comprehensive experimental analysis of automotive attack
play

Comprehensive,Experimental, Analysis,of,Automotive, - PowerPoint PPT Presentation

Feb 14, 2023 •268 likes •464 views

Comprehensive,Experimental, Analysis,of,Automotive, Attack,Surfaces, Checkoway,et,al , Presented(By(Lucas(Copi( Overview, Introduction, Automotive,Threat,Models, Vulnerability,analysis, Conclusion, Introduction,

  1. Comprehensive,Experimental, Analysis,of,Automotive, Attack,Surfaces, Checkoway,et,al , Presented(By(Lucas(Copi(

  2. Overview, • Introduction, • Automotive,Threat,Models, • Vulnerability,analysis, • Conclusion,

  3. Introduction, • Modern,Cars,are,controlled,by,ECU’s,connected,by,an,internal,network, (CAN), • Access,to,CAN,has,capability,to,override,all,computer,control,systems, (demonstrated,in,previous,work), • Previous,research,focused,on,attacks,requiring,physical,access, • New,research,focuses,on,new,remote,threat,models, • Paper,attempts,to,investigate,entire,attack,surface,of,the,modern,car,

  4. Automotive,threat,model, There,are,three,main,ways,for,an,attacker,to,gain,access,to,the,CAN:, • Indirect,physical,access, • ShortJrange,wireless, • Long,range,wireless,

  5. Indirect,physical,access, • While,the,paper,investigates,the,vulnerabilities,of,physical,interfaces,the, researchers,operate,under,the,stipulation,attackers,may,not,have,direct, physical,access,to,the,vehicle, • OBDII,port, • Entertainment,

  6. Short,Range,Wireless,Access, • Bluetooth, • Remote,keyless,entry, • Tire,pressure,monitors, • RFID,Car,Keys, • Emerging,short,range,channels,for,intercar,communication,

  7. LongJrange,wireless, • Broadcast,channels:,channels,not,directed,toward,a,car,but,can,be,accessed, through,receivers,on,the,vehicle, • Addressable,channels:,remote,telematics,systems,

  8. Vulnerability,Analysis, • Paper,explores,one,vulnerability,in,each,of,the,previous,segments, • Research,assumes,attacker,has,access,to,similar,model,vehicle,or,information, allowing,them,to,reverse,engineer,systems,and,inspect,for,vulnerabilities, • For,every,vulnerability,demonstrated,,researchers,were,able,to,obtain,complete, control,of,the,vehicle’s,systems, • Late,model,economy,car,was,chosen,with,standard,options,(specific,car, unspecified),

  9. Indirect,physical,channels, • Targeted,media,player, • Two,vulnerabilities, • Latent,update,capability,in,media,player,that,can,recognize,ISO,formatted, CD’s,and,reflash,system,with,data,contained,on,CD, • Were,able,to,exploit,a,buffer,overflow,attack,and,send,can,packets, embedded,in,a,WMA,file,to,compromise,the,system,

  10. Physical,channels,continued, • OBDJII,port, • Used,for,vehicle,diagnostic,and,is,the,standard,port,on,any,vehicle,older, than,2004, • Accessed,by,passthru,devices,, • Able,to,design,malware,that,compromised,passthru,device,and,pass, malicious,can,packets,to,vehicle,upon,use, • Were,able,to,implement,this,attack,as,a,worm,

  11. Short,Range,Wireless,Channels, • Bluetooth, • Indirect,short,range,wireless,attacks:,attack,requires,owner,of,a,vehicle,to, have,a,compromised,paired,Bluetooth,device, • Able,to,implement,with,a,Trojan,horse,on,an,Android,application, • Direct,short,range,wireless,attacks:,Were,able,to,obtain,MAC,address,and, brute,force,pairing,pin,to,gain,access,to,the,paired,channel,and,carry,out,an, attack,

  12. Long,range,wireless,channels, • Telematics,connectivity, • Using,combined,vulnerabilities,between,the,gateway,and,the,authentication, attackers,were,able,to,gain,access,through,the,telematics,unit,and,carry,out,an, attack, • Gateway,can,be,attacked,using,a,buffer,overflow,attack,due,to,discrepancies, between,expected,packet,size, • Authentication,can,be,bypassed,by,initiating,128,calls,, • Attack,can,also,occur,by,calling,the,vehicle,and,playing,a,“song”,

  13. Conclusion, • Cars,I/O,interfaces,are,alarmingly,open,to,unsolicited,communication, creating,unnecessary,attack,surfaces, • Appears,code,bases,for,automobiles,do,not,employ,same,secure,coding, methods,as,other,software,systems, • Research,showed,almost,all,vulnerabilities,existed,in,interface,boundaries, • More,research,is,necessary,

  14. References, Comprehensive,Experimental,Analyses,of,Automotive,Attack,Surfaces., Stephen,Checkoway,,Damon,McCoy,,Brian,Kantor,,Danny,Anderson,,Hovav, Shacham,,and,Stefan,Savage.,In,UsenixSecurity'11,

  15. Comprehensive,Experimental, Analyses,of,Automo6ve,A7ack, Surfaces.,, , Stephen,Checkoway,,Damon,McCoy,,Brian,Kantor,,Danny,Anderson,, Hovav,Shacham,,Stefan,Savage,,Karl,Koscher,,Alexei,Czeskis,,Franziska, Roesner,,and,Tadayoshi,Kohno.,, In,UsenixSecurity'11,

  16. Paper,Discussion, • Sai,Tej,Kancharla,, • CSC,6991,–,Advanced,Computer,System,Security, • The,paper,"Comprehensive,Experimental,Analyses,of,Automo6ve,A7ack,Surfaces",discusses,and,elaborates,on,how,easily,a7ack,or,compromise,the, security,of,a,car,and,the,real,threats,which,one,can,possibly,face,from,the,exploits.,The,paper,also,gives,some,ways,in,which,we,can,fix,the,flaws,and, improve,the,security,6ll,there,is,a,overhaul,in,the,whole,system., • The,paper,shows,various,ways,in,which,a,a7acker,can,access,the,system,by,dividing,the,threat,model,based,on,the,distance,from,the,vehicle.,The, paper,denotes,three,ways,of,accessing,without,having,physical,access,to,the,system,and,they,are,Indirect,Physical,Access,,Short,Range,Physical, Access,and,Long,Range,Wireless,Access., • ,In,Indirect,Physical,Access,,the,authors,exploit,OBDYII,which,is,federally,mandated,by,the,U.S,government,and,this,provides,direct,access,to,CAN, buses.,The,author,uses,a,laptop,with,'PassThru',device(,mostly,via,USB,or,WiFi),to,gain,access,to,the,OBDYII,port.,We,can,compromise,the,whole, system,this,way,and,can,possibly,infect,other,PassThru,devices,nearby,by,wri6ng,a,worm,to,infect,other,systems.,The,author,also,tells,how,by,using, a,malicious,CD,or,iPod,we,can,infect,the,media,unit,and,then,slowly,work,our,way,in,compromising,the,whole,system, • The,Short,Range,A7acks,are,though,complex,and,lack,accuracy,,there,are,wide,range,of,exploits,to,be,used,like,the,Bluetooth,,Remote,Key,Entry,, Tire,Pressure,,Monitoring,Systems(TPMS),,RFID,tags,and,also,Wifi,Hotspots,in,the,car.,The,most,preferred,being,Bluetooth,,the,authors,discuss,2, ways:,'Indirect',way,where,the,vulnerability,can,be,exploited,,by,using,a,Paired,Bluetooth,Device,,or,the,'Direct",way,where,the,a7acker,needs,to, know,the,Bluetooth,MAC,address,and,also,the,secret,shared,key,which,allows,access,to,the,Bluetooth,pairing.,This,process,is,very,long,and,also, needs,the,car,to,be,running,all,the,6me,which,is,highly,unlikely., • The,Long,Range,A7ack,is,the,most,convinent,one,and,most,dangerous,as,it,can,be,done,through,the,access,of,cellular,capable,device,on,the,car,and, this,can,be,done,from,anywhere,without,any,physical,distance,constraint.,The,manufacures,use,Airbiquity’s,aqLink,soaware,modem,to,covert, between,analog,waveforms,and,digital,bits,and,synthesizing,a,digital,channel.,The,authors,reverse,engineer,the,aqLink,protocol,to,gain,access,to,the, system.,The,authors,also,discovered,a,code,parsing,authen6ca6on,response,bug,which,blindly,sa6sfies,the,authen6ca6on,challenge,aaer,128,calls, and,enables,the,exploit., • The,paper,assess,that,Cyber,War,is,a,possibility,where,large,number,of,cars,are,affected,and,are,put,in,harms,way.,The,main,scenarios,iden6fied,are, Thea,and,Surveillance,which,would,be,really,problema6c.,The,authors,suggest,various,ways,in,which,the,exploits,can,be,fixed,and,strongly,suggest, an,overhaul,in,the,exis6ng,system,from,ground,up,to,increase,the,safety.,

  17. Paper,Discussion, Zhenyu,Ning, • CSC,6991,–,Advanced,Computer,System,Security, • The,paper,generally,discusses,the,a7ack,surfaces,that,may,be,leveraged,while,someone,try,to,compromise,a, • vehicle,remotely,and,what,could,happen,aaer,the,vehicle,is,exploited,in,that,way., The,a7ack,channels,are,classified,to,3,categories:,indirect,physical,access,,shortYrange,wireless,access,and,longY • range,wireless,access.,For,each,category,,the,author,firstly,lists,some,components,that,may,be,leveraged,by,the, a7acker,,such,as,OBDYII,port,and,CD,player,during,indirect,physical,access,,Bluetooth,,RKE,and,RFID,key,cards,in, shortYrange,wireless,access,and,cellular,channels,in,longYrange,wireless,access., Aaer,that,,some,vulnerabili6es,in,these,components,are,analyzed.,For,example,,a,“craaed”,WMA,audio,file,may, • give,the,a7ack,ability,to,execute,arbitrary,code,,OBDYII,could,be,used,to,achieve,shell,injec6on,if,the,a7ach,can, connect,into,the,same,wireless,network,with,PassThru,devices,,Bluetooth,device,in,the,vehicle,could,be,connected, aaer,brute,forced,the,PIN,,the,telema6cs,unit,could,be,made,to,download,some,addi6onal,payload,aaer,reset,the, call,6meout,with,some,complicated,hack,way.,Through,any,of,these,compromised,components,,the,a7acker,then, can,communicate,with,CAN,to,perform,some,malicious,behaviors., Though,some,fixes,and,sugges6on,are,given,in,the,paper,,it,seems,that,the,industry,didn’t,pay,enough,a7en6on, • about,there,issues,,as,the,a7ack,we,discussed,in,the,last,class,used,some,similar,approaches,to,achieve,their, target.,, ,

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT Haohuang Wen 1 , Qi Alfred Chen 2 , Zhiqiang Lin 1 1 Ohio State University 2 University of California, Irvine USENIX

278 views • 26 slides
Automotive Attack Surfaces UCSD and University of Washington Current Automotive Environment

Automotive Attack Surfaces UCSD and University of Washington Current Automotive Environment

Automotive Attack Surfaces UCSD and University of Washington Current Automotive Environment Modern cars are run by tens of ECUs comprising millions of lines of code ECUs are well connected over internal buses (mainly CAN buses) to enable

534 views • 35 slides
Experimental Analysis Guidelines for Presenting Data 3. Examples Marco Chiarandini Results Task

Experimental Analysis Guidelines for Presenting Data 3. Examples Marco Chiarandini Results Task

Outline DM811 HEURISTICS AND LOCAL SEARCH ALGORITHMS 1. Experimental Algorithmics FOR COMBINATORIAL OPTIMZATION Definitions Performance Measures 2. Exploratory Data Analysis Lecture 13 Sample Statistics Scenarios of Analysis Experimental

737 views • 18 slides
Experimental Analysis Marco Chiarandini Department of Mathematics & Computer Science

Experimental Analysis Marco Chiarandini Department of Mathematics & Computer Science

DM841 D ISCRETE O PTIMIZATION Part 2 Heuristics Experimental Analysis Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark Outline Outline Experimental Analysis 1. Experimental Analysis

1.38k views • 90 slides
Introduction Attack Graphs Model Creation Analysis of Attack Graphs

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

684 views • 50 slides
Comprehensive Automotive Mobility Solutions for Health Care Professionals Course Introduction

Comprehensive Automotive Mobility Solutions for Health Care Professionals Course Introduction

CAMS-HP Lunch & Learn: Comprehensive Automotive Mobility Solutions for Health Care Professionals Course Introduction Industry Overview Who is Involved Road Map for the Mobility Process Mobility Solutions Review * For

1.22k views • 39 slides
Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche , C

Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche , C

List decoding of RM(1,m) and Multi-linear cryptanalysis Application to Power Analysis attacks : MLPA Conclusion and Open persp Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche , C edric Tavernier

625 views • 29 slides
Comprehensive Energy Analysis IGEN Comprehensive Energy Analysis Funding Information Funding

Comprehensive Energy Analysis IGEN Comprehensive Energy Analysis Funding Information Funding

Illinois Green Economy Network (IGEN) Comprehensive Energy Analysis IGEN Comprehensive Energy Analysis Funding Information Funding provided from the Illinois Department of Commerce and Economic Opportunity through a legislative

238 views • 13 slides
Attack- based Domain Transition Analysis Susan Hinrichs shinrich@ uiuc.edu Prasad Naldurg

Attack- based Domain Transition Analysis Susan Hinrichs shinrich@ uiuc.edu Prasad Naldurg

Attack- based Domain Transition Analysis Susan Hinrichs shinrich@ uiuc.edu Prasad Naldurg prasadn@ microsoft.com SE Linux Symposium Attack- based DTA 1 06 Outline Motivation Review of type enforcement transitions Attack

471 views • 18 slides
WHAT WOULD TREX DO? From Experimental Design to Analysis, the TREX Approach EXPERIMENTAL DESIGN

WHAT WOULD TREX DO? From Experimental Design to Analysis, the TREX Approach EXPERIMENTAL DESIGN

Your Research Question WHAT WOULD TREX DO? From Experimental Design to Analysis, the TREX Approach EXPERIMENTAL DESIGN What are my research goals? FFPE Clinical Where are my samples coming from? Fresh Tissue/Cells How much RNA

863 views • 39 slides
KEY BENEFITS sustainability put the automotive industry under WHEN USING OUR pressure to develop

KEY BENEFITS sustainability put the automotive industry under WHEN USING OUR pressure to develop

Twaron drives Automotive hoses and belts AUTOMOTIVE DEVELOPMENTS Manufacturers in the automotive industry are constantly looking for ways to maintain their competitiveness by getting innovative products to market fast. Safety issues, performance

772 views • 18 slides
Backbone Network DRDoS Attack Monitoring and Analysis YANG XU, QITIAN SU Twitter: @xuy1202

Backbone Network DRDoS Attack Monitoring and Analysis YANG XU, QITIAN SU Twitter: @xuy1202

Backbone Network DRDoS Attack Monitoring and Analysis YANG XU, QITIAN SU Twitter: @xuy1202 @suqitian Network Security Research Lab, Qihoo 360 http://netlab.360.com/ FloCon 2017 Backbone Network DRDoS Attack Monitoring and Analysis Thread

238 views • 22 slides
Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo Bettati, Jon Callas, Nick Matthewson 1 What is Traffic Analysis? Signals intelligence that ignores content Information for analysis is the

355 views • 14 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Spectral analysis of ZUC-256 The algorithm of ZUC-256 Attack approaches Spectral

Spectral analysis of ZUC-256 The algorithm of ZUC-256 Attack approaches Spectral

Spectral analysis of ZUC-256 The algorithm of ZUC-256 Attack approaches Spectral analysis tools 5G future is here! Alexander Maximov Ericsson Research, Lund, Sweden Jing Yang and Thomas Johansson Lund University, Lund, Sweden Fast

335 views • 21 slides
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1 , Ilya

EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1 , Ilya

EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1 , Ilya Kizhvatov 2 1 Virginia Tech 2 Radboud University Nijmegen CHES 2018 Outline 1 Introduction 2 Side-Channel Vulnerability Analysis 3 The Most Feasible

629 views • 42 slides
+ eDiscovery: Energy Ef fi cient Device Discovery for Mobile Opportunistic Communications Bo Han

+ eDiscovery: Energy Ef fi cient Device Discovery for Mobile Opportunistic Communications Bo Han

+ eDiscovery: Energy Ef fi cient Device Discovery for Mobile Opportunistic Communications Bo Han AT&T Labs Research Aravind Srinivasan University of Maryland Presented by Xin Gao NJIT + Summary 2 Background Introduction

256 views • 12 slides
CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems Android Bluetooth Interface Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Bluetooth Communication Bluetooth-enabled

343 views • 18 slides
A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele

WAC workshop 2020 A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy Daniele Antonioli Daniele Antonioli ( @francozappa ) A review of the BIAS and KNOB attacks on Bluetooth Classic and Bluetooth Low Energy 1

949 views • 69 slides
Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to

582 views • 37 slides
Capstone 2020 Presentation BlueDentist Project Summary Develop a portable, wideband SDR module

Capstone 2020 Presentation BlueDentist Project Summary Develop a portable, wideband SDR module

Capstone 2020 Presentation BlueDentist Project Summary Develop a portable, wideband SDR module that utilizes a GPU for digital signal processing Develop firmware and software to monitor and analyze Bluetooth signals Team Jeff Longo Chris

748 views • 23 slides
Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann,

Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann,

Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann, Cenk G undo gan, Thomas C. Schmidt and Matthias W ahlisch peter.kietzmann@haw-hamburg.de 6th ACM Conference on Information-Centric Networking

639 views • 44 slides
Breaking the Bluetooth Pairing Fixed Coordinate Invalid Curve Attack Eli Biham Lior Neumann

Breaking the Bluetooth Pairing Fixed Coordinate Invalid Curve Attack Eli Biham Lior Neumann

Breaking the Bluetooth Pairing Fixed Coordinate Invalid Curve Attack Eli Biham Lior Neumann Department of Computer Science Technion Israel Institute of Technology Cryptoday 2018 Eli Biham, Lior Neumann (Technion) Breaking the

784 views • 75 slides
Explosive percolation in random Bluetooth graphs G abor Lugosi ICREA and Pompeu Fabra

Explosive percolation in random Bluetooth graphs G abor Lugosi ICREA and Pompeu Fabra

Explosive percolation in random Bluetooth graphs G abor Lugosi ICREA and Pompeu Fabra University, Barcleona joint work with Nicolas Broutin (INRIA) Luc Devroye (McGill) irrigation graphs Start with a connected graph on n vertices.

982 views • 61 slides

More recommend