Feasible car cyber defense - ESCAR 2010

Feasible Car Cyber Defense

Arilou Information Security Technologies LTD.

Arilou Technologies

The modern car

• Sophisticated and computerized• Decentralized electronic system

Usually consists of dozens of computers (ECUs – electronic control units) and sensors

New functionalities – hundreds MBs of code Connected by one or more network segments

• Autonomous cars

The modern car

The rising threat

• ECUs controlled mechanisms Brakes Stability control Airbags …

• CAN bus connected• Rising wave of cyber attacks

Hacking a system

• Demonstrated by US researchers - hack using RDS, Bluetooth and more

• Hack a widespread infotainment system using hostile files With no prior knowledge No budget Goal: estimate the possibility of such scenario

Infotainment Hack

internet

Hacking process

• Understand inner working and get binaries• Reversing the binaries – focus on input parsing• Finding exploitable vulnerabilities

• Implementing the exploit

The result

Conclusion

Cars were designed for safety and functionality – not for Security

The challenge

• Huge number of suppliers• Lots of external interfaces• Every cent counts• Time critical communication• Legacy systems• Zero tolerance for mistakes

Possible solutions

Cryptography

• Confidentiality• Integrity• Authenticity

• Can solve some of the issues The automotive world is far from ideal for this

Cryptography Difficulties• Key exchange and management• Symmetric keys:

Identical to all units – vulnerable Not identical – complicated to manage

• Asymmetric keys: Time and computing complexity – cost PK infrastructure needed

• Maintenance nightmare – for a mission critical solution• Export restrictions• The industry is too decentralized• Does not solve vulnerabilities

Exploit can use the crypto mechanisms to encrypt The more sophisticated the system the larger the attack surface

CAN bus firewall• A rule based CAN bus Firewall

Whitelist Rate limit Authentication

• Independent device Single non-expensive chip aftermarket or integrated SOC Military grade Thoroughly tested

• Architecture As general rule does not require redesign of ECU’s

software or vehicle’s network

Questions?

Feasible car cyber defense - ESCAR 2010

Technology

Optimization III: Constrained Optimizationgraphics.stanford.edu/courses/cs205a/assets/lecture_slides/... · Basic De nitions Feasible point and feasible set A feasible point is any

Technically feasible and Socially acceptable?

A Politically Feasible Architecture for Global Climate Web viewA Politically Feasible Architecture for Global ... of GHG regulation for “competitive advantage” at the ... Feasible

Towards operationally feasible railway timetables

Linear Programming Feasible Region

LISTADO PROVISIONAL DE ADMITIDOS en word - … · nicolÁs dÍaz pÉrez samuel escar jimÉnez lydia escar jimÉnez claudia escartÍn garcÍa ... 8 juan Ángel royo sanz 9 luna pÉrez

Carbon nanotubes becoming economicaly feasible

Is experimentation feasible at MOOCs?

Computing feasible trajectories for constrained ...cor.unisalento.it/notarstefano/publications/pdfs/... · Computing feasible trajectories for constrained maneuvering systems: the

High Court Trials & Trials Under Escar

Feasible Combinatorial Matrix Theory - MFCS2013

Interoperability - is it feasible -

CULTURE AGAINST DISASTERS: FEASIBLE? USEFULL? · CULTURE AGAINST DISASTERS: FEASIBLE? USEFULL? An overturned approcah: saving CL as disasters prevention action is usefull. Is it feasible

Three New Methods to Find Initial Basic Feasible Solution ... · as an initial basic feasible (IBFS) solution. Therefore initial feasible solution is basic solution which affects

Attacking and Defending Autos Via OBD-II from escar Asia

RD Feasible Distillation Regions

Cyber Security, Cyber Intelligence & Cyber Investigation

Feasible Domain Notes

Feasible Study of MRO

Exploring economically feasible and environmentally