cross-domain security issues for connected … lopez, mohammad al faruque advanced integrated...
TRANSCRIPT
Anthony Lopez, Mohammad Al Faruque
Advanced Integrated Cyber -Physical Systems Lab
Cross-Domain Security
Issues for Connected
Autonomous Vehicles
Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles 1
Outline
Overview on Connected Vehicle Security
Ongoing Work
Future Work
2Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Cross-Domain Security Framework
PC
C
P
Cyber Physical
Cyber
Physical
Remote vehicle access
Emitted sounds from 3D printer
Virus/ SQL Injection/ Buffer
Overflow/ Etc.
Physical sabotage
3
Impact Domains
Att
ac
k D
om
ain
s
Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Connected Autonomous Vehicles
4Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Smart Transportation
(combination of
collaborative and
autonomous actions)
StrongWinds
Requirements
oFunctionality
oExtensibility
oSecurity
Attack Model Attacker is knowledgeable about the targeted
components
oUnderstands networking protocols, hardware,
software, vulnerabilities, control mechanisms
Attacker has sufficient (but not infinite) resources
(vehicle, computing device, packet sniffer, etc.)
oTo communicate with legitimate vehicles
oTo inject code, packets and/or spoofed signals
oQuantifying this is a challenge!
5Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Applications
o Infotainment (Media, Bluetooth, 3G), Navigation, Cruise
Control, Platooning
Internal Network
o CAN, LIN, MOST, FlexRay, TPMS
External Network
o Key Fobs, OTA Updates,
V2X (V2LC,DSRC,WAVE, Toll, IoT)
Hardware
o ECUs, Sensors, Electro-Mechanical Components, Signals
Access Points
6Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Telematics
V2X Comm.
Sensors
Sensors
Abstracted View of Automotive System
Internal Network Sensors
Infotainment
Cyber Domain Attacks Intrusive: Message Falsification/Replay/
Spoofing/Fuzzing
DSRC/WAVE/Telematics/LIDAR/RADAR/TPMS [1-4]
Intrusive: Remote Control of Vehicle
Infotainment/Telematics/Internet/OTA Update [1-4]
Nonintrusive: Eavesdropping
DSRC/WAVE/TPMS/CAN (over EV charging station)
[1-4]
7Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Physical Domain Attacks Spoofing/Jamming/DoS/Delay/Replay
oTire Pressure Monitoring System (TPMS) [6], MEMS
accelerometers and gyroscopes (with acoustics) [7]
oTelematics: GPS (on boats and UAVs), LIDAR (with
laser pointer), RADAR, camera [1-4]
oMechanical and Electrical Components (e.g., brakes,
battery system) [8-11]
8Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Our Work
Case Study: Physical Layer Key Generation for V2X
Communication
More Work:
Security-Aware Functional Modeling
EV Battery System Security
Future Work
9Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Physical Layer Key Generation
for Automotive Cyber-Physical
Systems
1Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Symmetric Key Algorithm
Messages
EncryptDecrypt
Symmetric Key Examples
o AES
Advantages
o Fast
Disadvantages
o Deterministic
o Key Management
11Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Alice Bob
Examples
o ECC
o RSA
Advantages
o Key Management
Disadvantages
o Slow
Asymmetric Key Algorithm
Private KeyPublic Key
A A BB
Alice Bob
A
B
A
B
Messages
Decrypt
Encrypt
12Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Hybrid Solution
Advantages
o Efficient after key exchange
o Key management
Disadvantages
o Slow key exchange
o Memory overhead
o Deterministic symmetric key
Private KeyPublic Key
A A BB
A
B
A
B
Symmetric Key
13Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Alice Bob
Decrypt
Encrypt
Related Work
No Variation
Key Generation Based on Indoor Wireless Channel
o Static environment
o Low entropy
Some Variation
Room 1 Room 2
MobiCom 2008: Mathur et al., MobiCom 2009: Jana et al., TIFS 2010: Ye et al.,MobiCom 2010: Patwari et al.InfoCom 2010: Zeng et al.,IEEE Wireless Communications 2011: Ren et al
14Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Our Contributions
Novel Security Solution for Automotive Applications
Automotive Model
o Wireless channel
o Attack model
Key Generation Algorithm
o Reduces overhead
o Keys with more entropy
15Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Alice Bob
Eve
Attack Model
Non-Intrusive Eavesdropper
o Knowledgeable
o Wants to derive key
o More than few wavelengths
apart
16Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Algorithm
o 𝜏𝑠𝑡𝑒𝑝 ≥ 𝑇𝑐
...
Upper Threshold
Lower Threshold
o Number of Samples in
Group: 𝐺𝑠𝑖𝑧𝑒
o Coherence Time: 𝑇𝑐
o Sampling Period
(Step): 𝜏𝑠𝑡𝑒𝑝 ≥ 𝑇𝑐Same Key
Samples
17Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Alice Bob
Probe Signals
o 𝐺𝑠𝑖𝑧𝑒
Experiments – RC Cars
18Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
Car 0
Car 1
Car 2
WifiBluetooth
-35
-30
-25
-20
-15
-10
-5
0
1 51 101 151
RS
S V
alu
e (
dB
m)
Numbers of RSS Values
RSSI measured in Car 0 from Car 1
RSSI measured in Car 2 from Car 1
RSSI measured in Car 1 from Car 0
RSSI measured in Car 1 from Car 2
Experiments – RC Cars
Group Size
Received Signal Strengths
Pair 1: Car 1 and Car 2
Pair 2: Car 1 and Car 0
Generated 64-Bit KeysCar 1 from Car 2 0000001111111111_1111000000000000_
0000011111100000_0000011110000011
Car 2 from Car 1 0000001111111111_1111000000000000_0000011111100000_0000011110000011
Car 1 from Car 0 1100000110000000_0000000100000110_0000000010000000_0000011111111111
Car 0 from Car 1 1100000110000000_0000000100000110_0000000010000000_0000011111111111
Same Keys for Pair 1
Same Keys for Pair 2
19Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
EvaluationSecurity Comparison
Performance and Memory Comparison
SecurityStrength
Performance Overhead (seconds)Code Size Overhead
(bytes)
RSA ECCOur Alg.(2 mi/h)
Our Alg. (20 mi/h)
RSA ECC Our Alg.
80 bits 11.42 1.62 1.725 0.95 6292 3682 331
112 bits 85.2 4.38 2.415 1.33 7736 4812 331
0%
39%50%
67.69%
87%
0%
20%
40%
60%
80%
100%
Pre-dist. Latch-PUF DFF-PUF Our Tech. SRAM-PUF
Av
er
ag
e m
in-
en
tro
py
Pre-Distributed Keys
Hardware PUF
High Entropy
Faster Smaller
67% Min-Entropy10X faster and 20X smaller than RSA1-2X faster and 10X smaller than ECC
20Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16
1
Other Works:
Security-Aware Modeling &
EV Battery System Security
Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Security-Aware Functional Modeling
22Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Electric Vehicle Battery System Security
23Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Figure Taken From Reference 8
EV Battery System Security Solutions?
Battery Authentication
o Deriving unique
signature of the battery
from measurements
Intrusion Detection
o Malicious behavior
detection and
verification
Sensor Attack Prevention
o Detecting anomalies
24Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Battery Authentication
Abstraction
Future Work
V2X Malicious Activity Detection and Prevention
o Applications: Cooperative Adaptive Cruise
Control and Platooning
o Deriving a method to detect malicious behavior
o Is game theory suitable?
o Requires real-time decision making for
security and functionality of the system
25Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
Questions?
26
Thank You!
Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
References
27
1. V. Thing and J. Wu. Autonomous Vehicle Security: A Taxonomy of Attacks and Defences, In iThings-GreenCom-CPSCom-SmartData 2016.
2. K. Thomas, Hackers demo Jeep security hack, 2015, [online] Available: http://www.welivesecurity.com/2015/07/22/hackers-demo-jeep-security-hack
3. C. Miller, C. Valasek, Remote exploitation of an unaltered passenger vehicle, 2015, [online] Available: https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Miller.
4. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security, SEC’11, pages 6–6, Berkeley, CA, USA, 2011. USENIX Association
5. Sandip Ray, Wen Chen, Jayanta Bhadra, and Mohammad Abdullah Al Faruque. 2017. Extensibility in Automotive Security: Current Practice and Challenges: Invited. In Proceedings of the 54th Annual Design Automation Conference 2017 (DAC '17). ACM, New York, NY, USA, Article 14, 6 pages. DOI: https://doi.org/10.1145/3061639.3072952
6. Trippel, T., Weisse, O., Xu, W., Honeyman, P., & Fu, K. WALNUT: Waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017). To appear.
Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles
References
28
7. Rob Millerb Ishtiaq Roufa, Hossen Mustafaa, Sangho Ohb Travis Taylora, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb. 2010. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. 19th USENIX Security Symposium, Washington DC (2010), 11–13.
8. Lopez, A. B., Vatanparvar, K., Nath, A. P. D., Yang, S., Bhunia, S., & Al Faruque, M. A. (2017). A Security Perspective on Battery Systems of the Internet of Things. Journal of Hardware and Systems Security, 1-12.
9. Waszecki, P., Mundhenk, P., Steinhorst, S., Lukasiewycz, M., Karri, R., & Chakraborty, S. (2017). Automotive electrical/electronic architecture security via distributed in-vehicle traffic monitoring. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
10. Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M., Bouard, A., Harris, W. R., ... & Chakraborty, S. (2013, March). Security challenges in automotive hardware/software architecture design. In Proceedings of the Conference on Design, Automation and Test in Europe (pp. 458-463). EDA Consortium.
11. Shoukry, Y., Martin, P., Tabuada, P., & Srivastava, M. (2013, August). Non-invasive spoofing attacks for anti-lock braking systems. In International Workshop on Cryptographic Hardware and Embedded Systems (pp. 55-72). Springer, Berlin, Heidelberg
Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles