info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Automotive Intrusion Detection and Prevention System (IDPS)

Continuous Protection as part of the Automotive Security Lifecycle

ConCarForum 2017, Berlin, July 06th 2017

7/11/2017 1

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Introduction

The Holistic Approach

Intrusion Detection and Prevention

CycurIDS and CycurGUARD

Wrap Up

7/11/2017 2

Automotive IDPSAgenda

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 3

ESCRYPT Corporate ProfileA Global and Growing Company

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 4

The Holistic Approach

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 5

Why Automotive Security? – The Trends

A Holistic Approach to Automotive Security

In 2016 and 2017, you'll see a lot of disruptive innovation

built around connectivity and software-defined features in

vehicles. We'll look back on this time and say, ‘That is when

the car business started to change a lot’. This is a

fundamental transitional time.

Greg Ross, global director of business development and alliances for GM

Over 380 million connected cars will be on the

road by 2021.

Automakers are connecting the vehicles they sell

because the connection offers clear business

opportunities.

Consumers are adopting the connected car

faster than expected.

Tech companies will play a major role in the

future of the automotive market.

Fully autonomous cars are only a few years away.

THE TRANSFORMATION OF THE AUTOMOBILE 2016: Forecasts, trends, and analyses

on the disruption of the automotive industry, BI Intelligence, April 2016

„

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 6

Excellent

Automotive

Security

Security for the

entire vehicle life cycle

Security for the

complete vehicle

Security in corporate processes and functions

The Approach

A Holistic Approach to Automotive Security

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 7

A Holistic Approach to Automotive Security

Secure Onboard Communication:

Protect integrity, confidentiality of critical in-vehicle signals

Secure E/E-Architecture:

Use domain separation and securely configured gateways

Secure connected vehicle:

Vehicle firewalls and security standards for external interfaces

Secure ECU:

Protect integrity of ECU software and data

Security for the Whole Vehicle Including Infrastructures

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Security Risk Analysis

Cost-Benefit Analysis

7/11/2017 8

Security for the Entire Vehicle Lifecycle until Phase-out

A Holistic Approach to Automotive Security

Life Cycle of Automotive Security

Security Architecture

Product Design

Infrastructure

Requirements Specification

Testing Specification

Security Products

Customized Software

Infrastructure Implementation

Code Review

Penetration Test

Functional Testing

Secure Production

Environment

Key Injection and Back-end

Registration

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 9

A Holistic Approach to Automotive SecurityWhy Ensuring Continuous Protection?

Continuous Protection

Being able to timely detect and react on ongoing cyber security attacks

Overview of cyber security welfare of the vehicle fleet

Focused and therefore cost-efficient further development of cyber

security strategy and implementation

Fulfillment NHTSA Cybersecurity recommendations and (future)

legal requirements

Avoid potential cyber security recalls due to timely incident response

Warranty cost avoidance of an expensive manual ECU update due to a

cybersecurity issue

Possible revenue generation through cybersecurity warranty plans

Improved customer confidence / loyalty

Improved image/reputation

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 10

A Holistic Approach to Automotive SecurityHow to Ensure Continuous Protection?

Monitoring

Detection

Analysis

Prevention Response

Ensuring continuous protection

Continuous monitoring of attacks in the field

Timely detection of attacks

Offline analysis in the cloud

Forensics by experts

Roll-out of countermeasures via updates

for the entire fleet

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 11

Intrusion Detection and Prevention

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 27.10.2016 12

Intrusion Detection and PreventionWhy does Automotive Security and IDS matters

23th July 2015: First security-related recall campaign

1.4 Mio potentially affected vehicles

Defect: “[…] A successful exploit of this security

vulnerability could result in unauthorized remote

modification and control of vehicle systems […]”

Some more recent examples:

‒ 2015: Demonstrated attacks utilizing aftermarket

OBD dongles connected to cellular networks

permitting to remotely send arbitrary CAN-Messages

‒ 2016: Extension of publication which lead to the

mentioned recall, describing how to circumvent

limitations w.r.t. physical control of the vehicle

Automotive Security is on the political agenda

‒ Automotive Security bill introduced by Senators Markey and Blumenthal

‒ “Security and Privacy in Your Car Act of 2015’’ or the ‘‘SPY Car Act of 2015’’:

Any motor vehicle that presents an entry point shall be equipped with capabilities to immediately

detect, report, and stop attempts to intercept driving data or control the vehicle.

Source: http://www.wired.com

Source: https://www-odi.nhtsa.dot.gov

Source: https://www.congress.gov

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 13

Intrusion Detection and Prevention

The Solution: Intrusion Protection and Prevention (IDPS)

The Solution

7/11/2017

SIEM

Event Database

Analysis Framework

Attack: An attacker identifies and (remotely)

exploits a vulnerability

3

2

1

4

5

Security is not absolute: Although the OEM

included State-of-the-Art security

mechanisms at SOP, e.g. In-Vehicle Firewalls,

the attack might be successful

Intrusion Detection: CycurIDS the in-vehicle

portion of the IDPS solution, detects an

anomaly (potential attack) on the in-vehicle

network, it creates and send an

Intrusion Detection Report

Monitoring & Analysis: CycurGUARD collects

all anomaly reports from the vehicle fleet and

enables security analysts and forensic specialist

to analyze the attack and identify the

vulnerability

Intrusion Prevention: A security update

to remedy the vulnerability will be deployed

to the entire vehicle fleetConnected Fleet

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 14

CycurIDS and CycurGUARD

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 15

CycurIDS and CycurGUARDIn-Vehicle Intrusion Detection System: CycurIDS

CycurIDS

CycurIDS – Intrusion Detection for Automotive

Product features

Monitoring of forwarded CAN traffic & detection of potential attacks (anomalies)

Reporting and logging of anomalies, either locally or to cyber defense center

Heuristic and signature based detection on ECU

Benefits

Ready-to-use software solution and services to

enable in-vehicle intrusion detection for current

and future (e.g. Ethernet based) EE-Architectures

Being able to detect and react on

ongoing cyber security attacks

Continuous reporting and logging of potential

attacks to local ECU software or cyber defense

backend

7/11/2017

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 16

CycurIDS and CycurGUARD

CycurGUARD – Cyber Defense Backend

Product features

Automatized analysis and pre-assessment of event data from your entire connected

fleet to identify emerging threats (Big Data for Automotive Security)

Proprietary analytics engines scour data to identify security events in real-time, then

alert security staff to investigate

Use ad-hoc or pre-built reports to evaluate the safety and security of connected fleet,

identify changes, focus resources on problem areas, and get ahead of developing

threats.

Benefits

Highly available, scalable, secure, robust solution

Secure storage of fleet data

In-depth data investigation tools

Real-time analytics and alerting

Intrusion Monitoring and Analysis: CycurGUARD

Reporting and trending

View of the entire fleet

Drill down into the raw data to find root causes

and develop effective counter-measures

CycurGUARD

7/11/2017

CycurGUARD

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

CycurIDS and CycurGUARDBackend Dashboard

2017-02-14 17

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 18

Wrap Up

info@escrypt.com© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 19

Wrap UpConclusion & ESCRYPT Competencies

Conclusion Automotive Security requires a holistic approach

Continuous protection covers the entire vehicle life-cycle

IDPS and FOTA are vital parts of an continuous protection strategy

Efficient and Effective current In-Vehicle IDPS apply a rule-based approach

The whole IDPS solution includes:

The in-vehicle Software CycurIDS

The IDS Backend CycurGUARD

Future topics in IDS will be: Distribution, Ethernet/IP, Machine Learning

ESCRYPT Competencies

Pioneering automotive security expertise and long-term automotive experience

Worldwide Consulting and Engineering for integration, configuration and customization

Partner for the complete engineering security process and for the entire product life cycle

Outstanding references in series production business