Professional Documents
Culture Documents
Automotive Cybersecurity Webinar: Agenda
Automotive Cybersecurity Webinar: Agenda
Webinar
@VectorVCS
V1.0 | 2019-03-17
Agenda
1. Welcome
2. Challenge Cybersecurity
4. Case Study
2/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Welcome
Why Vector Consulting Services?
www.vector.com/consulting Transport
www.vector.com/consulting-career
3/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Welcome
Vector Offers the most Complete Portfolio for Security/Safety
Consulting
• SecurityCheck and
AUTOSAR Basic Software Tools
SafetyCheck
• PLM with PREEvision
• TARA
• Architecture
• Security concept
• Test
• Code analysis
• Diagnosis
• PenTesting
• Virtual Security Manager HW based Security
www.vector.com/security
4/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Agenda
1. Welcome
2. Challenge Cybersecurity
4. Case Study
5/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Challenge Cybersecurity
Vector Client Survey 2019: The Fight of Two Forces
60% Competitiveness
Mid-term challenges
Safety
Quality / Security
50% Innovation Efficiency
Distributed teams
Connectivity
40% Digital Competences
transformation
30% Complexity Innovation
20% Flexibility
Compliance
10%
Vector Client Survey 2019.
Others Short-term challenges Details: www.vector.com/trends.
Horizontal axis shows short-term challenges;
0% vertical axis shows mid-term challenges.
Sum > 300% due to 5 answers per question. Strong
0% 10% 20% 30% 40% 50% 60% 70% validity with 4% response rate of 2000 recipients from
different industries worldwide.
Vector provides tailored consulting solutions to keep OEM and suppliers competitive:
Efficiency – Quality – Competences
6/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Challenge Cybersecurity
ACES (Autonomy, Connectivity, e-Mobility, Services) Cyberattacks Hazards
Command injection,
data corruption, Man in the
OBD DSRC
back doors middle attacks
4/5G Trojans,
Physical attacks, Ransomware Password
Sensor confusion attacks
Rogue clients,
malwarePublic Clouds
Application Service
vulnerabilities Provider
Challenge Cybersecurity
Combined Safety and Security Need Holistic Systems Engineering
ISO 26262 ed.2 refers to shared methods, e.g. TARA Security Safety
Safety Security
Implemen- Implemen-
Verification Verification
tation tation
+ Security
architecture
(ISO 27001, ISO 15408, ISO 21434, SAE J3061)
methods
Threat and risk mitigation
data formats & functionality
Abuse, misuse, confuse cases
Security engineering
For (re) liable and efficient ramp-up connect security to safety governance
9/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Challenge Cybersecurity
Standard ISO 21434: Automotive Cybersecurity
Planning
Kickoff - 17.10.2016
Currently: Committee Draft
Release: 2020 (most probably)
Approach
Risk-oriented approach following the
Vector method for the whole lifecycle
of the product, i.e.:
Concept/design phase
Product development
Production (roll out)
Operation
Decommissioning (roll over)
Focus on governance. ISO 21434 does NOT prescribe any technology or solutions
10/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Challenge Cybersecurity
Vector SecurityCheck with COMPASS
Agenda
1. Welcome
2. Challenge Cybersecurity
4. Case Study
12/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Security Engineering Starts with Systematic TARA
Technical Security
Security Concept Validation
Security Security
Implementation Verification
Safety
Safety
Technical Security
Security Concept Validation
Security Security
Implementation Verification
Preliminary
Security Goals TARA
Architecture
Security
Security Concept
Requirements
Refined
Architecture
Security Technical Security
Mechanisms Concept
16/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Determine Necessary Security Level with TARA Results
Opportunity
Effort
Effort
Safety
Asset / CIAAG Attack vector Potential effect of Threat SGID
Operational
Window of
Impact Level
WoO
Expertise
Expertise
Threat
Threat level
low=1)
Privacy
Financial
Equipment /
(high=4;
Asset ID
Threat ID
numerical
numerical
numerical
numerical
Vehicle attack
Function
Ast 01 Safety- Avail Availability: Attacker floods Attacker disables engine Tht-1 Not further considered on advice of Layman 0 Critical 0 Standar 0 0 4 No No No No No n/a
Mechanisms CAN-Bus and thereby tries control during an client because the HU is rated QM d injury impact impact effect impact
to disable vehicle primary overtaking maneuver if with respect to ISO 26262.
functions. system can impact safety-
critical functions.
17/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
OEM Supplier
Market Requirements
Why?
Functional Security
Requirements (FSR) How? FSR
Technical
Security
TSR Requirements
(TSR)
“Security out of context” does not work. Establish OEM-supplier interface, similar to DIA.
OEM: system security concept, key management
Tier 1: security concept, assumptions to OEM
18/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Security Requirements and Traceability
T ask
Indi cati ons Indi cati ons M em ory bl ock Abstract m em ory
T ransm i t Indi cati ons Veri fi cati on Data Processi ng Stream Output operation operati on M em ory I/O
Seed/Key
M em ory bl ock
T ri gger T i m er T ask T ransmi t Indicati ons Data Processi ng Stream Output M em ory I/O
operati on
Watchdog Timer Communication Stack Data Processing Delta Dow nload M ultiple M emory I/O
Library M anager
Abstract
m em ory
Seed/Key Veri fi cati on Decrypti on Decompressi on operati on M emory I/O M em ory I/O
requirements Analysis
19/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Security
Security Verification
Implementation
Diagnostic
Interface
Instrumen Head Unit 4G
t Cluster DSRC LTE
Powertrain
DC CU
Central Connectivity
Chassis Gateway Gateway
DC Laptop
Body Tablet
DC
Smart-
phone
Smart
ADAS Chargin
DC g
21/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Security
Security Verification
Implementation
22/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Security by Design: Secure Coding
Goal
Avoid design and code errors which
can lead to security exploits
Approach
Use a hardened OS with secure partitioning
Avoid embedded Linux due to its complexity and
rapid change and thus many security gaps,
(e.g. NULL function pointer dereferences, which allow hackers
to inject executable code).
Deploy secure boot strategy
Starting with first-stage ROM loader with a pre-burned cryptographic key, the next levels are
verified before executing to ensure authenticity of each component of the boot
Apply rigorous static code analysis
Tools like Coverity, Klocwork or Bauhaus allow security checks, such as NULL pointer dereferences,
memory access beyond allocated area, reads of uninitialized objects, buffer and array underflows,
resource leaks etc.
Use modified condition/decision coverage (MC/DC)
Detect backdoors
23/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Goal:
Separate security privileged functions
from the applications of the ECU by
hardware Controller
Secure Zone
Approach:
Secure Hardware Extension SHE – Secure Hardware Extension
On-chip extension to
AES
microcontroller
Secure Boot directly triggered by Control
CPU
hardware upon start Logic
RAM + Flash + ROM
Pre-shared cryptographic key
Memory for secure storage of
(cryptographic) data
Hardware extension for Peripherals (CAN, UART, ...)
cryptographic primitives
24/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Safety and Security by Design: MICROSAR 4.3ff and FBL
KeyM1 Application
FBL Application
RTE
MCAL EXT
25/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Security
Security Verification
Implementation
26/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Safety and Security by Design: Implementation, Verification and Validation
Design
Defensive coding, e.g. memory allocation, avoid
injectable code, least privileges
Selected programming rules such as MISRA-C, CERT
High cryptographic strength
in line with performance needs
Key management and HW-based security
Awareness and governance towards social engineering
Classic coverage test is not sufficient anymore. Test for the known – and for the unknown.
Ensure automatic regression tests are running with each delivery.
27/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Fuzz Testing
Competences
Fuzzing the Application SW, Grey box analysis
Brute-force CAN Fuzzer Fuzz Testing
Code Analysis
CQA, Coverage (e.g., VectorCAST)
Design, architecture, (opt) defect analysis
Competences Processes
Inhouse capabilities, person/teams etc.
28/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Practical Guidance and Vector Experiences
Vector Grey-Box PenTesting
By taking our TARA as input, We put our focus into the Flash asset and with
physical access to the board we initiate an attack to read the contents of the
flash during runtime
Rather than brute force PenTest, we use in our test labs grey-box PenTesting based on
TARA, misuse cases and broad Vector networking competences
29/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
30/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Agenda
1. Welcome
2. Challenge Cybersecurity
4. Case Study
31/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Case Study
Advanced Driver Assistance System – Overview
Case Study
ADAS Basic Functions
(simplified use cases)
Level of Analysis
Warn driver when vehicle is getting too
ADAS function is defined
close to preceding vehicle
Function level
Warn driver if vehicle is leaving the (implementation-independent,
driving lane function-focused)
Probably, other risk
Perform action such as counter-steering assessment stages
or braking to mitigate risk of accident before or after
this step
32/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Case Study
ADAS – Step 1: Assets
Case Study
Asset Attack Threat
is performed causes
against
requires is
reduced by
has
value for Attack Potential Security Goal
is achieved by
has
33/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Case Study
ADAS – Step 2: Threat and Risk Analysis (TARA)
Case Study
Assessment
Assess attack potential (Vector SecurityCheck, STRIDE, etc.)
consider expertise required, window of opportunity, equipment required
Use external (!) expert judgment
Identify attacks without taking into account potential security mechanisms
Attacks
A1-AT1: Messages for braking are blocked.
A1-AT2: Messages are replayed.
A2-AT1: Safety mechanism, no lane keeping during manual take-over, compromised and not
working.
Threats
A1-AT1-T1: Vehicle does not brake although the driver presses the braking pedal.
(Possible injuries in case failure of braking leads to an accident.)
A1-AT2-T1: Display of warning messages with high frequency and without reason.
(Replay of warning messages at critical situations can lead to erroneous
A … Asset
behavior and massive driver distraction.)
AT … Asset Attack
A2-AT1-T1: Lane is kept during manual take-over.
(Heavy injuries because of failed take-over.) T … Threat
34/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Case Study
ADAS – Step 3: Security Goals
Case Study
35/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Case Study
ADAS – Step 3: Security Requirements
Case Study
Security goals are high level security requirements
36/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Case Study
ADAS – Step 4: Security Mechanisms (1/3)
Case Study
Braking while driving with
speed > 10 km/h
OR
OR
Plausibility Checks,
Overtake Brake Manipulation of Radar e.g. Vehicle Speed,
ECU Object on CAN Bus Engine_Status
AND
Case Study
ADAS – Step 4: Security Mechanisms (2/3)
Case Study
Secure Implementation
(e.g. Standard Architecture, Design Rules, Coding Guidelines, Process Rules, etc)
Reduce likelihood of
attack
39/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Agenda
1. Welcome
2. Challenge Cybersecurity
4. Case Study
40/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Conclusions and Outlook
Safety and Security Must Cover the Entire Life-Cycle
Development Services
Safety
hazards
and
security
threats
Secured Monitoring
supply chain and upgrades
Production Operations
41/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
43/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Date
3. April 2019
Event location
Stuttgart, Germany
Free registration:
https://consulting.vector.com/vc_eve
nts_detail_en,,,1695056,detail.html
Topics
Experiences in security projects with
cybersecurity at OEMs and TIER1s
Interaction between functional safety
and cybersecurity
COMPASS practical demo
Trends and guidance: PenTesting,
test, cryptography and security
standards
Networking, exhibition and discussion
with Vector product specialists
44/45 © 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-03-17
Thank you for your attention.
For more information please contact us.