Security of In-Vehicle Software

Slides:



Advertisements
Similar presentations
Security Controls – What Works
Advertisements

Information Security Policies and Standards
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Michael Westra, CISSP June BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.
SEC835 Database and Web application security Information Security Architecture.
Lessons Learned in Smart Grid Cyber Security
DG Enterprise and Industry Philippe JEAN Sustainable Mobility & Automotive Industry Unit WP.29 Enforcement Working Group meeting 27 June update.
Implementing Shared Inspection Management Systems Insights from recent WBG research John R. Wille WBG Investment Climate Advisory Services Amman, Jordan.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Software Security WP29 / ITS Document No. ITS/AD Rev1 (7th ITS/AD, 11 November 2015, agenda item 3-2)
Software Security WP29 IWG ITS/AD Document No. ITS/AD (6th ITS/AD, 3 November 2015, agenda item 3-3)
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
IS3220 Information Technology Infrastructure Security
T.Russell Shields, Co-Chair, Collaboration on ITS Communication Standards Martin Adolph, Programme Coordinator, ITU ITU activities on secure vehicle software.
FIA MOBILITY & TOURISM Gerd Preuss, FIA Representative at UNECE, WP 29 Protection Against Mileage Fraud Current Status in ITS-AD 110 th GRSG Meeting Geneva,
Connected Cars & Autonomous Vehicles
Principles Identified - UK DfT -
SAE Cybersecurity Standards Activity
Connected Vehicles in the Internet of Things Presenter
SIEM Rotem Mesika System security engineering
Submitted by FIA Document No. ITS/AD-10-06
Suggestion for Summarizing Process of the Principles
MEM Cybersecurity Working Group Update to PCD Technical Committee
Cyber Physical System Security
| Data Connectors: Atlanta, GA
Analysis of Current Maturity Models and Standards
Cybersecurity - What’s Next? June 2017
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
The ITU-T X.500 series and X.509 in a changing world
CIM Modeling for E&U - (Short Version)
MEM Cybersecurity Working Group Update to PCD Technical Committee
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
ASSET - Automotive Software cyber SEcuriTy
Medical Device Cybersecurity Legislative Activities - Overview
CYBERSECURITY FOR AUTONOMOUS VEHICLES
Hello, Today we will look at cyber security and the Internet of Things and how it could impact our business.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Speaker’s Name, SAP Month 00, 2017
Firewalls.
National Mining University
ETSI Standardization Activities on M2M communications
Smart Office Market
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Automotive Cybersecurity Market to reach $837.1mn by 2024: Global Market.
Connected Car Market - Global Forecast to 2025.
Connected Car Market by Service (Connected Services, Safety & Security, and Autonomous Driving), Form (Embedded, Tethered, and.
Automated vehicles Horizontal regulation Preliminary considerations
Healthcare Cloud Security Stack for Microsoft Azure
Informal Document: ACSF-11-08
Intelligent Transport Systems
ETRTO proposal for UN R30 & 64 amendments Extended Mobility Tyres
Healthcare Cloud Security Stack for Microsoft Azure
How to Mitigate the Consequences What are the Countermeasures?
Network and security trends in connected cars
New Assessment & Test Methods
The SAFERtec project on V2I security assurance: concept and vision
Replies by the Task Force to the comments provided by GRVA members
Internet of Things (IoT) for Industrial Development and Automation
World Health Organization
Cyber Security in a Risk Management Framework
International Telecommunication Union CITS meeting 8 March 2019 Geneva Status report of the GRVA activities Context, current activities and impact François.
ETSI Contribution to 3rd Meeting of EC Expert Group on RRS
A proposal for approach to proceed work in Cybersecurity TF
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.
Access to data requirementS
Presentation transcript:

Security of In-Vehicle Software Submitted by UL-Netherlands Document No. ITS/AD-09-15 (9th ITS/AD, 22 June 2016, agenda item 4) Security of In-Vehicle Software A Vision on Security for Road Safety Geneva, 22 June 2016 UNECE Informal Group on ITS/ Automated Driving Arjan Geluk, arjan.geluk@ul.com CLASSIFICATION: PUBLIC

Agenda The Challenge of Vehicle Security Target Situation: Secure Vehicles for Safe Roads Bridging the Gaps

The Challenge of Vehicle Security The Trends Transition of the automobile into the information age Vehicle connectivity, vehicle automation, data collection Growing complexity 20-100 connected embedded devices Tens of millions of lines of code Wireless capability: keyless entry, tire-pressure monitoring, infotainment, telematics systems In Security Terms: Increasing probability of exploitable software flaws Larger attack surface Greater risk of privacy violations

The Challenge of Vehicle Security The Trends Increased attention and accessibility for car hacking

Target Situation Secure Vehicles for Safe Roads A vision for the future of automotive cybersecurity Security will be taken as seriously as safety Security and safety will be addressed in an integrated manner Legal frameworks and type approval requirements enforce high levels of security Vehicle authorities consider the whole vehicular infrastructure Wide adoption of industry standards tailored to automotive cybersecurity Privacy is addressed using general data protection rules applied to the automotive domain

Target Situation Secure Vehicles for Safe Roads Security will be taken as seriously as safety Security Critical System Safety Critical System Not addressing security means relying on luck Any system that must be SAFE, must also be SECURE If a non-safe state can be caused unintentially, then what about maliciously?

Target Situation Secure Vehicles for Safe Roads Security and safety will be addressed in an integrated manner Source: SAE J3061

Target Situation Secure Vehicles for Safe Roads Security and safety will be addressed in an integrated manner Key Advantages: Same goal: Prevent the vehicle from entering an unsafe state Take advantages of already implemented frameworks, processes, mentalities Efficiency of overlapping safety and security measures Consistency and completeness

Target Situation Secure Vehicles for Safe Roads Legal frameworks and type approval requirements enforce high levels of security Historically, safety has been driven to a large extent by regulation. Security will be even more so, because Return on investment for security is very long-term We need to act proactively The sector as a whole is not security aware enough (yet!)

Target Situation Secure Vehicles for Safe Roads Legal frameworks and type approval requirements enforce high levels of security Security regulation should be integrated in the existing systems for Creating the standards and regulation Enforcing the regulation through national type approval authorities Incident Response

Target Situation Secure Vehicles for Safe Roads Legal frameworks and type approval requirements enforce high levels of security Flexible enough to adapt, strong enough to enforce

Target Situation Secure Vehicles for Safe Roads Legal frameworks and type approval requirements enforce high levels of security Manufacturer Full type-approval process Classification New Product/Update Update approval process Occasional classification spot-checks Continuous, in-use approach to type approval of in-vehicle software Approval for ONE vehicle type with ONE VERSION of the software

Target Situation Secure Vehicles for Safe Roads Vehicle authorities consider the whole vehicular infrastructure OTA Update Backend Telematics Unit Gateway ECUs A car is now more than just in-vehicle hardware and software

Target Situation Secure Vehicles for Safe Roads Vehicle authorities consider the whole vehicular infrastructure OTA Update Backend Telematics Unit Gateway ECUs Enterprise Private Keys Secure communication using TLS, certificate pinning Trust Anchor Code signature verification, integrity checks, secure distribution of service pack, secure boot loader, etc. …

Target Situation Secure Vehicles for Safe Roads Vehicle authorities consider the whole vehicular infrastructure In-vehicle security measures alone may not be effective Extra-vehicular systems with safety critical functions Vulnerable after-market additions Compromised service stations and vehicle repair shops

Target Situation Secure Vehicles for Safe Roads Wide adoption of industry standards tailored to automotive cybersecurity Current situation: Many security standards and best practices for other domains, but not specific to automotive Standards are being developed, but are in early stages e.g. VDA & SAE contributions to ISO Target: Standards describing a secure development lifecycle and best practices for securing automotive systems, from in-vehicle software until cloud services

Target Situation Secure Vehicles for Safe Roads Privacy is addressed using general data protection rules applied to the automotive domain A lot of sensitive data is being collected by vehicular systems Voluntary “Consumer Privacy Protection Principles” have been developed specifically for the automotive industry Compliance is required with general data protection rules, applied to the automotive domain

So how do we get there?

Bridging the Gaps? Key measures Security-by-design, a life-cycle approach for designing in-vehicle software How do regulators conduct surveillance? Rating system? Software Updates: Secure using code signing and trust anchor Roll-out of security patches Management of type-approval if functional changes are conducted Collaboration with the security community Bounty Programs Information sharing of threats, vulnerabilities, best practices among manufacturers. Maturity models Learning from other industries (aeronautical industry? Industrial control systems?) Defence-in-depth Layered approach Segmentation and Isolation Logging In-vehicle network security (redesign of protocols, intrusion detection and prevention) Initiatives Security workgroup under UNECE ISO standardisation using SAE and VDA input

THANK YOU.

UL Software & Security – Contact Details Europe Leiden, the Netherlands Call +31 71 581 3636 Email ulcyber@ul.com Visit www.ul.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.