06. Connected Car Cyber Security _ Gil Litichever
description
Transcript of 06. Connected Car Cyber Security _ Gil Litichever
![Page 1: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/1.jpg)
![Page 2: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/2.jpg)
Feasible Car Cyber
Protection
Gil Litichever
CEO, Arilou
![Page 3: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/3.jpg)
![Page 4: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/4.jpg)
About Arilou
A team of cyber security experts experienced in
Embedded cyber security
Mission critical systems
Attack and protect perspectives
Dedicated high end security systems
Security integration into existing systems
![Page 5: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/5.jpg)
The modern car
Sophisticated and computerized
Decentralized electronic system
Usually consists of dozens of computers (ECUs – electronic
control units) and sensors
New functionalities – hundreds MBs of code
Connected by one or more network segments
Autonomous cars
![Page 6: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/6.jpg)
The modern car
![Page 7: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/7.jpg)
CAN bus protocol
A protocol from the 80’s
Very simple
Not secured in any manner
Priority according to ID
Who is the sender?
![Page 8: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/8.jpg)
Known attacks
Disable an automotive using the internet
Attack using wireless tire pressure sensors
Attack using On-Star
Attack using the infotainment system – gain control over
the vehicle
![Page 9: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/9.jpg)
Attack motivation
Access to the automotive internal communication network
Public safety
Car theft
Personal data theft
Extortion
Damaging competitors’ business and reputation
Chip tuning
…
![Page 10: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/10.jpg)
Infotainment Hack
internet
![Page 11: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/11.jpg)
Hacking a system
![Page 12: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/12.jpg)
Protection overview
• HSM
Evita
• Encryption schemes
• Intrusion detection system - IDS
Battelle, SWRI
![Page 13: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/13.jpg)
CAN bus firewall
A rule based CAN bus Firewall
Whitelist
Rate limit
Architecture
As general rule does not require redesign of ECU’s software or
vehicle’s network
![Page 14: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/14.jpg)
Connected Car – V2X
• Inherent communication interface with other vehicles and
infrastructure
Wireless Access in Vehicular Environments - WAVE
Based on 802.11p (Wi-Fi) and IEEE 1609
• Two layers of protection:
Protect the medium (part of IEEE 1609)
Protect the vehicle from “legal” messages
![Page 15: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/15.jpg)
Propagating virus
![Page 16: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/16.jpg)
IEEE 1609
• IEEE 1609 – standards for a communication – the high
communication layer of WAVE
1609.1 -Resource Management
1609.2 -Security Services for Applications and Management
Messages
1609.3 -Networking Services
1609.4 -Multi-channel Operation
![Page 17: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/17.jpg)
V2X medium protection
• Covered by 1609
Based on encryption and authentication using certificates
• Incomplete – still there are problems:
Anyone can communicate with the vehicle, how do we know
it is really the vehicle in front of us
Hacking the infrastructure
Propagating virus – hostile vehicle
![Page 18: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/18.jpg)
Vehicle protection from V2X
• Not in the standard
• V2X as a medium for generic non legal messages
• Damage from “legal” messages
Example: A vehicle following another vehicle
When manual override is too late
![Page 19: 06. Connected Car Cyber Security _ Gil Litichever](https://reader038.fdocuments.net/reader038/viewer/2022110317/55cf995a550346d0339cf040/html5/thumbnails/19.jpg)
Questions?