CYBER-PHYSICAL SYSTEMS Constantinos Xenofontos cxenof02@ucy.ac.cy - PowerPoint PPT Presentation

Τμήμα Πληροφορικής Πανεπιστημίου Κύπρου​ CYBER-PHYSICAL SYSTEMS Constantinos Xenofontos cxenof02@ucy.ac.cy

BEFORE WE START... • Security not always means web or mobile etc. • What are the Cyber-Physical Systems (CPS)? 2

“LOCK IT AND STILL LOSE IT - ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS” FLAVIO D. GARCIA, DAVID OSWALD, TIMO KASPER AND PIERRE PAVLIDÈS UNIVERSITY OF BIRMINGHAM, UK KASPER AND OSWALD ,GERMANY 3

ABSTRACT • Most automotive immobilizer systems are insecure, less attention on RKE. • Paper closes this gap presenting vulnerabilities in RKE schemes used by major manufacturers. • Case study 1: The VW Group system • Case study 2: The Hitag2 system • Authors lead to proven conclusions and responsible disclosure for their findings as well. 4

CAR KEY OVERVIEW Two main components: Immobilizer • Passive RFID (125 kHz) • Systems (Hitag2, Megamos, DST40) Remote Key Entry (RKE) • Active UHF transmitter (up to 868 MHz) • To unlock a car from a distance • Unidirectional • RKE-Immo (integration) 5

REMOTE KEYLESS ENTRY SYSTEMS (RKE) Use a very simple procedure: 1) Push a button 2) The remote sends message to the car 3) Car reacts accordingly 6

PRELIMINARY ANALYSIS OF RKE Bought a variety of RKE remote controls • • Analyzed their RF outputs using Software Define Radios (SDR) • Arduino SDR Platform Setup costs just $40 • Majority used Amplitude Shift Keying • (ASK) Others used Frequency Shift Keying (FSK) • Manchester Encoding or Pulse-width • Encoding • Bitrate: 1-20 kilobits/second 7

PREVIOUS ATTACKS ON RKE 2007: Cryptanalysis of KeeLog garage door openers (216 plaintext/ciphertext pairs) by Biham et al. 2008: Side-channel aHack on KeeLoq key diversificaGon (Eisenbarth et al.) 2010: Relay aHacks on passive keyless entry systems (Francillon et al.) 2014: Cesare: aHack on 2000 – 05 vehicle 2015: “ RollJam ” by Spencerwhyte / Kamkar (had been proposed before, does not apply to most modern vehicles since buHon is authenGcated) 8

VW GROUP SYSTEM 9

• Analysed RKE schemes used in most VW Group cars manufactured between 1995 and 2016 • Utilized personal cars for testing • >10% worldwide market share • Four main schemes studied (VW-1 … VW-4) 10

ANALYSIS (CONT.) Step 1: Eavesdropping & decoding Step 2: Reverse-engineering ECUs assembly (Dump ECU firmware) 11

VW-1 SCHEME Security by Obscurity • • First four bytes hold XOR and UID Linear Feedback Shift Register (LSFR) – Unencrypted Counter • Button pressed • Modified Replay Attacks! (Increment Counter) • Used until 2005 • 12

VW-2, VW-3 SCHEMES Preamble (Used since 2004 and 2006) • 8-byte encrypted payload • Button pressed • • AUT64 Encryption – Round-cipher 91.55 bit key size • Global master key is reused across every car • 13

VW-4 SCHEME • Same frame format as previous (VW-3) • XTEA cipher (secure standard cipher) • 64 Round Feistel Structure(64-bit block size and 128 bit-key) • Well suited for low-powered remotes • Global Master keys … Adversary can clone remote by eavesdropping a single rolling code • Used since 2009 14

HITAG2 SYSTEM 15

HITAG2 SYSTEM (CONT.) • Designed by NXP Semiconductors • RKE scheme example • Hybrid key (Immo+RKE) uses same uid but different secret key • Improved Rolling code system • Author crack after 4-8 button presses • *Attack requirements 16

HITAG2 CIPHER • Stream cipher REQUIREMENTS: 4 – 8 button presses ➢ • 48-bit LFSR Arduino setup (as it is used previously) ➢ Implement reactive jamming ➢ • Non-Linear Filter Function ➢ Speeding up trace collection • Each clock cycle: ➢ 20-bits are put through function → 1 – bit key stream ➢ Feedback polynomial used to generate new bit on right of LSFR 17

18

HITAG2 CIPHER (CONT.) • Results • ~1-Minute Average to crack with typical Laptop • Maximum Crack time: ~10-Minutes • Issue does arise when guessing the 18-MSBs of counter • Not a big deal though. Counter MSBs can be predicted by model year of car • Hitag2 RKEs are vulnerable due to flaw in cryptography (takes 4-8 button presses to crack) 19

CONCLUSIONS • The results of this paper show that major manufacturers have used insecure schemes over than 20 years. • Authors informed VW Group for their findings in back in December 2015 and NXP Semiconductors in January 2016. • RKE systems can be hacked using cheap technical equipment (devices). The necessary equipment to receive and send rolling codes, are low cost so eavesdropping and cloning are easier. • Weaknesses in the Hitag2 cipher known for many years but still used in new vehicles. • Poor crypto is bad, but poor key management is worse. • This research may explain several mysterious theft cases without signs of forced entry. 20

“AN EXPERIMENTAL SECURITY ANALYSIS OF AN INDUSTRIAL ROBOT CONTROLLER” DAVIDE QUARTA, MARCELLO POGLIANI, MARIO POLINO, FEDERICO MAGGI, ANDREA MARIA ZANCHETTIN AND STEFANO ZANERO POLITECNICO DI MILANO, ITALY TREND MICRO INC. 21

ABSTRACT • Authors undertake a systematic analysis of the attack surface and potential impacts of cyber attacks against industrial robots • Model of robot architecture and attack classes • Industry specific challenges • Case study • Their findings show the vulnerabilities • Propose future directions 22

INTRODUCTION • What is an industrial robot? • IFR forecasts that by 2018 approx. 1.3 billion industrial robot units will be employed in factories globally • International market value is approx. 32 billion USD. 23

MOTIVATIONS Industry 4.0 vision trends Industrial robots are exposed often interconnected to the on internet, e.g. there are some industrial routers and these due to the fact that they need to be really flexible just to make the production be more efficient. 24

Lack of Awareness ( Motivations cont.) Preliminary investigation: Authors sent a survey to 50 domain experts from the academia and the industry. (including representatives of relevant scientific and technical societies) ~ avg. 20 answers RESULTS: ➢ 28% users not enforced access control policies ➢ 30% robots directly accessible over the internet ➢ 76% users never perform vulnerability assessment ➢ More than 50% did not think that cyberattack was a realistic threat on industrial robots Awareness of cyber security risks deriving from industrial robots… 25

26

OBSERVATIONS 1. The increased connectivity of computer and robot systems is (and will be) exposing robots to cyberattacks 2. The safety systems governing robots are increasing implemented in software 3. Awareness of security risks within the robot ecosystem is very low (confirmed by both a small scale survey undertaken by the authors, and the shocking state of security in practice) 27

THREAT SCENARIOS • Production Outcome Altering • Production Plant Halting • Unauthorized Access/ Physical Damage • Remote Exposure (Shodan and ZoomEye)/ Vendors • Network and Physical Attacker *Attacker has technical capabilities and access to equipment of course. 28

Access over the network? 29

5 ROBOT SPECIFIC ATTACKS 30

Accuracy REQUIREMENTS Safety Integrity These are the simple “Laws of Robotics”… 31

Attack 1: Control Loop Alteration 32

Attack 2: Calibration parameters tampering 33

Attack 3: Tampering with the Production Logic 34

Attack 4&5: (User-perceived) Robot state alteration 35

VULNERABILITIES • Access to interface parameters • Software/motor impacts (wireless to control mode, emergency stop) • Exposed controller calibration model or data • Controller does not enforce end-to-end integrity, file system or authentication by pass • Sometimes depends on access to file storing configuration parameters which may impact robot movements 36

CASE STUDY 37

CONCLUSIONS • Authors have been developed various robot specific attacks and they built some threat scenarios. • Also, they explored theoretically and experimentally, the challenges and impacts of the security of modern industrial robots. • Showed how an attacker can compromise a robot controller and gain full control of the robot, altering the production process. (Controller exploitation of an industry robot that mainly used) • This research also mentions some future challenges e.g. secure coll ο rabative robots (Co-Bots) and Human Robot Interaction and also attack detection will be harder. 38

THANK YOU FOR YOUR ATTENTION!!! Q&A 39