ISSSC 2015, 8.9.2015 09.00 – 12.00 Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner.

Slides:



Advertisements
Similar presentations
EU-Certificates Association: Introducing EQN Project of EU Leonardo da Vinci Programme A.Soloviev (EDNES/GC RAS, Russia), R.Messnarz (Coordinator, ISCN,
Advertisements

Automotive Embedded System Development in AUTOSAR
The Fully Networked Car Geneva, 3-4 March 2010 Security risk analysis approach for on-board vehicle networks 1 Alastair Ruddle Consultant, MIRA Limited.
TOOL BOX TALKS Safe Working at External Locations.
Vehicle Dynamics – It’s all about the Calculus… J. Christian Gerdes Associate Professor Mechanical Engineering Department Stanford University.
Division Mobile Working Machinery Prof. Dr.-Ing. Dr. h.c. K.-Th. Renius c/o Institute of Automotive Engineering Prof. Dr.-Ing. B. Heißing Technische Universität.
Car Hacking Patrick, James, Penny.
Service Training K-VK-36 mz 06/01 Convenience system remote central locking and anti-theft system 1.
Hydraulic Anti-Lock Braking System For Trucks, Buses and Motor Homes.
Steering Columns.
Sensors used in ABS (Anti-Lock Braking System)
Chapter 3 Basic Vehicle Control
CPSC 875 John D. McGregor Security. Write down the AADL specification for a simple queue.
FIA Protection Against Mileage Fraud by Common Criteria UNECE Informal document GRSG (108th GRSG, 4-8 May 2015, agenda item 3)
Overview of MultipleInput Power Steering Software Engineering CSE 435 Michigan State University Fall 2014 Team members: Project Manager: Gregory Andrew.
E- 579 Mechatronics Modeling and Simulation Term Project - “ Steer By Wire” Instructor Dr. Shuvra Das Divesh Mittal.
Emerging Trends in Computer Science Dr. Gurvinder Singh Reader, Deptt of Computer Science & Engineering, GNDU, Amritsar.
The Australian/New Zealand Standard on Risk Management
ABS(Antilock braking system)
Motor Vehicle Level 3 Electronics and Electronic Components Resource 1.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.
Reproduction interdite © ALMA EUROPEAN CONSORTIUM Reproduction forbidden Design, Manufacture, Transport and Integration in Chile of ALMA Antennas Page.
Views from different perspectives
Automotive Test & Measurement Case Studies SAAMF Roadshow Durban CSIR NML Eddie Tarnow Metrologist: Torque & Automotive 14 June 2006.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.
Security Analysis of a Cryptographically- Enabled RFID Device Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo Usenix.
ORGANIC IST4Balt Seminar, Vilnius, 22 October 2004 The project is funded by the EU under the Leonardo da Vinci programme: A/03/B/F/PP ORGANIC –
Remote Control Parking (RCP)
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,
Azam Supervisor : Prof. Raj Jain
ATE wheel speed sensors. 2 Why ATE wheel speed sensors? Growing trend to comfort and safety: ABS is the standard today in all cars newly registered in.
Doane Pet Care Company Pet Food Safety System (PFSS) M.W. Merkel September 23, 2003 Animal Feed Safety System Public Meeting.
Fahad Azad,Managing Partner VEHICLE DRIVING ROBOT INDIA ARGENTINA.
Why Cryptosystems Fail R. Anderson, Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993 Reviewed by Yunkyu Sung
Chapter 1: Security Governance Through Principles and Policies
Definition: anti-lock braking system (ABS): is a safety system that allows the wheels on a motor vehicle to continue interacting tractively with the road.
Skills and products portfolio an overview Lorenzo Martinelli – Business Development Contact:
Eyal Hamo Berry Shnaider בס " ד 1.
© International Road Transport Union (IRU) 2005Professional Driver Training Seminar Sep 2005Page 1 Professional Driver Training Seminar Driver Training.
OBD and Safety. Drew Technologies Founded and incorporated in 1996 Core focus on vehicle communications and diagnostics Customers divided among 3 business.
Soikot Sengupta London, 4 th February 2004 The European Market for Mechatronics in Passenger Cars © 2003 Frost & Sullivan. All rights reserved. This document.
T.Russell Shields, Co-Chair, Collaboration on ITS Communication Standards Martin Adolph, Programme Coordinator, ITU ITU activities on secure vehicle software.
OICA IWG AECSAPRIL 2016 AECS REGULATION POST-CRASH CHECK WITH HMI TEST METHOD SUMMARY -ASIL determination – ISO Pre-requirements for HMI test method.
VGRS (Variable Gear Ratio Steering) System
Primary Steps for Achieving ISO Certification.
Principles Identified - UK DfT -
Security Issues in Information Technology
Guide for the application of the CSM design targets (CSM-DT)
Guide for the application of the CSM design targets (CSM-DT)
Suggestion for Summarizing Process of the Principles
Koji Nakao, Dai Arisue NICT, Japan
Analysis of Current Maturity Models and Standards
Collect and share knowledge
Network Security (the Internet Security)
Seminar on ELECTRONIC POWER STEERING
Manufacturer and Exporter
SE and SSE Trade-Off Analyses
CYBERSECURITY FOR AUTONOMOUS VEHICLES
Challenges for the European Automotive Software Industry
High Secured Inter-Cloud Connectivity via Public Networks
Pre-Trip Responsibilities
Electronics Engineering Division
Collect and share knowledge
Network and security trends in connected cars
Anti-lock Brake System (ABS)
I&C requirements and configuration management
A proposal for approach to proceed work in Cybersecurity TF
Presentation transcript:

ISSSC 2015, – Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner

ISSSC 2015, – Company Profile Accreditated iNTACS™ training provider for ISO/IEC and Automotive SPICE ® Accreditated VDA-QMC training provider and partner Moderator of the German SOQRATES initiative, where 23 leading Germany companies share knowledge concerning process improvement. EU Research Projects since

ISSSC 2015, – Company Profile ISCN Ltd Ireland (Coordination Office) founded 1994 in Ireland –Development and consulting offices in Austria ISCN Regionalstelle founded 1997 I.S.C.N. GesmbH founded 2001 –Further Offices in ISCN Group in different countries EuroSPI Conference and Network Coordinator since 1994 Vice President and Technology Provider for the European Certification and Qualification Association since 2005 SPICE Assessments and Improvement Projects since

ISSSC 2015, – Integrated Safety Design 4 Assembler Manufacturer SW Safety + Security Designer Mechatronic Designer Technical Project Leader HW Safety + Security Designer System Safety + Security Engineer

ISSSC 2015, – Automotive Example 5 Understanding functional chains beyond and including the software steering wheel Driver steering torque Steering column (mechanical layout and torque) Torque-Index-Sensor Rack Powerpacktorque sensor signal transmission X mm = Y° Steering Angle Powerpack ECU SW Connec- tor E- Motor Item = Electric Power Steering CAN CL15 CL30 In – Vehicle Speed In – Ignition On Out – Steering Angle

ISSSC 2015, – Automotive Example 6 Understanding functional chains beyond and including the software Item Extended by Steering Lock ECU SW E- Motor Connec- tor CAN CL15 Ignition On M Locking Bolt CL30 Battery

ISSSC 2015, – Risk Classification

ISSSC 2015, – 12.00

Independent confirmation measures [ISO , Tab1]: Confirmation reviews F.Safety audit F.Safety assessment Independence of elements after decomposition: No dependent failures or Dependent failures have safety mechanism

ISSSC 2015, – Automotive Example 11 Understanding functional chains beyond and including the software Item Extended by Steering Lock ECU SW E- Motor Connec- tor CAN CL15 In – Digital Ignition On 0/1 ASIL-B (D) In – Vehicle Speed ASIL-B (D) M Locking Bolt CL30 Lock-Control ASIL- D In – Ignition On ASIL-A (D)

ISSSC 2015, – L1 Base Software L2 Speed versus Ignition On/Off L2 Motor Position Check Actuator Activation Vehicle Speed Ignition On/off Safe State Function- Software L3 System Diagnosis Processor still working, workflow control, etc. ASIL D: independent memory, 2 independent CPUs synchronised

ISSSC 2015, – Building a Requirements Traceability as Part of the Safety Case Automotive Example Customer Requirements e.g. Life time 15 years of steeribng lock e.g. Lock the steering as standstill Hazard Analysis Identification and classification of safety risks and hazards. e.g. Safety Goal : no uncontrolled actuation of steering lock Risk: uncontrolled actuation can happen with wrong clamp 15 input FMEA / FMEDA Analysis of hazards and safety risks and measures by FMEA and FMEDA e.g. Measure: redundant digital ignition on/off is needed to assure that speed is < 3 km/h, otherwise steering lock stays open System Requirements Specification System Requirements e.g. Activating steering lock at stand still within 1 second e.g. during life time the system can manage up to locks/unlocks Safety Requirements e.g. we need to trust the speed information by ASILD e.g. In case of speed > 3 km/h do not activate the steering lock e.g. safe state is steering lock open, also to be reached in case of ECU failure

ISSSC 2015, – Dependable vehicle Understanding interference from IT Security Prio 1: Analyse IT Threats which can lead to the hazardouus failure Prio 2: Analyse additional IT Security Threats

ISSSC 2015, – Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Spoofing CommandsMessages on CAN are used to simulate car is stopping. Checksum algorithm and message structure is hacked. Sending key-less-go off signal, and at the same time sending speed is 0 and rpm is 0. Denial of serviceMessages on CAN are used to simulate car is never stopping. Sending wrong digital on/off signal and speed always > 5 km/h (steering lock never actuates) TamperingChanging configuration data in a memory (setting speedlimit for activating steering lock) Changing from < 3 kmh to < 100 kmh during drive (activates when decreasing speed lower 100)

ISSSC 2015, – Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Identity SpoofingSpoofing identity of garage Spoofing identity of message Presumptipon of above scenarios. Information DisclosureMemory dump and copying of data, gaining knolwedge about encryption keys, checksum algorithms. Presumptipon of above scenarios. Elevation of privilegeAccess to the gateway and access to the priviliged bus in the car Presumptipon of above scenarios.

ISSSC 2015, – Dependable vehicle 17 Understanding interference from IT Security Maintenab nce tools, listening tools Information Disclosure Elevation of Priviliges Vehicle Bus and Gateway Spoofing Identity Vehicle Steering Related ECUs Spoofing of Commands Tampering Vehicle Function Steering Lock Denial of service Spoofing of Commands leading to locking Automotive Defense Layer 1 Automotive Defense Layer 2 Automotive Defense Layer 3 ASIL-D

ISSSC 2015, – Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Spoofing CommandsMessages on CAN are used to simulate car is stopping. Checksum algorithm and message structure is hacked. Sending key-less-go off signal, and at the same time sending speed is 0 and rpm is 0. Denial of serviceMessages on CAN are used to simulate car is never stopping. Sending wrong digital on/off signal and speed always > 5 km/h (steering lock never actuates) TamperingChanging configuration data in a memory (setting speedlimit for activating steering lock) Changing from < 3 kmh to < 100 kmh during drive (activates when decreasing speed lower 100) ASIL-D

ISSSC 2015, – Traceability Threat Specification per Safety Goal

ISSSC 2015, – Exercise Steering system – self steering – use the ASIL-D rated case Threat analysis using the table Threat analysis diagram with Automotive Defense Layers (AutoDLs)

ISSSC 2015, – Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Spoofing Commands Denial of service Tampering

ISSSC 2015, – Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Identity Spoofing Information Disclosure Elevation of privilege

ISSSC 2015, – Dependable vehicle 23 Understanding interference from IT Security Information Disclosure Elevation of Priviliges Spoofing Identity Spoofing of Commands Tampering Vehicle Function Denial of service Spoofing of Commands leading to locking Automotive Defense Layer 1 Automotive Defense Layer 2 Automotive Defense Layer 3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.