Network and security practices in automotive systems Alexios Lekidis alexis.lekidis@forescout.com a.lekidis@tue.nl

Who am I? Senior Researcher at ForeScout Guest Lecturer at the Security Group of the Eindhoven University of Technology Internet of Things (2IMN15) course Programming methods (2IPC0) course Research areas: model-based development / performance evaluation / network monitoring in embedded systems Short Bio Software Architect in ASML’s Metrology department PostDoc in Dependability and Security group, Aristotle University of Thessaloniki PhD in Theoretical Computer Science, University of Grenoble Master in Electrical Engineering , Aristotle University of Thessaloniki Specialization: Electronics and Telecommunications

Today’s topic

Overview The evolution towards connected cars Threats in automotive systems Automotive security: Scope and objectives

Overview The evolution towards connected cars Threats in automotive systems Automotive security: Scope and objectives

Car historical evolution Embedded area: 1995-2002 Infotainment area: 2007-2012 R&D area: 1966-1995 1886 2000 2020

V2X area: 2012-ongoing Embedded area: 1995-2002 Infotainment area: 2007-2012 1886 2005 2020

New mobility area: 2020-onwards V2X area: 2012-ongoing New mobility area: 2020-onwards Embedded area: 1995-2002 Infotainment area: 2007-2012 1886 2005 2020

In-vehicle software complexity Question 2: Does Facebook have more software code than a car?

Why vehicles are getting so complicated? V2X for vehicle communication to everything Road Side Units (RSU) assisting the communication between vehicles Backend server performing traffic management

Vehicle to everything communication scenarios Wireless / Cellular communication Information disseminated to neighbouring vehicles / road stations

What about inside the vehicle? Cars are comprised by one or several Electronic Control Units (ECUs) Each ECU is an networked embedded device with the following components

Challenges in automotive system design In-vehicle systems in a glance Powertrain subsystem : 1) generation of power in the engine 2) transmission and gear control chassis subsystem : In-vehicle active safety (ABS, suspension system ) body subsystem : in-vehicle body / climate control Passive safety subsystem : airbags / seat belt pretensioners telematics subsystem : Infotainment (GPS, CD player) Slide 1: title page Slide 2: project information Slide 3: your future perspective

Overview The evolution towards connected cars Threats in automotive systems Automotive security: Scope and objectives

Is it safe? Buyers demand modern connected infotainment systems Cars are shifting towards being autonomous Additional risks as vehicle interfaces are exposed to possible threats Wireless and cellular connections (e.g. WiFi, 4G) Risk severity increases to automotive software cannot easily be updated No monthly security update

When security threats become safety-related Car = Cyber Physical System (CPS) Vital risks to vehicle passengers Crysler’s Jeep Cherokee CIA’s Vault 7 Smartphone navigation apps Cyber-security threats target add-on features and functionalities of the vehicle target critical in-vehicle components (e.g. engine, breaks)

Ransomware Encrypted individual messages from the ransomware client Vehicle could not start without paying the ransom up to 70% of the ransomware business victims and ~50% of consumer victims actually pay the ransom Total sum roughly $1 billion in 2017

Frequently exploited attack surfaces

Attack motivations Adversaries: Vehicle theft/copy the vehicle’s architectural designs and specifications espionage for tracking and recording sensitive information Car dealers: Suppression of vehicle notifications / avoidance of incurring replacement expenses targeting the safety of the vehicle Nation states, underworld and terror organizations: physical harm and wide-spread damage OBDII unit for in-vehicle diagnostics Interesting fact: Did you know that any car dealer can sell you any car like it’s a new one?

Example attack steps Understand the information that are exchanged Find a vulnerability in the vehicle’s “exposed” interfaces Format the information to be injected to the vehicle in a way that they are handled by the other ECUs Navigate to the ECU the attack is targeted on and interrupt/stop its functionality Transmitted mobility data SenderID Position Speed Heading Addressing details Geographical region

Overview The evolution towards connected cars Threats in automotive systems Automotive security: Scope and objectives

Security in connected cars Objectives: Protecting all communications Protecting each sensor, actuator, microcontroller (MCU), and microprocessor Safely and effectively managing the entire vehicle over the air (OTA) Mitigating advanced threats Standards define cybersecurity practises (e.g. J3061) Are not designed to meet all the objectives Are more guidelines than threat detection and protection mechanisms Instead the questions to be answered by hardware or software security solutions are: How to detect an attack on a vehicle? What should be done once detected?

What we learned so far: Security related to safety Automotive systems contain more in software than any other system Question: Why is automotive security so complex? Answer: Coming up in part 2..