The Automotive Cyber-Threat: What the Future Will Bring Us?
Alain Baritault VP Business Development Sophia Antipolis - June 17, 2019 Introduction and Agenda
Automotive sensors and on- Today’s Topics: board systems have either • Increasing Risks of Data weak or zero cybersecurity Hacks in Automotive protection • Current Status of cars and standards for data security • Areas of Vulnerability This has resulted in life ▪ LiDAR exposure endangering situations, ▪ Personal Data exposure personal data theft, and loss of ▪ Future vulnerabilities with V2X privacy. • Encryption Options ▪ Asymmetric vs Symmetric encryption ▪ Comparison of AES vs SPECK • Suggested Security Model for Automotive iotaBEAM_ETSI Security Week 2019 2 Increasing Risks of Data Hacks in Automotive All new cars today come equipped with plenty of electronic systems such as ECUs (Electronic Control Units), CANbus (Controller Area Network Bus) and OBD (On-Board Diagnostics), which are easy targets and present disproportionate security and data privacy risks. Real time data captured by ECUs and transported over the CANbus can be tampered wirelessly or via the OBD. It is an enormous security risks in today’s intelligent cars Sensitive Personal Information is stored and/or used in the car such as contact information, calls & messages, credit card info for toll payments, etc. which can be stolen Real-time data and personal information in cars need to be secured: extending security to them is a must! iotaBEAM_ETSI Security Week 2019 3 Standards in Automotive for securing the data The development of an ECU involves both hardware and software required to perform the functions expected from that particular module. Automotive ECU's are being developed following the V-model.[1] Recently the trend is to dedicate a significant amount of time and effort to develop safe modules by following standards like ISO 26262.[3]
ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems in production automobiles defined by the International Organization for Standardization (ISO) in 2011.
iotaBEAM_ETSI Security Week 2019 4 Automotive Electronic Systems in a changing environment
The car is a mobile system in a constantly changing environment.
Its interactions with its environment need to be globaly secured.
iotaBEAM_ETSI Security Week 2019 5 Examples of Automotive Hacking ATTACK WHAT IMPACT METHOD Saturation and Spoofing Accident OTA connect LIDAR False data " fake dots" Accident OTA connect
RFID Tag Financial Data Wireless FASTRAK Fastrak hacking tools Financial Data Wireless Financial data, location RFID Tag Wireless TOLL PAYMENT privacy GARAGE DOOR Garage door code Home robbery Wireless
ACCELERATOR Jeep Cherokee Wireless
BMW Connected Drive Theft Wireless ACCESS Volkswagon Theft Wireless
Entire system, financial Tesla OTA Wireless CANBUS data, privacy Subaru WRX Wireless Doors, lights, Personal Wireless STARLINK link Data, Financial, Privacy Cripple diagnostic system, Audi TT MITM OTA OBD PORT shut off any ECU remotely Infotainment system, HEAD-UNIT (IVI) Stereo MP3 player spying with camera, MP3 file privacy iotaBEAM_ETSI Security Week 2019 6 Example of auto sensor vulnerability
LiDAR systems are critical for collision avoidance or computer aided parking can be fooled or hacked
https://www.blackhat.com/docs/eu-15/materials/eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers.pdf
iotaBEAM_ETSI Security Week 2019 7 Examples of User Data Theft
HACK IMPACT Contact information, data, cross- Private communications references Contact information, data, cross- Home communications references PersonalComputers Private data, passwords Health data/history Health privacy Financial Financial data, accounts, assets data/transactions Keystroke access for Access to private accounts passwords Camera monitoring of Stalking drivers, family , abuse of privacy vehicle occupants Aftermarket camera Detailed location of destinations, home monitor of car route/travel Microphone monitoring Stalking drivers, or abuse of privacy live conversations GPS data Detailed location and calendar data Home cameras/monitors Stalking driver's home and family Home sensor data: fridge, Hacking control of HVAC and energy energy systems Home DVR Control of driver's home entertainment https:/ / www.blackhat.com/docs/eu-15/ materials/ eu- In-auto infotainment Control of driver's entertainment 15-Petit-Self-Driving-And-Connected-Cars-Fooling- Access to Cortana or Migration of Cortana and Alexa from home Sensors-And-Tracking-Drivers.pdf Alexa Assisttants: to automobile exposes all of user's personal tastes, music personal data due to 24x7 listening of user browing, travel, browsing in home or in vehicle. history, food, restaurants Toll/Parking data/dates Access to driver banking and credit data Garage door access times Allow thieves to plan robberies
iotaBEAM_ETSI Security Week 2019 8 Hackers have many entries Data circulating on the CANbus are not encrypted
All input and output data Must be verified and secured iotaBEAM_ETSI Security Week 2019 9 How to secure CANbus ? Choice…!
• Design new CANbus ( new standard? Diff’t CANbus per mfg?)
• Add Security Controller on CANbus ? Need to change all ECU communications.
• Retrofit existing ECU with small footprint security mechanism transparent to CANbus
• Encrypt data on the CANBus
iotaBEAM_ETSI Security 10 Week 2019 Optimal Encryption Options
Asymmetric vs. Symmetric Keys Asymmetric: More complex and demanding in calculations and power Use RSA, Diffie-Hellman, ECC, DSA, etc. for key resolution Stronger, but require multiple message exchanges and subject to MITM attacks Symmetric: Simple, less demanding in calculations and power, and fast Use RC4, DES, AES, 3DES, SPECK/SIMON, etc. for encryption Strong, lightweight and fast, does not require exchange of keys or authentication but you need to embed keys on devices at factory AES vs. SPECK/SIMON Cryptographic Algorithms AES is currently the most commonly used encryption standard; more general-purpose algorithm SPECK/SIMON is more power and space efficient than AES; it requires less CPU cycles per byte and is designed for constrained environments. SPECK/SIMON specification ISO/IEC 29167 has been recently published Recommendation: Symmetric Keys with SPECK/SIMON encryption for fast response time and highly constrained environments.
iotaBEAM_ETSI Security Week 2019 11 Optimum Encryption for Automotive
Comparison Symmetric Encryption Asymmetric Encryption Factor Number of Asymmetric Encryption consists of two Symmetric encryption incorporates only one key for Cryptographic cryptographic keys. These keys are regarded encryption as well as decryption. Keys as Public Key and Private Key. Symmetric encryption is a simple technique Contribution from separate keys for encryption Complexity compared to asymmetric encryption as only one key and decryption makes it a rather complex is employed to carry out both the operations. process. Because of encryption and decryption by two Swiftness of Due to its simplistic nature, both the operations can separate keys and the process of comparing Execution be carried out pretty quickly. them make it a tad slow procedure. • RC4 • RSA • AES • Diffie-Hellman Algorithms • DES • ECC Employed • 3DES • El Gamal • QUAD • DSA • SPECK/SIMON
• STRONG, BUT REQUIRES MULTIPLE • STRONG AND FASTEST METHOD AS DOES CONCLUSION MESSAGES EXCHANGED, SO SLOWER NOT REQUIRE EXCHANGE OF KEYS AND MORE EXPOSED TO HACK ATTACKS
iotaBEAM_ETSI Security Week 2019 12 AES vs. SPECK Speed Tests
AES SPECK
https:/ / pdfs.semanticscholar.org/ 4c9a/ f4 CONCLUSIONS b266ed108c04847241ed101ff4cdf79382.pdf • AES requires more CPU cycles to process/ byte • This delays encryption/ decryption of critical auto sensor data • Even millisecond delay is dangerous in automobile iotaBEAM_ETSI Security Week 2019 13 Proposed Security Method
EASILY INTEGRATED ON EXISTING ECUs and CANbus. No redesign or forklift
WIRELINE and WIRELESS AGNOSTIC
PROTOCOL AGNOSTIC
Eliminates complicated certificate, multiple authentications, or extra HW
SPECK/SIMON with symmetrical encryption benefits. NEVER BEEN HACKED
TINY FOOTPRINT and NEGLIGIBLE POWER CONSUMPTION
WORK ON SIMPLE 8-bit CPU/MCU
LOW LATENCY: Less time to encrypt/decrypt, critical where safety is crucial
Hard to hack: dynamic rotation or partial change of keys
Security Consortium roles:
Adapt specifications to suit industry needs (e.g. key length, key rotation)
Monitor and analyze all hacks for all members. Share results. 14 Summary of Main Features
Small software footprint cipher √ size of a Tweet: 140 characters
Non-computational intensive √ add-rotate-xor (ARX) cipher
Low power for the encrypt/decrypt √ virtually zero impact on power budget
Symmetrical keys √ does not require authentication e.g Diffie-Hellman
Support for 8-bit CPUs √ can work on 8-Bit Atmega128
Support for very short data messages √ can support <24byte messages
No message exchange for keys √ immune to “Man in the Middle” attacks
Quantum hack resistant √ see Grover’s Algorithm; also Perfect Forward Secrecy
Non-TCP/IP dependent √ work with simpler ICS/IoT protocols; data is unframed
Simple to develop (uncomplicated) √ no complex math or rounds required
Low design impact √ no need for special HW; overlay on existing design
Wireless agnostic √ unframed data at Layer 2; any wireless agnostic
iotaBEAM_ETSI Security Week 2019 15 Suggested Security Model
Consortium for Security
Machine Learning/AI ANY DEALERSHIP detect hacks, share Pre-checkout auto-procedure Register sensors IoT Equipment Registry (IER) 3 register sensor Auto-Register Keys 2 Auto-Activate sensors Purchase IOT Decrypt Server (IDS) Decyrypts and 8 forwards data to 4 Service Provider 9 7 5 Personal, Financial data encrypted On the road As needed Banks Home Services Shopping Services Toll Services 1
6 Auto-parts encryption Keys embedded During manufacture, Sensors provided to auto encrypt/decrypt on manufacturer, then CANbus deleted 10 iotaBEAM_ETSI Security Week 2019 16 THANK YOU!
KISS - Keep It Simple & Secure!
Alain Baritault [email protected] www.iotabeam.com
Sophia Antipolis - June 17, 2019