HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST
17+ 200+ 70+ 5 YEARS IN AUTOMOTIVE TOP NOTCH LOCATIONS EMBEDDED SOFTWARE PROFESSIONALS AROUND SOFTWARE PROJECTS BUILDING THE GLOBE BUSINESS DELIVERED THE PRODUCTS SHANGHAI OFFICE IN 2017 H2 SHENZHEN OFFICE IN 2017 H2
CONTENTS • Connected vehicles • What is security? • Security solutions • What’s next?
CONNECTED VEHICLES
CONNECTED VEHICLES • Connected car market is experiencing rapid growth • There’s a need for secure and safe solutions Source: Gartner
CONNECTED VEHICLE DEVELOPMENT MODEL Connected Vehicle Vehicle Computer and Platform SDK
CONNECTED VEHICLES Vehicle services Mobile appli- cation Internet Vehicle Computer Mobile user Fleet application Third party services Fleet user
ARCHITECTURE Internet Applications Operating System Vehicle Network Platform
APPSTACLE PLATFORM • European collaboration project for open connected car architecture • Link Motion is promoting AGL
APPSTACLE ARCHITECTURE cloud & OTA manger ECU OTA downloading tool APPS services application IDS car-to-cloud Application runtime communication Authentication/Encryption Permission Control APPSTACLE API QoS Monitoring communication services app-platform network IDS in-vehicle ex-vehicle connectivity connectivity in-vehicle in-vehicle communication OTA APPSTALCE manager platform boot loader in-vehicle Source: APPSTACLE ITEA program
WHAT IS SECURITY?
PROTECTION OF ASSETS Vehicle theft Exposure Severity Controllability Threat Assets Security SAE J3061 technologies Distraction ISO 15288 Loss of control
ASSETS • Assets in connected vehicle – Data. If data has been compromised, it can lead to hijacking of vehicle, lost property or manipulation of operation. Examples of data include remote control keys, maintenance data, routing information – Privacy. Lack of privacy can lead to uncomfortable situation or expose user to greater security risks. Examples of privacy assets include location information, route history and consumer habits – Control. Loss of control can lead to unwanted behaviour of vehicle during driving or even hijacking of passengers inside the vehicle. Loss of control also compromises owner’s ability to use car • Tangible and intangible
THREATS • Ransomware • Publicized vulnerability • Leakage of privacy data • Blocking use of system => Remotely attack fleet SECURE & CONNECTED
SAFETY AND SECURITY Source: SAE J3061
SECURITY SOLUTIONS
SECURITY FEATURES • Modularity and layering • Hierarchical protection ECU Vehicle Secure • Attack surface Access Container ECU minimization Controller Internet CAN Connected • Least privilege principle gateway Application ECU • Predicate permission • Defense-in-depth
SANDBOXING OF THE SYSTEM Secure Container IVI OS Auto OS Vehicle Access Controller Unprivileged container Unprivileged container Secure RTOS Microcontroller i.MX6Q+ Main Processor
DEFENSE IN LEVEL 3 DEPTH LEVEL Rich 2 controls 3rd party Secure apps apps LEVEL 1 CAN Music Self-driving • Minimizes impact of successful attacks Data Vehicle V2X visualization Control • Allows protection according to SECURE Instruments needs RTOS Services • Innermost layer (TCB) is Traffic AUTO OS compact and most secure information IVI OS
VEHICLE NETWORK DATAFLOWS Abstract Vehicle Access Auto OS Secure Container IVI OS Interface Controller Very limited access Vehicle Wide access Network Gateway Unprivileged Unprivileged Read access container container / Firewall Configurable Secure RTOS access Microcontroller i.MX6Q+ Main Processor Internet CAN Bus
VEHICLE NETWORK CONTROLLED ACCESS Auto OS Vehicle Access Controller IVI OS Secure Container Vehicle Vehicle Unprivileged Unprivileged Network Network container container Controller Controller Secure RTOS Microcontroller i.MX6Q+ Main Processor Vehicle Network
SECURITY MINDED DESIGN Cloud services PATTERN • Follows automotive Auto OS IVI OS Secure Container Telematics: Instrument Cluster: design patterns IVI: Rich UI controls. Diagnostics Notification FOTA control. engine • Separation of control, critical control and rich control Vehicle Network API • Example: Diagnostics vECU Vehicle Network CAN Bus
HARDWARE SECURITY TECHNOLOGIES ARM TrustZone Secure Key Storage Secure IVI OS Container Auto OS Unprivileged Unprivileged i.MX6Q+ Main Processor container container ARM Cortex-A9 Quad ARM TrustZone Secure RTOS RAM CAAM i.MX6Q+ Main Processor High Assurance Boot and Chain of Trust
MORE SECURITY SOLUTIONS • Vehicle network protection • Cryptography • Intrusion detection system • Open source development model • External partners • Research • Training
WHAT’S NEXT
SECURITY FORMALIZATION • Broader analysis • NIST SP-800, SAE J3061, ISO 15288 • Privacy standards • Integration to processes • Secure System State • Security Taxonomy • Mathematical proofs
SECURITY TAXONOMY Source: NIST SP 800-160
SECURE SYSTEM STATE • Design with safe state (ISO 26262) • Example implementation: – Reference monitor (IDS) – Re-flash from ROM Source: NIST SP 800-160
INTEGRATION TO PROCESSES • ISO 15288 good framework • Code first vs specification • Not just engineering • Aims to enable ‘organizational learning’ -> same breach does not happen twice • Work split between OEM/T1 and AGL ?
MORE SECURITY SOLUTIONS • More cost-efficient solutions enable better security – AGL, APPSTACLE, ASSET • Improve overall level of security • Implement HW solutions with SW • Developer training
SOFTWARE DEFINED CAR CONVENTIONAL SOFTWARE CENTRIC ARCHITECTURE ARCHITECTURE
SOFTWARE DEFINED CAR CONVENTIONAL SOFTWARE CENTRIC ARCHITECTURE ARCHITECTURE
SUMMARY • Connected vehicles are happening now • Need uncompromised solutions – Same as safety • There are plenty of solutions – But none solves it alone • More holistic approach is future
LINK-MOTION.COM info@link-motion.com mikko.hurskainen@link-motion.com kanae.kubota@link-motion.com
Recommend
More recommend
