automotive intrusion detection and prevention system · pdf fileautomotive intrusion detection...
TRANSCRIPT
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Automotive Intrusion Detection and Prevention System (IDPS)
Continuous Protection as part of the Automotive Security Lifecycle
ConCarForum 2017, Berlin, July 06th 2017
7/11/2017 1
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Introduction
The Holistic Approach
Intrusion Detection and Prevention
CycurIDS and CycurGUARD
Wrap Up
7/11/2017 2
Automotive IDPSAgenda
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 3
ESCRYPT Corporate ProfileA Global and Growing Company
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 4
The Holistic Approach
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 5
Why Automotive Security? – The Trends
A Holistic Approach to Automotive Security
In 2016 and 2017, you'll see a lot of disruptive innovation
built around connectivity and software-defined features in
vehicles. We'll look back on this time and say, ‘That is when
the car business started to change a lot’. This is a
fundamental transitional time.
Greg Ross, global director of business development and alliances for GM
Over 380 million connected cars will be on the
road by 2021.
Automakers are connecting the vehicles they sell
because the connection offers clear business
opportunities.
Consumers are adopting the connected car
faster than expected.
Tech companies will play a major role in the
future of the automotive market.
Fully autonomous cars are only a few years away.
THE TRANSFORMATION OF THE AUTOMOBILE 2016: Forecasts, trends, and analyses
on the disruption of the automotive industry, BI Intelligence, April 2016
„
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 6
Excellent
Automotive
Security
Security for the
entire vehicle life cycle
Security for the
complete vehicle
Security in corporate processes and functions
The Approach
A Holistic Approach to Automotive Security
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 7
A Holistic Approach to Automotive Security
Secure Onboard Communication:
Protect integrity, confidentiality of critical in-vehicle signals
Secure E/E-Architecture:
Use domain separation and securely configured gateways
Secure connected vehicle:
Vehicle firewalls and security standards for external interfaces
Secure ECU:
Protect integrity of ECU software and data
Security for the Whole Vehicle Including Infrastructures
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Security Risk Analysis
Cost-Benefit Analysis
7/11/2017 8
Security for the Entire Vehicle Lifecycle until Phase-out
A Holistic Approach to Automotive Security
Life Cycle of Automotive Security
Security Architecture
Product Design
Infrastructure
Requirements Specification
Testing Specification
Security Products
Customized Software
Infrastructure Implementation
Code Review
Penetration Test
Functional Testing
Secure Production
Environment
Key Injection and Back-end
Registration
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 9
A Holistic Approach to Automotive SecurityWhy Ensuring Continuous Protection?
Continuous Protection
Being able to timely detect and react on ongoing cyber security attacks
Overview of cyber security welfare of the vehicle fleet
Focused and therefore cost-efficient further development of cyber
security strategy and implementation
Fulfillment NHTSA Cybersecurity recommendations and (future)
legal requirements
Avoid potential cyber security recalls due to timely incident response
Warranty cost avoidance of an expensive manual ECU update due to a
cybersecurity issue
Possible revenue generation through cybersecurity warranty plans
Improved customer confidence / loyalty
Improved image/reputation
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 10
A Holistic Approach to Automotive SecurityHow to Ensure Continuous Protection?
Monitoring
Detection
Analysis
Prevention Response
Ensuring continuous protection
Continuous monitoring of attacks in the field
Timely detection of attacks
Offline analysis in the cloud
Forensics by experts
Roll-out of countermeasures via updates
for the entire fleet
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 11
Intrusion Detection and Prevention
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 27.10.2016 12
Intrusion Detection and PreventionWhy does Automotive Security and IDS matters
23th July 2015: First security-related recall campaign
1.4 Mio potentially affected vehicles
Defect: “[…] A successful exploit of this security
vulnerability could result in unauthorized remote
modification and control of vehicle systems […]”
Some more recent examples:
‒ 2015: Demonstrated attacks utilizing aftermarket
OBD dongles connected to cellular networks
permitting to remotely send arbitrary CAN-Messages
‒ 2016: Extension of publication which lead to the
mentioned recall, describing how to circumvent
limitations w.r.t. physical control of the vehicle
Automotive Security is on the political agenda
‒ Automotive Security bill introduced by Senators Markey and Blumenthal
‒ “Security and Privacy in Your Car Act of 2015’’ or the ‘‘SPY Car Act of 2015’’:
Any motor vehicle that presents an entry point shall be equipped with capabilities to immediately
detect, report, and stop attempts to intercept driving data or control the vehicle.
Source: http://www.wired.com
Source: https://www-odi.nhtsa.dot.gov
Source: https://www.congress.gov
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 13
Intrusion Detection and Prevention
The Solution: Intrusion Protection and Prevention (IDPS)
The Solution
7/11/2017
SIEM
Event Database
Analysis Framework
Attack: An attacker identifies and (remotely)
exploits a vulnerability
3
2
1
4
5
Security is not absolute: Although the OEM
included State-of-the-Art security
mechanisms at SOP, e.g. In-Vehicle Firewalls,
the attack might be successful
Intrusion Detection: CycurIDS the in-vehicle
portion of the IDPS solution, detects an
anomaly (potential attack) on the in-vehicle
network, it creates and send an
Intrusion Detection Report
Monitoring & Analysis: CycurGUARD collects
all anomaly reports from the vehicle fleet and
enables security analysts and forensic specialist
to analyze the attack and identify the
vulnerability
Intrusion Prevention: A security update
to remedy the vulnerability will be deployed
to the entire vehicle fleetConnected Fleet
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 14
CycurIDS and CycurGUARD
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 15
CycurIDS and CycurGUARDIn-Vehicle Intrusion Detection System: CycurIDS
CycurIDS
CycurIDS – Intrusion Detection for Automotive
Product features
Monitoring of forwarded CAN traffic & detection of potential attacks (anomalies)
Reporting and logging of anomalies, either locally or to cyber defense center
Heuristic and signature based detection on ECU
Benefits
Ready-to-use software solution and services to
enable in-vehicle intrusion detection for current
and future (e.g. Ethernet based) EE-Architectures
Being able to detect and react on
ongoing cyber security attacks
Continuous reporting and logging of potential
attacks to local ECU software or cyber defense
backend
7/11/2017
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 16
CycurIDS and CycurGUARD
CycurGUARD – Cyber Defense Backend
Product features
Automatized analysis and pre-assessment of event data from your entire connected
fleet to identify emerging threats (Big Data for Automotive Security)
Proprietary analytics engines scour data to identify security events in real-time, then
alert security staff to investigate
Use ad-hoc or pre-built reports to evaluate the safety and security of connected fleet,
identify changes, focus resources on problem areas, and get ahead of developing
threats.
Benefits
Highly available, scalable, secure, robust solution
Secure storage of fleet data
In-depth data investigation tools
Real-time analytics and alerting
Intrusion Monitoring and Analysis: CycurGUARD
Reporting and trending
View of the entire fleet
Drill down into the raw data to find root causes
and develop effective counter-measures
CycurGUARD
7/11/2017
CycurGUARD
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
CycurIDS and CycurGUARDBackend Dashboard
2017-02-14 17
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 18
Wrap Up
[email protected]© ESCRYPT 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 7/11/2017 19
Wrap UpConclusion & ESCRYPT Competencies
Conclusion Automotive Security requires a holistic approach
Continuous protection covers the entire vehicle life-cycle
IDPS and FOTA are vital parts of an continuous protection strategy
Efficient and Effective current In-Vehicle IDPS apply a rule-based approach
The whole IDPS solution includes:
The in-vehicle Software CycurIDS
The IDS Backend CycurGUARD
Future topics in IDS will be: Distribution, Ethernet/IP, Machine Learning
ESCRYPT Competencies
Pioneering automotive security expertise and long-term automotive experience
Worldwide Consulting and Engineering for integration, configuration and customization
Partner for the complete engineering security process and for the entire product life cycle
Outstanding references in series production business