SESSION ID:

#RSAC

Andreas Wuchner

HOW SECURE IS THE HYPER-CONNECTED CAR?

SBX3-R1

CTO Security InnovationDXC Technology

Dionis Teshler

CTO, Co-FounderGuardKnox

#RSAC

Car hacking is real, 1.4 million cars recall real!

2

#RSAC

Presentation Overview

3

DXC and GuardKnox – the German connectionIntroduction to the modern carThe hyper-connected carHow to secure the hyper-connected car?Summary and Way Forward

#RSAC

DXC AND GUARDKNOX – THE GERMAN CONNECTION

#RSAC

Startup Autobahn – bringing automotive startups and corporates together

5

#RSAC

DXC and GuardKnox demonstration – end-to-end solution in 3 months

6

#RSAC

GuardKnox intro

7

Iron Dome MissileDefense System

Israeli F-16I Program Israeli F-35 Program

Arrow 3 Anti BallisticMissile Defense System

7

#RSAC

INTRODUCTION TO THE MODERN CAR

#RSAC

Not only with Jeeps…

9

#RSAC

And not only with passenger cars…

10

#RSAC

It can also be big business

11

#RSAC

Things become more scary with autonomous driving – LIDAR hacking

12

#RSAC

Things become more scary with autonomous driving – Radar hacking

13

#RSAC

How many computers (ECUs) are there in a modern passenger car?

14

15

40

80

150

0

20

40

60

80

100

120

140

160

2004 2006 2008 2010 2012 2014 2016 2018 2020

# of

ECU

s

Model Year

#RSAC

How many lines of code are there in the modern car?

15

145,000 l i n e s o f c o d e

40,000,000 l i n e s o f c o d e

300,000,000l i n e s o f c o d e

100,000,000 l i n e s o f c o d e

#RSAC

THE HYPER CONNECTED CAR

#RSAC

Beyond complexity, cars are becoming increasingly connected

1711117777

TPMS

VEHICLETO VEHICLE

COMMUNICATION

V2X

OBD II PORTANTI THEFT

KEYLESSENTRY

TELEMATICS

VEHICLETO INFRASTRUCTURE

COMMUNICATION

INFOTAINMENT

#RSAC

Hottest new features in 2018 cars

18

Semi-Autonomous Driving

Advanced Safety

In-Vehicle Wellness

Rich Video/Audio Streaming

Augmented Reality

Feature Rich Bluetooth

Finding Parking

Advanced Rear-seat Infotainment

Noise Level Adjustment

Smarter Smart Keys

#RSAC

Future connectivity will integrate shopping, monitoring, insurance and the dealership

19

#RSAC

“Cars in the future will run on DATA and not Gasoline”

20

Photo: Mercedes Benz

#RSAC

With autonomous capabilities becoming mainstream, vehicle usage model will change

21

#RSAC

The rise of the connected, autonomous on-demand fleets

22

#RSAC

The US is leading adoption of connected and autonomous vehicles

23

Source: Grand View Research

140K

#RSAC

HOW TO SECURE A HYPER-CONNECTED CAR?

#RSAC

Automotive cyber Enterprise cyber

25

Prevent Data TheftBusiness Continuity

99% reliability with false positives

Passenger SafetyVehicle Reliability

99.999%

#RSAC

Key requirements for an automotive security solution – challenging paradigms

26

No constantconnectivity

requiredSecurity fromthe ground up

No humaninteraction

StandaloneOperation

#RSAC

The connected car requires multiple security layers according to functional domain

272772

Direct impact on safety of passengers

Major inputs into safety critical systems

General vehicle systems, environment

Data monetization, Telematics, FMS

Infotainment, Applications, Convenience

•DIONIS TESHLER, GUARDKNOX | AUTOMOTIVE SAFETY AND CYBER SECURITY: THE ROAD TO THE SAFE CONNECTED CAR28 GUARDKNOX PROPRIETARY AND COPYRIGHT © 2018

GatewayECU

System Perspective

INFOTAINMENTECU

RKEECU

ADASECU

V2XGateway

TelematicsGateway

4G

28

#RSAC

Discrete security domains – the “connectivity” domain and the “driving” domain

29

Connectivity

Driving

InfotainmentTelematics

UI/UX

ActiveSafety

EngineManagement Breaks

#RSAC

The “driving” domain requires positive, formal, certifiable and verifiable security

30

•DIONIS TESHLER, GUARDKNOX | AUTOMOTIVE SAFETY AND CYBER SECURITY: THE ROAD TO THE SAFE CONNECTED CAR31 GUARDKNOX PROPRIETARY AND COPYRIGHT © 2018

Defense in Depth

RKEECU

ADASECU

V2XGateway

TelematicsGateway

Connectivity

Root of Trust

ADAS

Isolate Safety Critical ECUs

Verification ofSensor Data

GatewSecure Data

Handling + Privacy

Gaaaaaattttttteeeeeewway

CertificateManagement

3rd Party Application Sandboxing

INFOTAINMENTECU

4G

31

#RSAC

Connected fleet operations center and SOC will become key in fleet management

32

#RSAC

Regulation and standardization are playing a major role in cybersecurity for automotive

33

Future thought: Consumer Security Rating

Automotive security standards – ISO 21434

Legislation – SPY CAR act

#RSAC

SUMMARY AND WAY FORWARD

#RSAC

The threat is real! And it will get worse…

35

#RSAC

Automotive architecture will need to incorporate robust security from the ground up

36

Defense-In-Depthapproach

Incorporate securityinto communication and

sensors (incl. V2X)

Automotive-readyoperations center

#RSAC

RKEECU

ADASECU

V2XGateway

TelematicsGateway

Connectivity

Root of Trust

ADAS

Isolate Safety Critical ECUs

Verification ofSensor Data

GatewSecure Data

Handling + Privacy

Gaaaatetetetetewaw y

CertificateManagement

3rd Party Application Sandboxing

INFOTAINMENTECU

4G

Where do we start? Secure Separation!

37

ADASECECUU

#RSAC

What can we do as consumers? (Apply Slide)

38

BE AWARE that modern cars are connected and thus vulnerable

Security research on your next car – make security a part of your buying decision

Join the automotive cyber security community – need for security professionals in the automotive industry is growing

Be weary of plugging things into the OBD port, especially while driving!

#RSAC

Practical user guide for buying a secure car

39

Carburetors for Security

Buy track ready

More cylinders foradded resilience

SESSION ID:

#RSAC

Andreas Wuchner

THANK YOU!

SBX3-R1

andreas.wuchner@dxc.com+41-79-547-3908

Dionis Teshler

dionis@guardknox.com+1-213-599-6261