MULTILAYERED CYBERSECURITY ARCHITECTURE AND SUITE ALON ATSMON VP TECHNOLOGY STRATEGY
HARMAN International. Confidential. Copyright 2016. 1 WHY CYBERSECURITY
2 AGENDA
1. Industry Background
2. What We Do
3. The Problem
4. The 5+1 Solution
5. Network Protection
6. Summary
3 WHO WE ARE HARMAN IN NUMBERS
• $6.5 Billion revenues* • 28,000 Professionals worldwide • 5,900 Patents and patents pending • $23 Billion automotive order backlog** • 12,600 Engineers • 51 Design awards in 2014 • 25+ Countries: Americas, Europe • 3 GRAMMY® Awards-AKG, JBL, and Asia Lexicon *Last 12 Months as of December 31 2015 **As of June 30, 2015 • 16+ Legendary brands • 2 Academy Awards MARKET LEADER GLOBALLY DIVERSE INNOVATION LEADER
4 WHAT WE DO
CONNECTED CAR LIFESTYLE AUDIO PROFESSIONAL CONNECTED SOLUTIONS SERVICES
Navigation, Multimedia, Premium Branded Audio products Audio, Lighting, Video Switching Cloud, Mobility and Analytics Connectivity, Telematics, Safety for use at home, in and Enterprise Automation for Software Solutions along with & Security Solutions the car and on the go Entertainment and Enterprises OTA update technologies for Automotive, Mobile and Enterprises LTM Revenue* $2,981M LTM Revenue* $1,975M LTM Revenue* $1,023M LTM Revenue* $583M
EBITDA is non-GAAP measure and excludes restructuring, non-recurring charges and acquisition-related items. LTM = Last 12 Months ending Dec 31, 2015. 5 *Includes intercompany revenues. IN THE MOST ADMIRED VEHICLES
6 WHO WE ARE A CENTURY OF INNOVATION
2004 1999 JBL one of first to HK Soundsticks debut 1953 1975 release audio docks for iPod. at MOMA Harman Kardon Becker launches introduces first FM tuner first car cassette radio 2008 STC joins OHA and enables Android for the CDMA market 1958 1983 1928 Harman Kardon Crown taps JBL to 2002 World’s first talking movie releases the world’s develop first THX licensed system features Lansing’s Three JBL first stereo receiver HD loudspeakers engineers receive 2012 1989 Academy Awards JBL introduces Flip 1953 Digitech Whammy 1970’s first AKG invents world’s 2004 first dynamic cardiod JBL co-develops foot-controlled pitch 2013 Harman microphone the Wall Of Sound shifting guitar pedal STC developed the first dual-sided for the Grateful Dead enables first smartphone for Yota 1949 Bluetooth wireless Crown introduces first 1997 1984 connectivity open reel tape recorder First car 1971 JBL in Lincoln Town Car in the car with built-in power amp radio/CD/nav. DBX brings Premiers as First OEM system realism Branded Car Audio System 2014 of live HARMAN wins 1937 1991 MGM-Lansing sound 1956 performance third GRAMMY System wins first of to 1983 AKG binaural / Sidney Harman buys out two Academy Awards recorded George Lucas selects JBL to products used on Bernard Kardon and music develop the first THX licensed Mir Space Station 2015 creates Harman International theater audio system STC launches Marimba Cloud– World’s 1948 first, most comprehensive cloud based First ever 1987 IoT management platform in-car radio 1969 Martin lights up the JBL powers first of dance floor with disco lights and three Woodstocks fog machines
7 THE PROBLEM
HARMAN International. Confidential. Copyright 2016. 8 CONNECTED CAR BENEFITS COME WITH CHALLENGES
CONNECTED CONTENT CONNECTED SERVICES CONNECTED UPGRADES
COMPLEXITY SECURITY PRIVACY
9 EXPONENTIAL COMPLEXITY
NOT SO DISTANT PAST NOW & THE NEAR FUTURE
BROUGHT / BEAMED- IN • Off-Board Navigation • Music (Phone, USB, BROUGHT / BEAMED- CD / DVD) IN • HFT BUILT-IN • RKE BUILT-IN • CD / DVD • TPMS • HFT • OBD II • On-Board Navigation • On Board Nav • RKE • B-Call, E-Call • Radio (AM/FM/Dig.) • Radio (AM/FM) • OBD II • OTA • RVC • B-Call • Remote Services • Smartphone Integ. • Downloadable Apps • ADAS • V2X
10 POTENTIAL ATTACK SURFACES
JTAG Consumer Device Tools (USB pen drive, Phone)
Dealer Remote Server Diagnostic (Downloadable apps, FOTA image, Tools Telematics Functions) LOCAL HEAD UNIT REMOTE / SOURCES OTHER Platform, Content & SOURCES Networked Connectivity Networks Multimedia V2X Comm. Devices
ATTACK SURFACES Other ECUs CD/DVD/Blu-ray ATTACK VECTORS
HARMAN INTERNATIONAL. COPYRIGHT 2013. 11 SECURITY CONCERNS ARE GROWING
GOVERNMENT OEM AFTERMARKET
12 THE SOLUTION
HARMAN International. Confidential. Copyright 2016. 13 MUTILAYERED APPROACH 5+1 CYBERSECURITY ARCHITECTURE
1. SECURE HW PLATFORM TAMPER RESISTANCE
2. HYPERVISOR DOMAIN SEPARATION
3. OS ACCESS CONTROL
1 AUTHORIZATION POLICY 2 3 4. APPLICATION SANDBOXING 4 APPLICATION ISOLATION
5 5. NETWORK PROTECTION INTRUSION PROTECTION
HARMAN International. Confidential. Copyright 2016. 14 LAYERS 1 AND 2 5+1 CYBERSECURITY ARCHITECTURE
SECURE HARDWARE Ensures product security with trusted execution environment PLATFORM 1. Secure Boot and “Chain of Trust” ensures only authorized SW runs in the system 2. Protected storage and generation of cryptographic keys 3. Can control access to peripherals thru HW Firewall 4. Improves performance thru HW accelerated encryption/ decryption
HYPERVISOR Multiple operating systems on the same hardware 1. Separates environments with different security requirements 2. Isolates the virtual machines using hardware mechanisms 3. Reduces system cost by eliminating the need for a second processor to provide isolation
15 LAYERS 3 AND 4 5+1 CYBERSECURITY ARCHITECTURE
SYSTEM RESOURCE Controls access based on system and functional requirements ACCESS CONTROL 1. Authenticated and authorized access to critical resources and sensitive data 2. Restricted Access to resources as per defined policies
APPLICATION Multiple applications run in isolated environment SANDBOXING 1. Separates “external facing” (vulnerable apps) from other apps in the system 2. Limits system resources usage by each application 3. Limits capabilities of privileged apps
16 LAYER 5 AND OTA 5+1 CYBERSECURITY ARCHITECTURE
NETWORK PROTECTION Secure communication channels and external interfaces 1. Secure, Encrypted Networking 2. Detect and protects against anomalous external data
OTA UPDATABILITY Continuous security of software and digital assets 1. Secure SW updates against exploits and vulnerabilities 2. Reduces risk of eavesdropping and impersonation by updating compromised authentication vectors
17 KEY TAKEAWAYS
CONNECTED CAR BENEFITS COME WITH CHALLENGES
MULTILAYERED SOLUTION NEEDED
OTA AND NETTWORK PROTECTION ARE KEY
HARMAN International. Confidential. Copyright 2016. 18 THANK YOU
ALON ATSMON, VP TECHNOLOGY STRATEGY
HARMAN International. Confidential. Copyright 2016. 19 ECUSHIELD
HARMAN International. Confidential. Copyright 2016. 20 WHAT IS ECUSHIELD? ECUSHIELD is an embedded software solution which provides an on-board automotive Cyber Security against hacking, intrusion and critical communication disruptions.
HARMAN INTERNATIONAL COPYRIGHT 2013. 21 PROTECTING AGAINST
ABUSE OF SPOOFING ”LEGITIMATE” SOFWARE EXPLOITS DENIAL OF SERVICE OPERATIONS
Example: Example: Example: Example:
Spoofing of CAN Using Diagnostic Manipulate the Flooding the CAN messages from an commands to cause communication to bus external device / undesired actions exploit compromised ECU vulnerabilities in the code
HARMAN INTERNATIONAL COPYRIGHT 2013. 22 ECUSHIELD KEY FEATURES
DETECT NEW MARK THE MALICIOUS MITIGATE THE THREAT IN IDENTIFY THE THREATS COMMUNICATION REAL-TIME THREAT SOURCE
NO PREVIOUS KNOWLEDGE ABOUT THE SPECIFIC ATTACK IS NEEDED !
HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2013. 23 TYPICAL APPLICATIONS SMART FIREWALL IDS / IPS
ECU ECU ECU
ECU ECU ECU ECU
GATEWAY
ECU ECU ECU
ECU ECU ECU
ECUSHIELD installed on Gateway ECU acting ECUSHIELD installed on one of the ECUs as both an IDS and as a Firewall acting as either an IDS or and IDS/IPS
HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2013. 24 PRODUCT HIGHLIGHTS
Easily embedded into No redesign - integration Built for low resources Built-in Secured update Single installation provides proprietary systems and into existing CAN and real-time mechanism full mitigation capability various OS architectures environments “Cooperative Mitigation”
NO PREVIOUS KNOWLEDGE ABOUT THE SPECIFIC ATTACK IS NEEDED !
HARMAN INTERNATIONAL COPYRIGHT 2013. 25 TCUSHIELD
HARMAN International. Confidential. Copyright 2016. 26 TCUSHIELD KEY FEATURES
• Secure Telematics based on existing hardware • 24/7 monitoring & prevention • Zero installation downtime • Always updated • What does it do ?
• Identify the malicious communication
• Selectively blocks communication in real-time
• Provide information for further analysis
• Safe-guards the in-vehicle network against compromised TCU/IVI
HARMAN INTERNATIONAL COPYRIGHT 2013. 27 TCUSHIELD KEY FEATURES
TCUSHIEL TCUSHIEL D D CAN M2M
CAN Telematics/ CAN BUS Controller IVI MDM CELLULAR Application
HARMAN INTERNATIONAL COPYRIGHT 2013. 28 INTEGRATED INTO EXISTING TSP INFRASTRUCTURE
HARMAN INTERNATIONAL COPYRIGHT 2013. 29