![Page 1: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/1.jpg)
Preventing External Connected Devices From Compromising Vehicle SystemsVector CongressNovember 7, 2017Novi, MI
Bob Gruszczynski – VWoAOBD Communication Expert
![Page 2: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/2.jpg)
![Page 3: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/3.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 3
•Challenges to OEMs regarding data access•Vehicle data access vs. vehicle security
•Many entities requesting both legitimate and non-legitimate access•Inspection and Maintenance•Workshop/Service
Current Cybersecurity Status
![Page 4: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/4.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 4
•Vehicle data access vs. vehicle security •Insurance “telematics”•Other “telematics”•“Prognostics”•Modification of powertrain components (“tuning”)•Malicious attacks (“hacking”)•Digital Millennium Copyright Act (DMCA)
Current Cybersecurity Status
![Page 5: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/5.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 5
Initially, due to research activity into vehicle hacking, efforts began to describe/define issues• SAE- Electrical and Electronics Diagnostic Committee
(J3005), Cybersecurity Systems Engineering Committee (J3061)
• NHTSA - Request for Comment on Automotive Electronic Control Systems Safety and Security
• US Government- GAO, US DOT, DHS S&T, NIST• ISO TC204, TC32
![Page 6: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/6.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 6
•OBD Devices•Wirelessly enabled
Wireless network can be spoofed•Bluetooth enabled
Malware installed in phone app•Carnegie Mellon University study with NIST Volpe Research Center – results at:https://resources.sei.cmu.edu/asset_files/WhitePaper/2016_019_001_453877.pdf
Preliminary results show poor software design and cybersecurity practices across a high percentage of currently deployed devices.
Current Cybersecurity Status
![Page 7: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/7.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 7
Current situation:
scen
ario
hack
erat
tack
hacker attackover the mobile communication tothe customerOBD dongle
hacker starts criticalfunctions over theUDS protocol
![Page 8: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/8.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO)
There are many discussions about further concepts to solve the security problem with e.g. 3rd-party dongles:
1. concept for a short-term solution• Gateway equipped• Non-Gateway equipped• “Hybrid”
2. concept for a long-term solution• Planned in future as a two step solution
• first step: protection of diagnostic access• second step: protection of diagnostic data
8
![Page 9: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/9.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO)
Concept for a long-term solutionfirst step: protection of diagnostics access
9
IT-Backendcreation of security tokenidentity and access
managementLog saves all events,
accesses, and errors
Diagnostic systemprivate key and
certificate signing requestrouting of security
tokenIndividual-ID: (VIN,
ECU-ID, Project-ID)
secure channel
Electronic Control Unit (ECU)signature verification and
public key
![Page 10: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/10.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO)
Concept for a long-term solutionsecond step: protection of diagnostic data
10
IT-Backendprivate key and certificate
signing request & data
Diagnostic systemIndividual-ID: (VIN,
ECU-ID, Project-ID)
secure channel
Electronic Control Unit (ECU)signature verification and
public key for every request which change data or start secured functions
For the second step – there are a lot of open questions regarding process and possibleadvantages/ disadvantages, potential risksand problems (e.g. total dependence on Backend-System)
![Page 11: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/11.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 11
• September 28: NHTSA requests SAE to take the lead and convene industry group to examine issue
• October 14: NHTSA response to House Committee highlights SAE role:“At NHTSA’s urging, SAE International has started a working group that is looking to explore ways to harden the OBD-II port. This group is making good progress and the Agency remains hopeful that the group will move expeditiously to develop a set of recommendations.”
• September 12: Letter from House Committee on Energy and Commerce to NHTSA RE: OBD-II Security
“…request that NHTSA convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem.”
Why the Renewed Focus on OBDII Security?
![Page 12: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/12.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 12
SAE Committees/Task Forces• J3061 – Cybersecurity Guidebook for Cyber-Physical
Vehicle Systems• J3016 – Guidebook Helping to Frame Cybersecurity
Policy• J3005-1, -2 – Guidelines for Operation and Security of
Devices Connected to the Data Link Connector (DLC)• J3138 – Next slides…
![Page 13: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/13.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 13
• SAE hosted invitation-only industry workshop December 1.
• Goals:1. Identify common issues, needs, and approach to secure
the OBD2. Gain buy-in to development of an accelerated standards
approach• Very well-attended by industry
– Leads: Mark Zachos, DGTech and Bob Gruszczynski , VW– OEMS: BMW, Ford, GM, Honda, Hyundai, Isuzu, Toyota, VW – Heavy Truck: Volvo, Cummins – Associations: MEMA, ETI, Booz-Allen (Auto ISAC)– Government/Regulators: ARB, NHTSA, NIST
![Page 14: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/14.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 14
• Discussion yielded the following high-level scope items:
What are we worried about? What are we not worried about?• DLC access Point (J1939/J1962 connector)• Re-programming modules; only concerned about
unlocking • Someone spoofing normal message content
(writing non-diagnostic messages)• Overloading the CAN Bus• Overloading the gateway• Ensuring solution complies with existing
regulations and MOUs• New on-road vehicles (less than 14K pound
GVW)
• Other access points (infotainment, etc.)
• J1979 functionality• Emission-related diagnostics;
J1939 equivalent diagnostic functionality
• Physical attacks to the in-vehicle network
• Privacy• Tool/dongle security
![Page 15: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/15.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 15
Next Steps1. SAE staff work with volunteer leaders to further define
rationale, scope, and process2. Created new SAE Committee – Data Link Connector
Vehicle Security Committee3. Created new Task Force to house New Work Item –
J3138 (Task Force Name TBD)4. Committee meets monthly5. J3138 in ballot6. New Work Item Proposals started to address long-term
items above
![Page 16: Preventing External Connected Devices From Compromising Vehicle … · 2019. 3. 1. · Volkswagen Group of America Engineering and Environmental Office (EEO) 13 • SAE hosted invitation-](https://reader035.vdocuments.net/reader035/viewer/2022071503/61232dcb9b6e6f21ea6cab23/html5/thumbnails/16.jpg)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 16
Thanks for your attention !!!
Bob GruszczynskiOBD Communication Expert
Volkswagen [email protected]