security in the automotive electronics area - …€¦ · visibility | detection | control security...
TRANSCRIPT
visibility | detection | control
Security in the Automotive Electronics Area
Alexios LekidisETSI Security Week, 13/6/2018
Proprietary and Confidential – www.secmatters.com 4
Chrysler’s Jeep Cherokee
Are connected cars secure?
Proprietary and Confidential – www.secmatters.com 5
Historical evolution of vehicle attacks
• Standard cars: Attack performed if the attacker gains physical access to the vehicle
• Connected cars: Vehicle attack performed remotely
Standard cars Connected cars
Proprietary and Confidential – www.secmatters.com 6
Vulnerabilities of vehicle internal networks
• Direct bridging of buses without filtering/firewall
• No addressing scheme
• Broadcast acknowledgement mechanism
• No encryption / authentication
• Absence of protocol misuse protection
Proprietary and Confidential – www.secmatters.com 7
• Application-level security• What it does: Encryption for
applications located within a single component
• Pros: Enhanced data protection• Cons: > 3 times of computational time
• Hardware security• What it does: Secure boot process
to prevent software manipulations• Pros: Protection from unauthorized
access • Cons: Component computational time
• Network security • What it does: Anomaly detection based
on monitoring the operational network • Pros: Lightweight and not disruptive to
the system• Cons: Efficient with unfiltered network
activity in the system
Security measures to the vehicle architecture
Proprietary and Confidential – www.secmatters.com 8
Intrusion detection system for cars
Processed data: • Passive collection of network traffic
Key advantages:• Alerts: security threats &
operational errors • Protection inside and outside• Network diagnostics
1) Lightweight protection 2) Anomaly detection against unknown attacks
Proprietary and Confidential – www.secmatters.com 10
Remaining challenges in vehicle cybersecurity
Traffic encryption
Firewall protection
Anomaly detection (i.e. IDS)
Misuse/threat distinction
Incident response
Proprietary and Confidential – www.secmatters.com 11
open standard APplication Platform for carS and TrAnsportationvehiCLEs
Goals:• open and secure cloud platform • interconnecting a wide range of
vehicles to the cloud via open in-car and Internet connection
• supported by an integrated open source software development ecosystem
Vehicle Security: the APPSTACLE project
Acronym