Upload File

feasible car cyber defense - escar 2010

16
Feasible Car Cyber Defense Arilou Information Security Technologies LTD.

Upload: iddan-halevy

Post on 20-Aug-2015

745 views

Category:

Technology


2 download

Report

Tags:

TRANSCRIPT

Page 1: Feasible car cyber defense - ESCAR 2010

Feasible Car Cyber Defense

Arilou Information Security Technologies LTD.

Page 2: Feasible car cyber defense - ESCAR 2010

Arilou Technologies

Page 3: Feasible car cyber defense - ESCAR 2010

The modern car

• Sophisticated and computerized• Decentralized electronic system

Usually consists of dozens of computers (ECUs – electronic control units) and sensors

New functionalities – hundreds MBs of code Connected by one or more network segments

• Autonomous cars

Page 4: Feasible car cyber defense - ESCAR 2010

The modern car

Page 5: Feasible car cyber defense - ESCAR 2010

The rising threat

• ECUs controlled mechanisms Brakes Stability control Airbags …

• CAN bus connected• Rising wave of cyber attacks

Page 6: Feasible car cyber defense - ESCAR 2010

Hacking a system

• Demonstrated by US researchers - hack using RDS, Bluetooth and more

• Hack a widespread infotainment system using hostile files With no prior knowledge No budget Goal: estimate the possibility of such scenario

Page 7: Feasible car cyber defense - ESCAR 2010

Infotainment Hack

internet

Page 8: Feasible car cyber defense - ESCAR 2010

Hacking process

• Understand inner working and get binaries• Reversing the binaries – focus on input parsing• Finding exploitable vulnerabilities

• Implementing the exploit

Page 9: Feasible car cyber defense - ESCAR 2010

The result

Page 10: Feasible car cyber defense - ESCAR 2010

Conclusion

Cars were designed for safety and functionality – not for Security

Page 11: Feasible car cyber defense - ESCAR 2010

The challenge

• Huge number of suppliers• Lots of external interfaces• Every cent counts• Time critical communication• Legacy systems• Zero tolerance for mistakes

Page 12: Feasible car cyber defense - ESCAR 2010

Possible solutions

Page 13: Feasible car cyber defense - ESCAR 2010

Cryptography

• Confidentiality• Integrity• Authenticity

• Can solve some of the issues The automotive world is far from ideal for this

Page 14: Feasible car cyber defense - ESCAR 2010

Cryptography Difficulties• Key exchange and management• Symmetric keys:

Identical to all units – vulnerable Not identical – complicated to manage

• Asymmetric keys: Time and computing complexity – cost PK infrastructure needed

• Maintenance nightmare – for a mission critical solution• Export restrictions• The industry is too decentralized• Does not solve vulnerabilities

Exploit can use the crypto mechanisms to encrypt The more sophisticated the system the larger the attack surface

Page 15: Feasible car cyber defense - ESCAR 2010

CAN bus firewall• A rule based CAN bus Firewall

Whitelist Rate limit Authentication

• Independent device Single non-expensive chip aftermarket or integrated SOC Military grade Thoroughly tested

• Architecture As general rule does not require redesign of ECU’s

software or vehicle’s network

Page 16: Feasible car cyber defense - ESCAR 2010

Questions?


Is Mars One Feasible?

Chapter 4 Feasible alternatives

Interoperability - is it feasible -

12 Feasible

Cyber Security, Cyber Intelligence & Cyber Investigation

Is experimentation feasible at MOOCs?

Three New Methods to Find Initial Basic Feasible Solution ... · as an initial basic feasible (IBFS) solution. Therefore initial feasible solution is basic solution which affects

Feasible but Unbankable

Globalization and Redistribution: Feasible egalitarianism

Math Models of OR: Extreme Points and Basic Feasible Solutionseaton.math.rpi.edu/faculty/Mitchell/courses/matp... · from basic feasible solution to adjacent basic feasible solution

RD Feasible Distillation Regions

Basic Feasible Solutions - Eaton.math.rpi.edu

Linear Programming Feasible Region

Report from ESCAR EU Nov 2018 - Autosec · 2019. 3. 27. · Report from ESCAR EU – Nov 2018 Tomas Olovsson [email protected] Computer Science and Engineering

Robotic Exoskeletons: becoming economically feasible

Technically feasible and Socially acceptable?

Towards operationally feasible railway timetables

Feasible biotechnological and bioremediation strategies

Exploring economically feasible and environmentally

Cyber-Conflict, Cyber-Crime, and Cyber-Espionage

Optimization III: Constrained Optimization · Constrained Problems Motivation Optimality Algorithms Convex Optimization Basic De nitions Feasible point and feasible set A feasible

Escar the Excellent Elephant

Transvaginal Extraction: Feasible

A Politically Feasible Architecture for Global Climate Web viewA Politically Feasible Architecture for Global ... of GHG regulation for “competitive advantage” at the ... Feasible

Feasible Domain Notes

GIKAS ESCAR-2010final.ppt [Kompatibilitätsmodus]

Optimization III: Constrained Optimizationgraphics.stanford.edu/courses/cs205a/assets/lecture_slides/... · Basic De nitions Feasible point and feasible set A feasible point is any

ppt -Cyber Crime, Cyber Security and Cyber Laws

Artificial Intelligence · MotivationGeometric resolutionSimplex algorithmDual formFundamental Knowledge Feasible region Feasible region A FEASIBLE REGION, FEASIBLE SET, SEARCH SPACE,

Feasible Study of MRO

Jamaica pablo viñuales y daniel escar

Cuartillas ~'~ de escar Esplá

Cyber, cyber Vous avez dit cyber - penseemiliterre.fr

PORTUGUESA Recomendações de Bolso da ESC de 2017www .escar dio. org/guideline s www .escar dio .org/gu ideline s EUROPEAN SOCIETY OF CARDIOLOGY LES TEMPLIERS - 2035 ROUTE DES COLLES

LISTADO PROVISIONAL DE ADMITIDOS en word - … · nicolÁs dÍaz pÉrez samuel escar jimÉnez lydia escar jimÉnez claudia escartÍn garcÍa ... 8 juan Ángel royo sanz 9 luna pÉrez