security patterns for automotive systems
play

Security Patterns for Automotive Systems Betty H.C. Cheng with - PDF document

Jul 01, 2023 •157 likes •327 views

9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview Background Review of threat surfaces Automotive Security Pattern structure Excerpts from Automotive

  1. 9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview • Background • Review of threat surfaces • Automotive Security Pattern structure • Excerpts from Automotive Security Pattern repository 1

  2. 9/16/19 Software Design Patterns • Reuse of successful system designs • Known solution to common problems • Gamma et al. formulation: [1] • Pattern name • Problem addressed • Solution • Consequences of pattern use Security Patterns • Used to manage threats to a given system [2] • Security Patterns research active in several domains: • Distributed Systems [3] • Enterprise Systems [4] • Cloud Computing Systems [5] • Security patterns can be applied to requirements gathering, design and implementation [6] 2

  3. 9/16/19 Previous work on security patterns • Fernandez [2] • Formulation of security patterns for typical enterprise environment • Dougherty et al [7] • Documenting demonstrably security-effective techniques from existing designs • Schumacher et al [8] • Categorize and unify a variety of security patterns • Wassermann and Cheng [9] • Template for security patterns extended to include relation to 10 security principles CAN-Bus Threat Surface • Broadcast protocol available to any attached ECU [10] • Lacks authentication and encryption [10] • Message arbitration is based on a prioritization scheme [11] • Subject to attacks: • ECU injection attacks [12] • Compromising sensitive data [10] • DDOS attacks [13] 3

  4. 9/16/19 V2X Threat Surface • Vehicular Ad-hoc Networks (VANET) allow network nodes to move freely within a range and stay connected [14] • Nodes communicate with other nodes through node hopping, • routing is determined in real-time [15] • Nodes freely enter and leave a given network[15] Other Threat Surfaces • OBD-2 port [16] • Bluetooth network [13] • Telematics System [17] • Key Fob [18] • Media player/ Auxiliary port [19] • Tire Pressure Monitoring System [20 ] • Ad-Hoc V ehicle Networks [21] • Over-the-air firmware updates [12] 4

  5. 9/16/19 Threat Surfaces COMPONENT SURFACE THREA T TYPE OBD-2 Port • Direct Access • Interception • Access via pass-thru • Interruption devise • Modification • Fabrication Key-Fob* • Duplicate Rf-Id chips • Interception • Fabrication • Theft Media Player & Auxiliary • Connected media (e.g. - • Interruption port (e.g. - audio jack or Memory stick, iPods, CD • Fabrication USB port) etc) Dealer Pass-thru device • Connected service • Interruption computer/device • Modification Threat Surfaces (cont) COMPONENT SURFACE THREA T TYPE T elematics Unit • Compromised software • Interception • Compromised connecting • Interruption device • Modification Vehicle Bluetooth Network • Network PIN breakage by • Interception proximal device • Interruption ECU* • Duplicate/malicious non • Modification OEM component • Interruption installation • Fabrication Tire Pressure Monitoring • Intercept broadcast of • Interruption System readings to Dashboard • Fabrication cluster • Interception 5

  6. 9/16/19 Threat Surfaces (cont) COMPONENT SURFACE THREA T TYPE Vehicular Ad-hoc Network • T ransmission from • Interception compromised node to • Interruption another • Fabrication T elematics Service • Service parameters like I.P. • Interception address and subscriber • Interruption identity module (if present) Digital Car Radio • Broadcast data processing • Fabrication • Interruption Template for Security Patterns • Several templates have been used in previous security pattern research: • Security Patterns in Practice [2] • Security Patterns Repository [22] • Security Patterns: Technical Report [9] • We constructed our template following the one defined by Gamma et al for general design patterns and extended by Wasserman and Cheng [9] for security-specific patterns • Incorporation of UML • Incorporation of guiding security principles 6

  7. 9/16/19 Template for Security patterns • Pattern Name and • Constraints Classification • Consequences • Intent • Known Uses • Also Known As • Related Security • Motivation Patterns • Properties • Related Design Patterns • Applicability • Related Security Principles • Structure • Participants • Collaborations • Behavior Guiding Principles • Guiding Security Principles: • Viega-McGraw: Ten principles for building secure software [23] • SAE Standard J3061: Cybersecurity Guidebook for Cyber- Physical Vehicle Systems [24] • Overlaps exist between the two sources • Principles facilitate understanding of Security Patterns and provide security insight [9] 7

  8. 9/16/19 Viega-McGraw Security Principles • V1 - Secure the weakest link • V2* - Practice defense in depth • V3 - Fail securely • V4* - Follow the principle of least privilege • V5 - Compartmentalize • V6 - Keep it simple • V7* - Promote Privacy • V8 - Hiding secrets is hard • V9 - Be reluctant to trust • V10 - Use community resources Source: [23] * Indicates overlap between Viega-McGraw and J3061 SAE standard J3061 • J1* - Protect Personally Identifiable Information and Sensitive data • J2* - Use principle of least privilege • J3* - Apply defense in depth • J4 - Prohibit changes to calibrations and/or software that have not been thoroughly analyzed and tested • J5 - Prevent vehicle owners from intentionally or unintentionally making unauthorized changes to the vehicle’s systems that could introduce potential vulnerabilities Source: [24] * Indicates overlap between Viega McGraw and J3061 8

  9. 9/16/19 STRIDE Properties • Industrial collaborators requested inclusion of Microsoft STRIDE properties [31] for each pattern: Inline with their security-based development process • Commonly used in industry • Threat Property Security Questions Spoofing Authentication Does system use multi-factor authentication? Enforce credential creation, use, and maintenance principles? T ampering Integrity Detect/prevent parameter manipulation? Protect against tampering? Secure design principles used? Repudiation Non-Repudiation Log and verify all user interaction with attribution? Information Disclosure Confidentiality Follow standard encryption for secure connections? Denial of Service Availability Built/tested for high availability? Elevation of Privilege Authorization Support management of all users/privileges? Automotive Security Patterns Repository Pattern Name Description Authorization Manage authorization for use of secured resource Blacklist Prevent suspicious addresses from participating in a network DDoS Redundancy Makes a network more resilient to a (Distributed) Denial of Service Attack (DDoS) Firewall Filters traffic from external entities to allow only authorized uses of a system Multi-Factor Provides redundant authentication scheme and stronger Authentication defense against unauthorized access Multi-level Security Separate levels of access rights in a system Signature IDS Monitor traffic on network for concerning behavior Symmetric Encrypt message so that only intended receiver may read it Encryption Tamper Resistance Deters unauthorized changes to a system Third Party Provides third party validation of a message broadcasted in a Validation network 9

  10. 9/16/19 Characterstics of Patterns in Repository Pattern Appl V1 V2, V3 V4, V5 V6 V7, V8 V9 V10 J4 J5 J3 J2 J1 Authorization P X X X Blacklist P, M X X X DDoS P, M X X X Redundancy Firewall P, D X X X Multi-Factor P X X X Authentication Multi-level P, M X X X X X Security Signature IDS P, D, M X Symmetric P X X Encryption T amper P, D, M X X X X Resistance Third Party D, M X X Validation Sample Patterns from Repository 10

  11. 9/16/19 Authorization Pattern • Classification • Structural • Intent • Facilitate access to protected resource • Motivation • Restricting access to a resource, differentiating access rights • In automotive systems this may be CAN bus, ECU controller interface, etc. • Properties • Can be used to satisfy the Authentication property, and the Authorization property Authorization Pattern • Applicability • Automotive systems where supervision is required • Such management may not exist in system or protocol i.e., CAN bus [11] • Participants • Protection Object • Rights • Subject • Collaborations • Subjects access Protection Objects. • Rights object finds appropriate association between Subjects and Protection Objects 11

  12. 9/16/19 Authorization Pattern • Structure Authorization Pattern • Behavior 12

  13. 9/16/19 Authorization Pattern • Constraints • Performance considerations for authorization protocol • Performing authorization outside shared resource • Consequences • Confidentiality, Integrity, and Availability can all be improved through rigorous rights enforcement • Performance may derogate from extensive rights checking • Additional hardware may incur cost to system • Authorization may limit utilization of shared resources Authorization Pattern • Known uses • Access control unit [25] • Hardware based authorization and authentication system attached to communications bus similar to CAN • Allows for authorization to be done concurrently with bus communication • Hardware allows for faster authentication and authorization protocols • Related Patterns • Checkpoint pattern [9] [26] • RBAC pattern [9] [26] 13

Recommend

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering, John Wiley and Sons Ltd., 2006 Lecture outline What is pattern? What is

1.04k views • 83 slides
Rieter Automotive Systems Presentation by Erwin Stoller CEO Rieter Automotive Systems Sept. 30

Rieter Automotive Systems Presentation by Erwin Stoller CEO Rieter Automotive Systems Sept. 30

Rieter Automotive Systems Presentation by Erwin Stoller CEO Rieter Automotive Systems Sept. 30 / Oct. 1, 2004 Presse- und Finanzanalystenreise 30.9.04 1 Rieter Automotive Systems Agenda 1. Market Development Markets, Products,

542 views • 29 slides
Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria M. Larrondo Petrie Dept. of Computer Science and Eng. Florida Atlantic University www.cse.fau.edu/~security {ed, maria}@cse.fau.edu ICWMC/ICCGI

2.27k views • 184 slides
ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO

ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO

LOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO KASPER, PIERRE PAVLIDES PRESENTED BY JACOB BEDNARD, WAYNE STATE UNIVERSITY CSC5991 MAJOR CONTRIBUTIONS VW Group

668 views • 40 slides
HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems Pieter.willems@silexinsight.com December 2019 This is Silex Insight What we do: IP provider for security and video in embedded systems Headquarters in

408 views • 22 slides
A Paravirtualized Android for Next Generation Interactive Automotive Systems Soham Sinha, Ahmad

A Paravirtualized Android for Next Generation Interactive Automotive Systems Soham Sinha, Ahmad

A Paravirtualized Android for Next Generation Interactive Automotive Systems Soham Sinha, Ahmad Golchin, Craig Einstein, Richard West Department of Computer Science, Boston University Interactive Automotive Systems 2 Interactive Automotive

432 views • 20 slides
Automotive Systems Presse- und Finanzanalystenreise 24./25.09.03 Erwin Stoller CEO, Rieter

Automotive Systems Presse- und Finanzanalystenreise 24./25.09.03 Erwin Stoller CEO, Rieter

Automotive Systems Presse- und Finanzanalystenreise 24./25.09.03 Erwin Stoller CEO, Rieter Automotive Systems Agenda Geschftsgang 01 Strategie 02 Ausblick 03 Presse- und Analystenreise 2003 24./25.09.03 / Sto/JW 2 Rieter Automotive

494 views • 34 slides
Scorpion Automotive Ltd UK based Manufacturer Established in Vehicle Security since 1973

Scorpion Automotive Ltd UK based Manufacturer Established in Vehicle Security since 1973

Scorpion Automotive Ltd UK based Manufacturer Established in Vehicle Security since 1973 Forward thinking automobile company incorporating well-known and trusted brands R & D APQP Meeting Head Office Scorpion Automotive Ltd

477 views • 26 slides
Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems

Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems

Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems Security Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage Telematic Control Units Connects to cars OBD-II port Monitors

1.02k views • 28 slides
How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C workshop Pierre.Girard@gemalto.com Rome, November 14, 2012 Agenda Gemalto introduction Car as a programming platform Safety, security and

179 views • 15 slides
Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of

Chapter 5 Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, April 7, 2015 1 /

458 views • 7 slides
Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Chapter 4 Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March 31, 2015 1 /

131 views • 10 slides
Cross-national patterns associated with adult learning systems: Patterns of participation and

Cross-national patterns associated with adult learning systems: Patterns of participation and

Cross-national patterns associated with adult learning systems: Patterns of participation and outcomes RICHARD DESJARDINS UCLA Department of Education Leuven, Belgium, September 2018 Overview What is meant by Adult Learning Systems?

246 views • 21 slides
Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1

Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1

Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1 Challenges for the automotive industry Cultural: Cyber security is new to the industry They need to get the right structures and

377 views • 5 slides
Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of

Chapter 1 Chapter 2 Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March

794 views • 14 slides
Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio Garcia University of Birmingham Joint work with Roel Verdult, David Oswald, Timo Kasper, Josep Balasch, Baris Ege, Pierre Pavlides The automotive

697 views • 65 slides
Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan

Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan

The Automotive Network Threats Protection mechanisms Conclusion Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan Studnia Vincent Nicomette Eric Alata Yves Deswarte Mohamed Ka aniche Renault

752 views • 40 slides
MULTI-MATERIAL SYSTEMS FOR TAILORED AUTOMOTIVE STRUCTURAL COMPONENTS J. Dau 2 * , C. Lauter 1 , U.

MULTI-MATERIAL SYSTEMS FOR TAILORED AUTOMOTIVE STRUCTURAL COMPONENTS J. Dau 2 * , C. Lauter 1 , U.

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS MULTI-MATERIAL SYSTEMS FOR TAILORED AUTOMOTIVE STRUCTURAL COMPONENTS J. Dau 2 * , C. Lauter 1 , U. Damerow 2 , W. Homberg 2 and T. Trster 1 1 Chair for Automotive Lightweight Construction

460 views • 6 slides
FOR THE AUTOMOTIVE INDUSTRY Based on a paper published on the 15th ESCAR Conference 2017 and can be

FOR THE AUTOMOTIVE INDUSTRY Based on a paper published on the 15th ESCAR Conference 2017 and can be

Adi Karahasanovic Cyber Security Consultant | M.Sc. Combitech AB, Sweden Automotive Cyber Security ADAPTING THREAT MODELING METHODS FOR THE AUTOMOTIVE INDUSTRY Based on a paper published on the 15th ESCAR Conference 2017 and can be found in the

327 views • 22 slides
Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun &

Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun &

15th USENIX Security Symposium | July 31st August 4th 2006 | Vancouver, B.C. - Canada Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun & profit Ivn Arce Core Security Technologies Humboldt

767 views • 41 slides
From Theory to Physical Systems: Putting It Together Automotive Cyber-Physical Systems How do

From Theory to Physical Systems: Putting It Together Automotive Cyber-Physical Systems How do

From Theory to Physical Systems: Putting It Together Automotive Cyber-Physical Systems How do we go from talking about C- spaces, DOF, and control theory to designing a real-life autonomous car? Team MITs Approach to the DARPA Urban

760 views • 27 slides
patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT

patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT

patterns and anti-patterns m e a n s D E P E N D E N C I E S L I A B I L I T Y O P I N I O N AT E D P R O D F O R A L L Firebase Functions User Browser (Auth, Assets, DB, Security) (running Angular) Auth0 Firebase User Browser

609 views • 19 slides
The design of safe automotive electronic The design of safe automotive electronic systems

The design of safe automotive electronic The design of safe automotive electronic systems

EPFL Summer Reserach Institute 2007 July 3-21 2007 The design of safe automotive electronic The design of safe automotive electronic systems systems Some problems, solutions and open issues Some problems, solutions and open issues

879 views • 66 slides
KEY BENEFITS sustainability put the automotive industry under WHEN USING OUR pressure to develop

KEY BENEFITS sustainability put the automotive industry under WHEN USING OUR pressure to develop

Twaron drives Automotive hoses and belts AUTOMOTIVE DEVELOPMENTS Manufacturers in the automotive industry are constantly looking for ways to maintain their competitiveness by getting innovative products to market fast. Safety issues, performance

772 views • 18 slides

More recommend