Multilayered Cybersecurity Architecture and Suite Alon Atsmon Vp Technology Strategy

MULTILAYERED CYBERSECURITY ARCHITECTURE AND SUITE ALON ATSMON VP TECHNOLOGY STRATEGY

2 AGENDA

1. Industry Background

2. What We Do

3. The Problem

4. The 5+1 Solution

5. Network Protection

6. Summary

3 WHO WE ARE HARMAN IN NUMBERS

• $6.5 Billion revenues* • 28,000 Professionals worldwide • 5,900 Patents and patents pending • $23 Billion automotive order backlog** • 12,600 Engineers • 51 Design awards in 2014 • 25+ Countries: Americas, Europe • 3 GRAMMY® Awards-AKG, JBL, and Asia Lexicon *Last 12 Months as of December 31 2015 **As of June 30, 2015 • 16+ Legendary brands • 2 Academy Awards MARKET LEADER GLOBALLY DIVERSE INNOVATION LEADER

4 WHAT WE DO

CONNECTED CAR LIFESTYLE AUDIO PROFESSIONAL CONNECTED SOLUTIONS SERVICES

Navigation, Multimedia, Premium Branded Audio products Audio, Lighting, Video Switching Cloud, Mobility and Analytics Connectivity, Telematics, Safety for use at home, in and Enterprise Automation for Software Solutions along with & Security Solutions the car and on the go Entertainment and Enterprises OTA update technologies for Automotive, Mobile and Enterprises LTM Revenue* $2,981M LTM Revenue* $1,975M LTM Revenue* $1,023M LTM Revenue* $583M

EBITDA is non-GAAP measure and excludes restructuring, non-recurring charges and acquisition-related items. LTM = Last 12 Months ending Dec 31, 2015. 5 *Includes intercompany revenues. IN THE MOST ADMIRED VEHICLES

6 WHO WE ARE A CENTURY OF INNOVATION

2004 1999 JBL one of first to HK Soundsticks debut 1953 1975 release audio docks for iPod. at MOMA Harman Kardon Becker launches introduces first FM tuner first car cassette radio 2008 STC joins OHA and enables Android for the CDMA market 1958 1983 1928 Harman Kardon Crown taps JBL to 2002 World’s first talking movie releases the world’s develop first THX licensed system features Lansing’s Three JBL first stereo receiver HD loudspeakers engineers receive 2012 1989 Academy Awards JBL introduces Flip 1953 Digitech Whammy 1970’s first AKG invents world’s 2004 first dynamic cardiod JBL co-develops foot-controlled pitch 2013 Harman microphone the Wall Of Sound shifting guitar pedal STC developed the first dual-sided for the Grateful Dead enables first smartphone for Yota 1949 Bluetooth wireless Crown introduces first 1997 1984 connectivity open reel tape recorder First car 1971 JBL in Lincoln Town Car in the car with built-in power amp radio/CD/nav. DBX brings Premiers as First OEM system realism Branded Car Audio System 2014 of live HARMAN wins 1937 1991 MGM-Lansing sound 1956 performance third GRAMMY System wins first of to 1983 AKG binaural / Sidney Harman buys out two Academy Awards recorded George Lucas selects JBL to products used on Bernard Kardon and music develop the first THX licensed Mir Space Station 2015 creates Harman International theater audio system STC launches Marimba Cloud– World’s 1948 first, most comprehensive cloud based First ever 1987 IoT management platform in-car radio 1969 Martin lights up the JBL powers first of dance floor with disco lights and three Woodstocks fog machines

7 THE PROBLEM

CONNECTED CONTENT CONNECTED SERVICES CONNECTED UPGRADES

COMPLEXITY SECURITY PRIVACY

9 EXPONENTIAL COMPLEXITY

NOT SO DISTANT PAST NOW & THE NEAR FUTURE

BROUGHT / BEAMED- IN • Off-Board Navigation • Music (Phone, USB, BROUGHT / BEAMED- CD / DVD) IN • HFT BUILT-IN • RKE BUILT-IN • CD / DVD • TPMS • HFT • OBD II • On-Board Navigation • On Board Nav • RKE • B-Call, E-Call • Radio (AM/FM/Dig.) • Radio (AM/FM) • OBD II • OTA • RVC • B-Call • Remote Services • Smartphone Integ. • Downloadable Apps • ADAS • V2X

10 POTENTIAL ATTACK SURFACES

JTAG Consumer Device Tools (USB pen drive, Phone)

Dealer Remote Server Diagnostic (Downloadable apps, FOTA image, Tools Telematics Functions) LOCAL HEAD UNIT REMOTE / SOURCES OTHER Platform, Content & SOURCES Networked Connectivity Networks Multimedia V2X Comm. Devices

ATTACK SURFACES Other ECUs CD/DVD/Blu-ray ATTACK VECTORS

GOVERNMENT OEM AFTERMARKET

12 THE SOLUTION

1. SECURE HW PLATFORM TAMPER RESISTANCE

2. HYPERVISOR DOMAIN SEPARATION

3. OS ACCESS CONTROL

1 AUTHORIZATION POLICY 2 3 4. APPLICATION SANDBOXING 4 APPLICATION ISOLATION

5 5. NETWORK PROTECTION INTRUSION PROTECTION

SECURE HARDWARE Ensures product security with trusted execution environment PLATFORM 1. Secure Boot and “Chain of Trust” ensures only authorized SW runs in the system 2. Protected storage and generation of cryptographic keys 3. Can control access to peripherals thru HW Firewall 4. Improves performance thru HW accelerated encryption/ decryption

HYPERVISOR Multiple operating systems on the same hardware 1. Separates environments with different security requirements 2. Isolates the virtual machines using hardware mechanisms 3. Reduces system cost by eliminating the need for a second processor to provide isolation

15 LAYERS 3 AND 4 5+1 CYBERSECURITY ARCHITECTURE

SYSTEM RESOURCE Controls access based on system and functional requirements ACCESS CONTROL 1. Authenticated and authorized access to critical resources and sensitive data 2. Restricted Access to resources as per defined policies

APPLICATION Multiple applications run in isolated environment SANDBOXING 1. Separates “external facing” (vulnerable apps) from other apps in the system 2. Limits system resources usage by each application 3. Limits capabilities of privileged apps

16 LAYER 5 AND OTA 5+1 CYBERSECURITY ARCHITECTURE

NETWORK PROTECTION Secure communication channels and external interfaces 1. Secure, Encrypted Networking 2. Detect and protects against anomalous external data

OTA UPDATABILITY Continuous security of software and digital assets 1. Secure SW updates against exploits and vulnerabilities 2. Reduces risk of eavesdropping and impersonation by updating compromised authentication vectors

17 KEY TAKEAWAYS

CONNECTED CAR BENEFITS COME WITH CHALLENGES

MULTILAYERED SOLUTION NEEDED

OTA AND NETTWORK PROTECTION ARE KEY

ALON ATSMON, VP TECHNOLOGY STRATEGY

[email protected]

HARMAN International. Confidential. Copyright 2016. 20 WHAT IS ECUSHIELD? ECUSHIELD is an embedded software solution which provides an on-board automotive Cyber Security against hacking, intrusion and critical communication disruptions.

ABUSE OF SPOOFING ”LEGITIMATE” SOFWARE EXPLOITS DENIAL OF SERVICE OPERATIONS

Example: Example: Example: Example:

Spoofing of CAN Using Diagnostic Manipulate the Flooding the CAN messages from an commands to cause communication to bus external device / undesired actions exploit compromised ECU vulnerabilities in the code

DETECT NEW MARK THE MALICIOUS MITIGATE THE THREAT IN IDENTIFY THE THREATS COMMUNICATION REAL-TIME THREAT SOURCE

NO PREVIOUS KNOWLEDGE ABOUT THE SPECIFIC ATTACK IS NEEDED !

ECU ECU ECU

ECU ECU ECU ECU

GATEWAY

ECU ECU ECU

ECUSHIELD installed on Gateway ECU acting ECUSHIELD installed on one of the ECUs as both an IDS and as a Firewall acting as either an IDS or and IDS/IPS

Easily embedded into No redesign - integration Built for low resources Built-in Secured update Single installation provides proprietary systems and into existing CAN and real-time mechanism full mitigation capability various OS architectures environments “Cooperative Mitigation”

NO PREVIOUS KNOWLEDGE ABOUT THE SPECIFIC ATTACK IS NEEDED !

• Secure Telematics based on existing hardware • 24/7 monitoring & prevention • Zero installation downtime • Always updated • What does it do ?

• Identify the malicious communication

• Selectively blocks communication in real-time

• Provide information for further analysis

• Safe-guards the in-vehicle network against compromised TCU/IVI

TCUSHIEL TCUSHIEL D D CAN M2M

CAN Telematics/ CAN BUS Controller IVI MDM CELLULAR Application