RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive...
Transcript of RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive...
![Page 1: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/1.jpg)
RAMNResistant Automotive Miniature Network
Camille Gay
Senior Researcher, Toyota Motor Corporation (Tokyo, Japan)
Tsuyoshi Toyama, Principal ResearcherHisashi Oguma, Group Manager
![Page 2: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/2.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 3
Presentation plan
• Automotive Security• Automotive Testbeds• What “Automotive Grade” means• Why it matters for security• RAMN details and demonstrations• Goals
![Page 3: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/3.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 4
Automotive Security
A brief introduction
![Page 4: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/4.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 5
The news
• Researchers have demonstrated several times that “connected cars” could be remotely hijacked
http://illmatics.com/Remote%20Car%20Hacking.pdf
https://ieeexplore.ieee.org/document/5504804
https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
![Page 5: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/5.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 6
Vehicle Crime
• Theft
• Fraud
• Counterfeiting
•Bypassing regulations
• Spying
• Etc.
“Stolen vehicles are frequently trafficked in order to finance and carry out other criminal activities, ranging from drug trafficking, arms dealing, people smuggling and international terrorism.”https://www.interpol.int/en/Crimes/Vehicle-crime
![Page 6: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/6.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 7
Challenges
• Securing cars is not an easy task• hundreds of computing units• … from different companies• … running thousands of lines of code
• Can only happen with• Presence of automotive security experts across companies• Good cooperation between them• Efficient tools at their disposal
![Page 7: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/7.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 8
Automotive Testbeds
How people research automotive security
![Page 8: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/8.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 9
Automotive Architecture ECU: Electronic Control UnitIVI: In-Vehicle InfotainmentTCU: Telematic Control UnitCGW: Central GatewayCAN (Controller Area Network)
CAN-FD (CAN Flexible Data rate)100Base-T1 (Automotive Ethernet)LINFlexRayMOSTetc.
![Page 9: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/9.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 10
Real car
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
• Actual network of ECUs
• Expensive• Black Box • Dangerous
![Page 10: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/10.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 11
Hacking testbeds
https://www.bugcrowd.com/resources/webinars/from-an-ivi-in-a-box-to-a-car-in-a-box/
https://gsec.hitb.org/sg2019/sessions/commsec-car-hacking-made-easel-by-car-security-quarter-csq/
https://hackaday.com/2018/08/11/car-hacking-at-def-con-26/
• Fun !• Involve actual ECUs
• Not easily reproducible
• Require a lot of effort • Partially black box
![Page 11: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/11.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 12
Academic testbeds
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cho.pdf
https://people-ece.vse.gmu.edu/~kzeng2/publications/2017/CAN_Authentication_ICCPS2017.pdf
• Reproducible• White box
• Not appealing to newcomers• Not automotive grade
![Page 12: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/12.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 13
Professional testbeds
https://www.chip1stop.com/sp/products/toyota-pasta
•PASTA• Testbed Introduced at Black Hat Europe 2018
• Open
• Adaptable
• Safe
• Portable• White box• Adaptable and Portable• Fun
• Expensive• Not automotive grade
![Page 13: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/13.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 14
Problem 1: require High Investment
• Consequence 1: Less freedom for research• Must share the testbed• No permanent modification• Must not break
• Consequence 2: Less people involved• Less people getting started• Few experts
![Page 14: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/14.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 15
Low Entry barrier• Arduino
• Raspberry Pi
• Google coral
• Nvidia Jetson Nano
https://www.arduino.cc/
https://www.raspberrypi.org/
https://coral.ai/
http://developer.nvidia.com/embedded/jetson-nano-developer-kit
Low cost andsupporting community
![Page 15: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/15.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 16
Why is “not automotive grade” a problem ?
Problem 2: not automotive grade
![Page 16: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/16.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 17
Automotive Grade
A simplified introduction
![Page 17: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/17.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 18
Why do we need different grades of electronics ?
![Page 18: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/18.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 19
Customer’s needs and expectations
• Popular smartphones are designed to operate in the temperature range of 0℃ to 35℃
• Extending that operating range would result in more disappointed customers than happy customers
https://support.apple.com/en-us/HT201678
https://www.samsung.com/us/support/answer/ANS00076952/
![Page 19: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/19.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 20
Different grades for different expectations
• Electronic components designed to match the expectations of the customer base• not less• not more
• Mainly four grades:• Commercial Grade• Industrial Grade• Automotive Grade• Military and Aerospace Grade
![Page 20: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/20.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 21
How is automotive grade different ?
•Very harsh environment
•Very high reliability and safety requirements
• Long life expectancy (>10 years)
•High volumes
![Page 21: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/21.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 22
How is automotive grade different ?
•Very harsh environment
•Very high reliability and safety requirements
• Long life expectancy (>10 years)
•High volumes
![Page 22: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/22.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 23
https://support.apple.com/en-us/HT201678
Operating and storing temperature
![Page 23: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/23.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 24
Automotive electronics environment• Extreme temperatures (-40℃ to +150℃) (-40℉ to 302℉)
• High Humidity
• Salt spray
• Corrosive atmospheric gasses
• Dust
• Vibrations
• Shocks
• Unstable power-supply (micro-cuts, cranking, ripples, load dumps, etc.)
• Electro-Static Discharges (ESD)
• Electromagnetic Noise
• People (dropping an ECU, reverse polarity, failed jump-start, etc.)
![Page 24: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/24.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 25
What are the risks in harsh environments ?
•Corrosion
• Solder cracks
• Intermetallic growth
•Whiskers
•Dendrites
• Electromigration
• Etc.https://cdn.intechopen.com/pdfs/70995.pdf
https://nepp.nasa.gov/whisker/reference/tech_papers/2006-Leidecker-Tin-Whisker-Failures.pdf
![Page 25: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/25.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 26
Standards• AEC-Qxxx (Automotive Electronics Council)
• AEC-Q100: Integrated Circuits• AEC-Q101: Discrete Semiconductors• AEC-Q200: Passive Components• Etc.
• Defines 4 automotive grade and the tests they need to pass.• Grade 0: -40 to 150℃• Grade 1: -40 to 125℃• Grade 2: -40 to 105℃• Grade 3: -40 to 85℃
• Other important standards: IPC-6012DA, etc.http://www.aecouncil.com/Documents/AEC_Q100_Rev_H_Base_Document.pdf
![Page 26: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/26.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 27
Aerospace/Military vs Automotive
• Different problems for aerospace• more radiations• more susceptible to tin whiskers ?• etc.
• Different temperature range:• Automotive -40 to 150℃• Aerospace -55 to 125℃
• Might be compatible but no guaranteehttps://nepp.nasa.gov/workshops/eeesmallmissions/talks/10%20-%20WED/1500%20-%20Sampson%20-%20Is%20It%20Wise%20to%20Fly%20Automotive%20Electronics_v4.pdfhttps://escies.org/download/webDocumentFile?id=63946
![Page 27: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/27.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 28
https://en.wikipedia.org/wiki/Elon_Musk's_Tesla_Roadster
![Page 28: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/28.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 29
How is automotive grade different ?
•Very harsh environment
•Very high reliability and safety requirements
• Long life expectancy (>10 years)
•High volumes
![Page 29: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/29.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 30
How bad is a random failure ?
• Commercial grade• Customer likely inconvenienced• Provide good service and they’ll forgive you / like you even more
• Industrial grade• Customer likely impacted financially• Customer not likely to forgive
• Automotive grade / Aerospace grade• People potentially harmed physically• Someone will need to take responsibility
![Page 30: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/30.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 31
Failures always happen
• Every component has a low chance of randomly failing
• You can estimate that probability with
• Prediction methods
• IEC 61709:2017, SN29500, FIDES, JESD89A, etc.
• Accelerated tests
• Reputable manufacturers let you access their data
• https://www.ti.com/quality/docs/estimator.tsp
FIT: Failures In TimeNumber of failures expected per billion device-hours.
Humans and lightning: 0.23 FiThttps://www.cdc.gov/disasters/lightning/victimdata.html
![Page 31: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/31.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 32
Automotive risks
• Millions of cars
• Thousands of components
• Thousands of operating hours
![Page 32: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/32.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 33
ExampleBypass / ESD capacitor
ECU Circuitry
12V
GND
ECU Circuitry
12V
GND
![Page 33: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/33.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 34
Failure modesWhat happens when the component fail ?
• Significant shift in its parameters• It could become a “short-circuit”
ECU Circuitry
12V
GND
Potential Fire HazardLoss of ECU function
![Page 34: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/34.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 35
Single Point Fault (SPF)
•1 failure leads to catastrophic consequences
ECU Circuitry
12V
GND
![Page 35: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/35.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 36
Countermeasures
•1) Detection
“Residual Fault” (also an SPF)
![Page 36: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/36.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 37
Countermeasures
•2) Redundancy
ECU Circuitry
12V
GND
“Latent Fault” (LF) (Multiple-point fault).
![Page 37: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/37.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 38
If the ECU has a critical missionWhy not do this ?
ECU Circuitry
12V
GND
ECU Circuitry
12V
GND
![Page 38: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/38.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 39
Raising the bar
•That’s just ONE component of ONE ECU
•… Thousands to go …
•When do you stop ?
![Page 39: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/39.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 40
Standards
• ISO26262• Also cover other topics (Systematic failures, etc.)• Defines different safety levels for an ECU’s function• Automotive Safety Integrity Level
• ISO 16949• PPAP (Production Part Approval Process), etc.
http://cadence.com/content/dam/cadence-www/global/en_US/documents/solutions/automotive-functional-safety-wp.pdf
![Page 40: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/40.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 41
What about Software ?
• Also covered by ISO26262
• Random “transient” failures in hardware (bitflips from cosmic rays, etc.)
• Redundancy
• Two CPUs executing the same code (lock-step)
• ECC (Error-Correcting Code Memory)
• Bugs (“systematic failures”) mitigated by best practices
• No dynamic memory allocation
• Sanity checks of every parameter
• Periodic internal memory checks
• Enforcement of low complexity
• Restricted use of interrupts
https://www.st.com/resource/en/application_note/dm00076080-safety-manual-for-spc570s-family-stmicroelectronics.pdf
![Page 41: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/41.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 42
What about Software ?
• MISRA C• Set of rules for safe and reliable code
• Always use brackets for statements (if, while, etc.)• No dynamic function pointers• No variadic functions• Etc.
• Not very different from CERT-C
• Automotive SPICE (ISO/IEC 15504)
![Page 42: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/42.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 43
Impact on Security
Does Automotive Grade matter ?
![Page 43: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/43.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 44
What does it mean for security ?
Safety and reliability measures limit the security countermeasures developers can take.
• You could encrypt the CAN bus• You could permanently lock debug ports• You could obfuscate the firmware• … But how would you investigate a problem that was
reported ?
![Page 44: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/44.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 45
What does it mean for security ?
• ECC memory still susceptible to attacks• https://www.vusec.net/projects/eccploit/
• Some ECUs susceptible to glitching attacks• https://www.riscure.com/uploads/2018/11/Riscure_Whitepaper_Analyzing_Automotive_Firmware.pdf
• Even ASIL-D microcontrollers susceptible to glitching attacks• https://www.riscure.com/uploads/2017/08/Riscure_Whitepaper_Safety_is_not_Security_Automotive.pdf
Safety and reliability measures may make things harder for attackers, but not impossible
![Page 45: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/45.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 46
What does it mean for security ?
• Higher temperature = Higher security risk ?
• Suggested by many papers• https://ieeexplore.ieee.org/document/6976636
• https://upcommons.upc.edu/bitstream/handle/2117/99293/FCTRU_2016_17_Smart_Card_Fault.pdf
• … where “high temperatures” mean 60℃ and 100℃.
• Higher age = Lower security risk ?• https://tches.iacr.org/index.php/TCHES/article/view/8295
• https://dl.acm.org/doi/abs/10.1145/3194554.3194638
![Page 46: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/46.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 47
Developing new technologies
• Proving a security technology on ONE testbed does not mean much• It must work on millions of cars• … with slightly different characteristics due to
hardware manufacturing tolerances• … without failing
• It must work at the lowest temperature.
• It must work at the highest temperature.
• It must still work after 10 years.
![Page 47: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/47.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 48
Evaluating new technologies
•Hard to ensure technologies work for EVERY scenario
•Must be evaluated in conditions in which they are the most at risk• Low temperatures, High temperatures•When failsafe mechanisms are engaged
![Page 48: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/48.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 49
Automotive grade does make a difference
![Page 49: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/49.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 50
The story so far
•Many testbeds available, but they are usually:•High investment •Not automotive-grade
![Page 50: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/50.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 51
RAMN:Resistant Automotive Miniature Network
Inexpensive automotive-grade testbed
![Page 51: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/51.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 52
Objectives
•1) Something “low-investment”• Inexpensive•Fun and easy to get started with
• 2) Something useful for automotive research•Automotive grade ...•… or almost ?
![Page 52: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/52.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 53
https://www.defcon.org/html/links/dc-badge.html
https://www.arduino.cc/
https://www.raspberrypi.org/
Influences
•Popular education and research tools
•Conference Badges
https://hackaday.com/2017/08/04/all-the-hardware-badges-of-def-con-25/
![Page 53: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/53.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 54
Inexpensive
•Keep it small and simple•PCB size of a credit card•USB-Powered•Two Layers only•Large track width/spacing•Easy to solder
Loved by the Automotive
Industry
![Page 54: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/54.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 55
Number of ECUs
• Most testbeds have less than 4 ECUs
• Communicating over CAN
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cho.pdf
https://people-ece.vse.gmu.edu/~kzeng2/publications/2017/CAN_Authentication_ICCPS2017.pdf
https://www.chip1stop.com/sp/products/toyota-pasta
![Page 55: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/55.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 56
Most testbeds look like this:
ECU 1 ECU 2
ECU 3 ECU 4
CAN
That fits on a credit card
Even with CAN-FD
![Page 56: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/56.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 57
![Page 57: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/57.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 58
RAMN
![Page 58: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/58.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 59
![Page 59: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/59.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 60
RAMN
![Page 60: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/60.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 61
Block Diagram
USB Pow
er Enab
le
Microcontroller
3.3V low-noise PSU
CANFD Transceiver
ECU
B
Microcontroller
3.3V low-noise PSU
CANFD Transceiver
ECU
C
Microcontroller
3.3V low-noise PSU
CANFD Transceiver
ECU
D
Microcontroller
3.3V low-noise PSU
CAN-FD Transceiver
ECU
A
GPIOs x6 (3x Power Enable + 3x BOOT0)
USB FS
CAN/CAN-FD Bus
TerminalBlock
BO
OT0
BO
OT0
BO
OT0
Pow
er Enab
le
Pow
er Enab
le
Expan
sion
Expan
sion
Expan
sion
Expansion
![Page 61: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/61.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 62
![Page 62: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/62.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 63
Making it more interesting
![Page 63: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/63.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 64
Expansion boards
![Page 64: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/64.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 65
ScreenGateway
![Page 65: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/65.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 66
Steering WheelChassis domain
![Page 66: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/66.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 67
Brake / Accelerator / Gear shiftPowertrain domain
![Page 67: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/67.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 68
DashboardBody domain
![Page 68: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/68.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 69
![Page 69: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/69.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 70
More expansion boards
![Page 70: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/70.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 71
Debugger + Breakout
![Page 71: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/71.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 72
External Memory
![Page 72: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/72.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 73
TPM
![Page 73: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/73.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 74
Chip Whisperer
![Page 74: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/74.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 75
![Page 75: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/75.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 77
Designed with Open-Source tools
•Designed with KiCAD•https://kicad.org/
![Page 76: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/76.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 78
Getting Started Quickly
![Page 77: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/77.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 79
Fun and easy to get started with
• Integrating required tools•CAN/CAN-FD adapter•Programmer
![Page 78: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/78.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 82
Fun and easy to get started with
•Easy interfacing with popular tools•Logic Analyzers•Oscilloscope•Chip Whisperer
![Page 79: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/79.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 83
Fun and easy to get started with
•Connectable to an open-source driving simulator•CARLA
![Page 80: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/80.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 84
CARLAhttps://carla.org/
• “Open-source simulator for autonomous driving research”
• Based on Unreal Engine
• With a python API
• Comes with an example self-driving algorithm
https://www.unrealengine.com/en-US/spotlights/carla-democratizes-autonomous-vehicle-r-d-with-free-open-source-simulator
![Page 81: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/81.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 85
Integration with CARLA
• By default software only
• Implemented closed-loop controls with RAMN
• Vehicle Controls only accessible through the CAN/CAN-FD bus
• Simulated values (such as vehicle speed) also visible on CAN/CAN-FD bus
![Page 82: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/82.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 86
![Page 83: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/83.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 87
Demo 1 (normal)
![Page 84: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/84.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 90
Automotive grade ?
![Page 85: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/85.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 91
Automotive Grade
•Automotive Microcontrollers not available without NDAs …
•Automotive Software expensive and closed-source
•Had to compromise …
![Page 86: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/86.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 92
Microcontrollers of RAMN• Board compatible with STM32L4 and STM32L5 series
• Automotive-like features• ECC memory• Temperature Range -40 to +125℃
• Security Capabilities• TRNG• AES-Engine (optional)• TrustZone (STM32L5 only)• Secure Boot, Secure Reprogramming, etc. (STM32L5 only)
• CAN
• CAN-FD (STM32L5 only)
![Page 87: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/87.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 93
Testbed firmware
• Developed with STM32CubeIDE• STM32 HAL• FreeRTOS
• Both compliant with MISRA-C
• FreeRTOS not compliant with automotive standards, but there is a paid variant (safeRTOS) available• https://www.freertos.org/FreeRTOS-
Plus/Safety_Critical_Certified/SafeRTOS.html
![Page 88: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/88.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 94
Testbed RAMN (STM32L5 variant) PASTA
Microcontroller STM32L552/STM32L562 R5F563NFHDFB
Microcontroller Family Ultra-Low Power High-Performance
CPU type 32-bit ARM Cortex M33 32-bit RX CPU
Clock 110MHz (165 DMIPS) 96MHz (165 DMIPS)
RAM 256 kB 256 kB
Flash 512kB 2MB + 32k EEPROM
Software layers FreeRTOS + STM32 HAL Bare metal
TrustZone & TRNG Yes No (MPU supported)
ECC Yes No
Temperature range -40~125℃ -40~85℃ (ECU)
Power Supply 5V (USB) 12V
ECU # 4 ECUs in one PCB 4 independent ECUs
CAN Bus # 1 (CAN-FD) 4 (CAN2.0)
Protection (ESD, etc.) No Yes
![Page 89: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/89.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 95
PASTA• Quality Assurance and support from
experimented professionals
• More Adaptability
• 1 PCB per ECU
• 4 CAN Bus
• 12V power supply
• Integrated OBD-II port
• Comes with external CAN adapter
• Etc.
Different tools, same philosophy
Identical CAN messages
![Page 90: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/90.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 96
Main merits of RAMN
• Close to automotive grade specifications
• Inexpensive• No need to share a single expensive testbed• No need to worry about breaking the testbed• Evaluate manufacturing tolerances
• Easy to get started with for beginners in electronics and embedded software.
![Page 91: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/91.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 97
Limitations
•Only 1 CAN/CAN-FD bus
•No 12V power supply
•Not 100% automotive grade
![Page 92: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/92.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 98
Goals
![Page 93: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/93.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 99
Future of automotive security
• There are very good reasons for the automotive industry to be closed• Takes a lot of resources to develop automotive grade hardware and
software
• ISO21434 coming for automotive security
• Standards do not solve everything• Never-considered-before scenarios
• Other reasons
• More experts = more solutions
![Page 94: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/94.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 100
Goals
•Promote more openness in the automotive industry
•Get more people interested in automotive systems
• Facilitate education• Security• Safety, reliability, etc.
• Facilitate research on ECU networks
![Page 95: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/95.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 101
RAMN is not
•A car hacking tool• You cannot connect RAMN to a car•Does not replace a CAN adapter
•An endorsement of real car hacking•Might be illegal in your country•No bug bounty
![Page 96: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/96.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 102
Future works
•Platform for:• Education•Automotive security skills evaluation•Automotive bug bounty platform•Automotive CTF platform
![Page 97: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/97.jpg)
Camille Gay | RAMN: Resistant Automotive Miniature Network 103
How to get one
• Focusing on releasing high quality design files• Easy to order from PCB fabrication services
• Exploring options for distribution
• Feedback appreciated
![Page 98: RAMN Resistant Automotive Miniature Network - RAMN...Camille Gay | RAMN: Resistant Automotive Miniature Network 42 What about Software ? •MISRA C •Set of rules for safe and reliable](https://reader036.fdocuments.net/reader036/viewer/2022071415/610fe10eadc6363d90794771/html5/thumbnails/98.jpg)
Thank YouCamille Gay, [email protected]
@ramn_auto
See you at HITB's Discord channel for questions & answers!