5G 환경에서 자동차 보안미래 자동차 사업의 신뢰 환경
2019. 11. 06.
SangGyoo SIM, Ph.D. ([email protected])
CTO @ Penta Security Systems Inc.
1
Experiences in Cybersecurity for Connected Cars
Security for C-ITS Testbed (Cooperative Intelligent Transport System)
Security for Electricity Vehicle Charging SystemSecurity for Rail Transport SystemK-City (Testbed for Autonomous Vehicles)Security for C-ARS (Cooperative Automated Driving Roadway System)
Jeju Province C-ITS ProjectDesign & Plan for C-ITS Infrastructure
V2P (Vehicle-to-Pedestrian)‘Plug&Charge’ for Electric Vehicle
Security between Vehicle and Diagnostic Device
Firewall for Smart Cars
V2X Security over WAVE telecommunicationSecurity for Patrol CarsSecurity between Vehicle and Nomadic (Mobile) Device
Telematics Security (Consulting)Vehicle Data Management System
G Seoul C-ITS ProjectMachine Learning based Data Analytics of CAN BUS DataThreat Assessment for Connected Cars
M
AutoCrypt® Launched
G
G
G
G
G
G
G
M
M
M
M
G
M
M
M
M
M
Government or Public Organization
Manufacturer or Supplier
G
M
Security for Next Generation In-Vehicle InfotainmentM
2007
2011
2012
2013
2014
2015
2016
2017
2018
2019
Security for TMS on CloudM
Auto-Link Premium ServiceM
Smarter security for smart cars
C-ITS Infrastructure for Express RailroadsG
TU-Automotive (June 2019)
3
Shift in Business Paradigm: Mobile Phone
4
User Interface
2G
Pre-loaded Service
User Interface
LTE
User-selected Service
Device Call/SMS Device Software 3rd PartyService
Feature Phone Smart Phone
Shift in Business Paradigm: Automobile
5
Automobile Driving
UserInterface
5G
User-selectedService
UserInterface
3G/LTE
PreloadedService
Legacy Car Smart Car
Device Software 3rd PartyService
Future Car
6
Autonomous DrivingConnectivityElectrification
Service PlatformOnline ServicesUser-selected SWPersonalized
Car carries Smart PhoneCar uses Smart Phone
Car is Smart Device
Connected Car Technologies and Services
7https://www.strategyand.pwc.com/reports/connected-car-2016-study (2016.09)
TRAVELHOTELFLIGHT
ROBO-TAXI SERVICESINSURANCE
LEASERIDE SHARINGCAR SHARINGCAR HAILING
RENTAL
COMMUNICATIONSOCIAL MEDIA
COLLABORATIONMEDIA CONTENTS
EDUCATIONHEALTHFINTECH
ADVERTISINGCOMMERCEPAYMENT
SMART MOBILITY OTHER SERVICES21ConsumerServices(Digital Cloud Based)
ConnectedCar Packages
Supply-sideTechnologies
FluidBoundaries
Enabling the use of consumer services
Auto OEMs
Auto suppliers
Internet & tech companies;Specialist services firms
Current world roles(and strengths)
Connected Car
Feature & Service
SafetyAutonomous
driving
Consumer Features
Commercial Features
Vehicle Management
Advanced driver assistance systemsHuman-machine Interface
InfotainmentConnectivity, computing, and cloud based enabling
services
Future Business
IncreasingCompetition
IncreasingCompetition
Momentum Technologies
8
SecurityPlatform
Autonomous
Connectivity
Electrification
Momentum Technologies : 1. Electrification
9
VehicleStation
Electricity Provider
V2G PKI System
OEM PKI System
ChargerCertificate
ContractCertificate
EnrollmentCertificate
Verification of Enrollment CertificateServerCertificate
ServerCertificate
ISO 15118
OCPP (Open Charge Point Protocol)
OSCP (Open Smart Charging Protocol)ISO 61850
Mobility Operator /Charge Point Operator
OEM Service
Momentum Technologies : 2. Connectivity
10
V2I (Vehicle-to-Infra)
V2V(Vehicle-to-Vehicle)
V2D(Vehicle-to-Nomadic Device)
GovernmentManufacturer
V2H(Home)
V2P(Vehicle-to-Pedestrian)
V2S (Vehicle-to-Service)V2C (Vehicle-to-Cloud)
V2G (Vehicle-to-Grid)
SecureCommunication
Mobility-as-a-Service
Momentum Technologies : 3. Autonomous Driving
11
ExternalNetwork
InternalGateway
ExternalGateway
ChassisControl
BodyControl
PowertrainControlADAS
Infotainment
ExternalNIC
ExternalFirewall/IDS
InternalFirewall/IDS
On-BoardSensor
CooperativeDriving
FleetManagement
Unsecure ECU
Momentum Technologies : 4. Platform
12
Security
Service Platform
Government/Authority
Manufacturer/Supplier
Service Provider/SW Provider
OpenMobilityCloud
OpenLocationPlatform
Momentum Technologies : 5. Security
13
Security Threat
Security Area
Online Service(Cloud)
Infrastructure
User (Mobile)
UN-ECE WP.29 “World Forum for Harmonization of Vehicle Regulations”SB-327 of CA, US “Information privacy : connected devices”
In-Vehicle Security
14
Security Threat
Security Area
Online Service(Cloud)
Infrastructure
User (Mobile)
In-Vehicle Security
15
Online Service (Cloud)
User (Mobile)
Infrastructure External Network Gateway
InternalNetwork ECU
ECU ECU
S4.SecurePlatform
S3. Secure InternalCommunication
S2. SecureGateway
S1. Secure External
Communication
• Crypto library• Secure boot & Remote Attestation• Secure Update• HW trust anchor(HTA)
• Authentication, Confidentiality & Integrity of Messages• Key Management
• Controls traffic flow• Detects malicious traffic• Privacy & Data Security
• Secure communication
On-Demand Solutions* Collaboration with third-party vendors
Security between Vehicles and Infrastructures
16
Security Threat
Security Area
Online Service(Cloud)
Infrastructure
User (Mobile)
Security Threats and Security Area @ C-ITS
17
Security Threat
Security Area
Online Service(Cloud)
Infrastructure(Device)
User (Mobile)
Infrastructure(Backend)
S1. Secure External Communication : V2I & V2V
18
Traffic Info. + Signature + Certificate
Retrieving the sender’s certificate
Generating the signature
HW
OS
IEEE1609.3IEEE1609.2
SCMS
HW
OS
IEEE1609.3IEEE1609.2
SCMSVerifying the signature
Validating the certificate
Sender Receiver
OBU OBU
IEEE802.11p / Cellular IEEE802.11p / Cellular
SCMS : Security Credential Management System
V2V
V2I
Security Threats and Security Area @ C-ITS
19
IT Security Firewall, IDS, System Hardening Firewall, IDS, System Hardening
Infrastructure(RSU : Road Side Unit)
Infrastructure(Backend)
Encrypted Communication over SSL (Certificate Management)
Authenticated Communication via Digital Signature (Service)
Authenticated Communicationvia Digital Signature (Service)
S1. Secure External Communication - Ecosystem and Security Infrastructure
20
Service Provider
S/W ProviderCloud + Big Data
Virtu
al C
onne
ctio
n
Security Infrastructure
• Key Management• Authentication Management• Privilege Management
S1. Secure External Communication – V2C & V2S
21
Device Info.
Enrollment
Certificate
Internet (closed)
Manufacturer TelCo
3GPP (4G/5G)Authentication via USIM
AuthenticationManagement
Service Connection
Authentication based on Certificate
AuthenticationManagement
Device Info.
Subscription Info.
Connection Ctrl.
Service Ctrl.
User
Adaptive Security Architecture
22
Incident Response & Hacking Mitigation
23
External Network Gateway
InternalNetwork
ECU
Device, Infrastructure, Vehicle,Cloud, Diagnostics,
Person(Owner, Driver, Pedestrian), etc.
Online Service as a Platform & Security
24
Security Threat
Security AreaOnline Service
(Cloud)
Infrastructure
User (Mobile)
Online Service as a Platform
25
SecurityService Platform
Security Threat
Security AreaOnline Service
(Cloud)
Infrastructure
User (Mobile)
App Store Big Data OEM Service
Service Provider S/W Provider
Online Service Platform
26
SecurityService Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
Online Service Platform + Security
27
Service Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
Security
Online Service Platform + Security
28
Service Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
Security
Authorization AuthenticationPolicy/Audit
Online Service Platform + Internal ICT Infra System
29
Service Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
ICT Infra SystemsSuppliers
Employees
Online Service Platform + Internal ICT Infra System
30
Service Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
ICT Infra SystemsSuppliers
Employees
Security
“Bi-Modal IT” from Gartner
31
“Bi-Modal IT” from Gartner
32
Connected Car Technologies and Services
33https://www.strategyand.pwc.com/reports/connected-car-2016-study (2016.09)
TRAVELHOTELFLIGHT
ROBO-TAXI SERVICESINSURANCE
LEASERIDE SHARINGCAR SHARINGCAR HAILING
RENTAL
COMMUNICATIONSOCIAL MEDIA
COLLABORATIONMEDIA CONTENTS
EDUCATIONHEALTHFINTECH
ADVERTISINGCOMMERCEPAYMENT
SMART MOBILITY OTHER SERVICES21ConsumerServices(Digital Cloud Based)
ConnectedCar Packages
Supply-sideTechnologies
FluidBoundaries
Enabling the use of consumer services
Auto OEMs
Auto suppliers
Internet & tech companies;Specialist services firms
Current world roles(and strengths)
Connected Car
Feature & Service
SafetyAutonomous
driving
Consumer Features
Commercial Features
Vehicle Management
Advanced driver assistance systemsHuman-machine Interface
InfotainmentConnectivity, computing, and cloud based enabling
services
Future Business
IncreasingCompetition
IncreasingCompetition
Mode 2
Mode 1
Online Service Platform + Internal ICT Infra System + ”Bi-modal” Security Policy
34
Service Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
ICT Infra SystemsSuppliers
Employees
Security
Mode 2
Mode 1
Data-Driven Business
35
Service Platform
Online Service(Cloud)
App Store Big Data OEM ServiceService Provider
S/W ProviderUsers (Mobile)
Partners
IoT Devices
S2. Secure Gateway – Data Security & Privacy Preserving
36
ExternalNetwork
InternalGateway
ExternalGateway
ChassisControl
BodyControl
PowertrainControlADAS
Head Unit(AVN/IVI)
ExternalNIC
DataRecording
ExternalFirewall
InternalFirewall
Cloud(OEM, Government, 3rd Party)
• Secure Store• Pseudonymization• Audit
”Data Economy”
37
* Source: The Economist (2017.05.06)
“The World’s Most Valuable Resource is No Longer Oil, but Data”
Discovering Value of Data
38
Protected
Unprotected
Connected& Shared
Value-AddedDATA
Isolated
ProtectedDATA
ArchivedDATA
Data Security
Data Sharing
Data : The World’s MostValuable Resource
Missed Potential Value of Data
39
Generation
Seed
DataCollection
Growing
DataArchiving
Processing
DataAnalytics
Brewing
DataService
Serving
Data-enabled
Coffee Production Flow
Data-enabled Service Flow
MissedOpportunities
MaximizedValues
Telematics
40
Tier 1Tier 2 OEMTier x
InsuranceTMS
Data Economy - Ecosystem
41
Tier 1Tier 2 OEMTier x
OEM MaaS
Car Sharing
Car Hailing
Public Trans.
Rent/Lease
EV Charging
Logistics
Insurance
C-ITS
Parking
IoT Service
Data Sharing Platform
Connected Car Services : Advertisement, Payment, Contents Streaming, Game, Fintech, SNS, …
TMS
SVC Provider
Data Economy - Authentication
42
Tier 1Tier 2 OEMTier x
OEM MaaS
Car Sharing
Car Hailing
Public Trans.
Rent/Lease
EV Charging
Logistics
Insurance
C-ITS
Parking
IoT Service
Data Sharing Platform
TMS
Security
SVC Provider
Data Sharing Platform : Stakeholders & End Entities
43
Data Sharing Platform
Tier 1
Tier 2
HKMC OEM
MaaS
Car Sharing
Car Hailing
Public Trans.
Rent/Lease
EV Charging
Logistics
Insurance
C-ITS
Parking
IoT Service
SVC Provider
Copyright Penta Security Systems Inc. All rights reserved.
KOREA
GLOBAL
JAPAN
www.pentasecurity.co.kr
www.pentasecurity.com
www.pentasecurity.co.jp
No.1 WAF Vendor in the APAC Region
The First and Only CCEAL4 Certified
WAF
ICSA LabsCertified WAF
PCI-DSSCompliance
Recognized on theGartner WAF
Magic Quadrant
Asian CyberSecurity Vendor
of the Year
SC Magazine EuropeBest SME Solution
Hot Company inWeb ApplicationSecurity for 2016
Cybersecurity Excellence Awards
Winner 2018
TU-Automotive AwardsBest Auto Cybersecurity
Product/Service 2019