Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network and security practices in automotive systems

Published byEthelbert Elliott Modified over 5 years ago

Similar presentations

Presentation on theme: "Network and security practices in automotive systems"— Presentation transcript:

1 Network and security practices in automotive systems
Alexios Lekidis

2 Who am I? Senior Researcher at ForeScout
Guest Lecturer at the Security Group of the Eindhoven University of Technology Internet of Things (2IMN15) course Programming methods (2IPC0) course Research areas: model-based development / performance evaluation / network monitoring in embedded systems Short Bio Software Architect in ASML’s Metrology department PostDoc in Dependability and Security group, Aristotle University of Thessaloniki PhD in Theoretical Computer Science, University of Grenoble Master in Electrical Engineering , Aristotle University of Thessaloniki Specialization: Electronics and Telecommunications

3 Today’s topic

4 Overview The evolution towards connected cars
Threats in automotive systems Automotive security: Scope and objectives

5 Overview The evolution towards connected cars
Threats in automotive systems Automotive security: Scope and objectives

6 Car historical evolution
Embedded area: Infotainment area: R&D area: 1886 2000 2020

7 V2X area: 2012-ongoing Embedded area: Infotainment area: 1886 2005 2020

8 New mobility area: 2020-onwards
V2X area: 2012-ongoing New mobility area: 2020-onwards Embedded area: Infotainment area: 1886 2005 2020

9 In-vehicle software complexity
Question 2: Does Facebook have more software code than a car?

10 Why vehicles are getting so complicated?
V2X for vehicle communication to everything Road Side Units (RSU) assisting the communication between vehicles Backend server performing traffic management

11 Vehicle to everything communication scenarios
Wireless / Cellular communication Information disseminated to neighbouring vehicles / road stations

12 What about inside the vehicle?
Cars are comprised by one or several Electronic Control Units (ECUs) Each ECU is an networked embedded device with the following components

13 Challenges in automotive system design
In-vehicle systems in a glance Powertrain subsystem : 1) generation of power in the engine ) transmission and gear control chassis subsystem : In-vehicle active safety (ABS, suspension system ) body subsystem : in-vehicle body / climate control Passive safety subsystem : airbags / seat belt pretensioners telematics subsystem : Infotainment (GPS, CD player) Slide 1: title page Slide 2: project information Slide 3: your future perspective

14 Overview The evolution towards connected cars
Threats in automotive systems Automotive security: Scope and objectives

15 Is it safe? Buyers demand modern connected infotainment systems
Cars are shifting towards being autonomous Additional risks as vehicle interfaces are exposed to possible threats Wireless and cellular connections (e.g. WiFi, 4G) Risk severity increases to automotive software cannot easily be updated No monthly security update

16 When security threats become safety-related
Car = Cyber Physical System (CPS) Vital risks to vehicle passengers Crysler’s Jeep Cherokee CIA’s Vault 7 Smartphone navigation apps Cyber-security threats target add-on features and functionalities of the vehicle target critical in-vehicle components (e.g. engine, breaks)

17 Ransomware Encrypted individual messages from the ransomware client
Vehicle could not start without paying the ransom up to 70% of the ransomware business victims and ~50% of consumer victims actually pay the ransom Total sum roughly $1 billion in 2017

18 Frequently exploited attack surfaces

19 Attack motivations Adversaries:
Vehicle theft/copy the vehicle’s architectural designs and specifications espionage for tracking and recording sensitive information Car dealers: Suppression of vehicle notifications / avoidance of incurring replacement expenses targeting the safety of the vehicle Nation states, underworld and terror organizations: physical harm and wide-spread damage OBDII unit for in-vehicle diagnostics Interesting fact: Did you know that any car dealer can sell you any car like it’s a new one?

20 Example attack steps Understand the information that are exchanged
Find a vulnerability in the vehicle’s “exposed” interfaces Format the information to be injected to the vehicle in a way that they are handled by the other ECUs Navigate to the ECU the attack is targeted on and interrupt/stop its functionality Transmitted mobility data SenderID Position Speed Heading Addressing details Geographical region

21 Overview The evolution towards connected cars
Threats in automotive systems Automotive security: Scope and objectives

22 Security in connected cars
Objectives: Protecting all communications Protecting each sensor, actuator, microcontroller (MCU), and microprocessor Safely and effectively managing the entire vehicle over the air (OTA) Mitigating advanced threats Standards define cybersecurity practises (e.g. J3061) Are not designed to meet all the objectives Are more guidelines than threat detection and protection mechanisms Instead the questions to be answered by hardware or software security solutions are: How to detect an attack on a vehicle? What should be done once detected?

23 What we learned so far: Security related to safety
Automotive systems contain more in software than any other system Question: Why is automotive security so complex? Answer: Coming up in part 2..

Download ppt "Network and security practices in automotive systems"

Similar presentations

The Fully Networked Car Geneva, 3-4 March 2010 Security risk analysis approach for on-board vehicle networks 1 Alastair Ruddle Consultant, MIRA Limited.

The Fully Networked Car Geneva, 3-4 March 2010 Security risk analysis approach for on-board vehicle networks 1 Alastair Ruddle Consultant, MIRA Limited.
LAPD TELEMATICS PRESENTATION. Why Consider Telematics? 1. Advanced Vehicle Technology 2. Advanced Wireless Communications 3. New Generation of Police.

LAPD TELEMATICS PRESENTATION. Why Consider Telematics? 1. Advanced Vehicle Technology 2. Advanced Wireless Communications 3. New Generation of Police.
Car Hacking Patrick, James, Penny.

Car Hacking Patrick, James, Penny.
Introduction to Cyber Physical Systems Yuping Dong Sep. 21, 2009.

Introduction to Cyber Physical Systems Yuping Dong Sep. 21, 2009.
B.RAMAMURTHY UNIVERSITY AT BUFFALO Introduction to Hardware (& Software) 5/30/2013 Amrita-UB-MSES-CSE524-2 1.

B.RAMAMURTHY UNIVERSITY AT BUFFALO Introduction to Hardware (& Software) 5/30/2013 Amrita-UB-MSES-CSE
Michael Westra, CISSP June 2012 2012 BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.

Michael Westra, CISSP June BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.
© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.

© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,

Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,
Safety All The Time Oyuki Ogawa Executive Vice President DENSO CORPORATION.

Safety All The Time Oyuki Ogawa Executive Vice President DENSO CORPORATION.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
1 CAR 1 st Dec. 2003. 2 Core-group on Automotive R&D (CAR) Ministry of Science & Technology, Govt. of India. Constituted by Dr.R. Chidambaram,

1 CAR 1 st Dec Core-group on Automotive R&D (CAR) Ministry of Science & Technology, Govt. of India. Constituted by Dr.R. Chidambaram,
Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.

Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
THE RMI ✦ Technology: driving change in the retail motor industry PRESENTED BY JAKKIE OLIVIER CAR CONFERENCE  23 OCTOBER 2013.

THE RMI ✦ Technology: driving change in the retail motor industry PRESENTED BY JAKKIE OLIVIER CAR CONFERENCE  23 OCTOBER 2013.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
Communication Protocol Engineering Lab. VANET-cloud : a generic cloud computing model for vehicular ad hoc networks IEEE Wireless Communications February.

Communication Protocol Engineering Lab. VANET-cloud : a generic cloud computing model for vehicular ad hoc networks IEEE Wireless Communications February.
AUTOMOBILE CYBER SECURITY David McPeak. EVOLUTION IN DESIGN/TECHNOLOGY.

AUTOMOBILE CYBER SECURITY David McPeak. EVOLUTION IN DESIGN/TECHNOLOGY.
Smart City As Unified Multi-tier IoT Solution. Increased Smart City IQ Generation 1: local management systems (e.g. traffic lights synchronization) Generation.

Smart City As Unified Multi-tier IoT Solution. Increased Smart City IQ Generation 1: local management systems (e.g. traffic lights synchronization) Generation.
SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

Similar presentations

Ads by Google