
© ZF Friedrichshafen AG
Further Cybersecurity Challenges
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 8
Lifetime of
15+ YearsHardware
RestrictionsCompetitive
Profit Margins
Insecure Programming
Languages
© ZF Friedrichshafen AG
Agenda
01 Automotive Development Process
02 Security Validation Strategies
03 Practical Application
04 Reducing Risks in the Future
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 9
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 10
01Automotive Development Process
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 11
SYS.2
System
Requirements
Analysis
SYS.5
System
Qualification Test
SYS.3
System
Architectural
Design
SYS.4
System
Integration and
Integration Test
SWE.1
Software
Requirements
Analysis
SWE.2
Software
Architectural
Design
SWE.3
Software Detailed
Design and Unit
Construction
SWE.4
Software Unit
Verification
SWE.5
Software
Integration and
Integration Test
SWE.6
Software
Qualification Test
Standard V-Model
© ZF Friedrichshafen AG
Cybersecurity V-Model
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 12
TARA• Threat Analysis and Risk Assessment (TARA)
➢Input: System Assets
➢Output: Security Goals
• Security Validation Strategies
➢Validate Security Goals
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 13
02Security Validation Strategies
© ZF Friedrichshafen AG
TARA
Overview
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 14
© ZF Friedrichshafen AG
TARA
Overview
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 15
Fuzz Testing
Penetration
Testing
Vulnerability
Scanning
Functional
Testing
Testing against the “known”
Testing against the “unknown”
© ZF Friedrichshafen AG
• Requirement-based Approach
➢Translate functional requirements into test cases
➢Easy to find intended but not implemented behavior
➢Hard to find implemented but notintended behavior
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 16
TARA
Fuzz Testing
Penetration
Testing
Vulnerability
Scanning
Functional
Testing
Functional Testing
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 17
Functional Testing
Intended Behaviour(Requirements)
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 18
Functional Testing
Implemented Behaviour(Program Code)
Intended Behaviour(Requirements)
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 19
Functional Testing
Easy:Positive Test Cases
Intended Behaviour(Requirements)
Implemented Behaviour(Program Code)
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 20
Functional Testing
Easy:Positive Test Cases
Hard:Negative Test Cases
Intended Behaviour(Requirements)
Implemented Behaviour(Program Code)
© ZF Friedrichshafen AG
• Knowledge-DB Approach
➢Static/dynamic code analysis finds weaknesses
➢CVE-matching on Bill of Materials (BoM) finds vulnerabilities
➢Port scanner finds configuration mistakes
➢Oblivious to zero-day and product-unique exploits
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 21
TARA
Fuzz Testing
Penetration
Testing
Vulnerability
Scanning
Functional
Testing
Vulnerability Scanning
© ZF Friedrichshafen AG
• Testing into the Void
➢Interface supplied with semi-valid data
➢System monitored for suspicious behavior
➢Can find unknown vulnerabilities
➢Challenging to configure correctly and generate “evidence”
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 22
TARA
Fuzz Testing
Penetration
Testing
Vulnerability
Scanning
Functional
Testing
Fuzz Testing
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 23
Fuzz Testing
Fuzz TestingTool
Software/System
Interfaces
Malformed Input
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 24
Fuzz Testing
Fuzz TestingTool
Software/System
Interfaces
Malformed Input External Instrumentation
In-bandInstrumentation
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 25
Fuzz Testing
Fuzz TestingTool
Software/System
Monitor
Interfaces
Feed-back Channel
Malformed Input External Instrumentation
In-band Instrumentation
© ZF Friedrichshafen AG
• Authorized Cyberattack
➢Security expert tries all available techniques within scope
➢Can find unknown vulnerabilities
➢High demand on effort and expertise makes it expensive
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 26
TARA
Fuzz Testing
Penetration
Testing
Vulnerability
Scanning
Functional
Testing
Penetration Testing
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 27
Penetration Testing Large Budget
•Multiple experts
•High-tech lab for SCA
•Months of work
Small Budget
•“Script kiddies”
•Generic vulnerability scanner/fuzzer
•Days of work
© ZF Friedrichshafen AG
• Iterative Process
1. Findings flow back into the TARA
2. Adaption of security goals and requirements
3. Adaption of security validation strategies
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 28
Iterative Process
TARA
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 29
03Practical Application
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 30
Functional Testing
Hardware in the Loop (HiL)
• Execute test cases on …
➢SiL (Software in the Loop)
➢HiL (Hardware in the Loop)
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 31
Vulnerability Scanning
Developer PC
Static/DynamicCode Analysis
BoM CVE-Matching
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 32
Vulnerability Scanning
Incident Response Process
•Interface to supplier and “Responsible Disclosure” researcher
•PSIRT (Product Security Incident Response Team) ensures appropriate reaction
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 33
Fuzz Testing
Software Unit Fuzzing
•X.509 certificates
•Custom written parser
•Data input
•Config files
System Interface Fuzzing
•CAN (FD)
•UDS
•Ethernet Stack
•IP, TCP, TLS/DTLS
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 34
Penetration Testing
Project
ProjectStart
Start ofProduction
Security FeaturesFunctional
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 35
Penetration Testing
Project
ProjectStart
Start ofProduction
Security FeaturesFunctional
© ZF Friedrichshafen AG2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 36
04Reducing Risks in the Future
© ZF Friedrichshafen AG
• Upcoming regulation
➢UNECE WP.29 and ISO/SAE 21434
• CEP (Cybersecurity Engineering Process)
• Holistic Cybersecurity Concept
• LTS (Long Time Support)
2020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy 37
Reducing Risks in the Future
© ZF Friedrichshafen AG© ZF Friedrichshafen AG© ZF Friedrichshafen AG
Thank you!Questions?
ZF Friedrichshafen AG behält sich sämtliche Rechte an den gezeigten
technischen Informationen einschließlich der Rechte zur Hinterlegung von
Schutzrechtsanmeldungen und an daraus entstehenden Schutzrechten im
In- und Ausland vor.
ZF Friedrichshafen AG reserves all rights regarding the shown technical
information including the right to file industrial property right applications and
the industrial property rights resulting from these in Germany and abroad.
382020-12-10 | Nico Vinzenz | Automotive Cybersecurity Validation Strategy