how to connect vehicle in safe and secure way
play

HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN - PowerPoint PPT Presentation

Apr 08, 2023 •258 likes •616 views

HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5 YEARS IN AUTOMOTIVE TOP NOTCH LOCATIONS EMBEDDED SOFTWARE PROFESSIONALS AROUND SOFTWARE PROJECTS BUILDING THE GLOBE BUSINESS DELIVERED

  1. HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST

  2. 17+ 200+ 70+ 5 YEARS IN AUTOMOTIVE TOP NOTCH LOCATIONS EMBEDDED SOFTWARE PROFESSIONALS AROUND SOFTWARE PROJECTS BUILDING THE GLOBE BUSINESS DELIVERED THE PRODUCTS SHANGHAI OFFICE IN 2017 H2 SHENZHEN OFFICE IN 2017 H2

  3. CONTENTS • Connected vehicles • What is security? • Security solutions • What’s next?

  4. CONNECTED VEHICLES

  5. CONNECTED VEHICLES • Connected car market is experiencing rapid growth • There’s a need for secure and safe solutions Source: Gartner

  6. CONNECTED VEHICLE DEVELOPMENT MODEL Connected Vehicle Vehicle Computer and Platform SDK

  7. CONNECTED VEHICLES Vehicle services Mobile appli- cation Internet Vehicle Computer Mobile user Fleet application Third party services Fleet user

  8. ARCHITECTURE Internet Applications Operating System Vehicle Network Platform

  9. APPSTACLE PLATFORM • European collaboration project for open connected car architecture • Link Motion is promoting AGL

  10. APPSTACLE ARCHITECTURE cloud & OTA manger ECU OTA downloading tool APPS services application IDS car-to-cloud Application runtime communication Authentication/Encryption Permission Control APPSTACLE API QoS Monitoring communication services app-platform network IDS in-vehicle ex-vehicle connectivity connectivity in-vehicle in-vehicle communication OTA APPSTALCE manager platform boot loader in-vehicle Source: APPSTACLE ITEA program

  11. WHAT IS SECURITY?

  12. PROTECTION OF ASSETS Vehicle theft Exposure Severity Controllability Threat Assets Security SAE J3061 technologies Distraction ISO 15288 Loss of control

  13. ASSETS • Assets in connected vehicle – Data. If data has been compromised, it can lead to hijacking of vehicle, lost property or manipulation of operation. Examples of data include remote control keys, maintenance data, routing information – Privacy. Lack of privacy can lead to uncomfortable situation or expose user to greater security risks. Examples of privacy assets include location information, route history and consumer habits – Control. Loss of control can lead to unwanted behaviour of vehicle during driving or even hijacking of passengers inside the vehicle. Loss of control also compromises owner’s ability to use car • Tangible and intangible

  14. THREATS • Ransomware • Publicized vulnerability • Leakage of privacy data • Blocking use of system => Remotely attack fleet SECURE & CONNECTED

  15. SAFETY AND SECURITY Source: SAE J3061

  16. SECURITY SOLUTIONS

  17. SECURITY FEATURES • Modularity and layering • Hierarchical protection ECU Vehicle Secure • Attack surface Access Container ECU minimization Controller Internet CAN Connected • Least privilege principle gateway Application ECU • Predicate permission • Defense-in-depth

  18. SANDBOXING OF THE SYSTEM Secure Container IVI OS Auto OS Vehicle Access Controller Unprivileged container Unprivileged container Secure RTOS Microcontroller i.MX6Q+ Main Processor

  19. DEFENSE IN LEVEL 3 DEPTH LEVEL Rich 2 controls 3rd party Secure apps apps LEVEL 1 CAN Music Self-driving • Minimizes impact of successful attacks Data Vehicle V2X visualization Control • Allows protection according to SECURE Instruments needs RTOS Services • Innermost layer (TCB) is Traffic AUTO OS compact and most secure information IVI OS

  20. VEHICLE NETWORK DATAFLOWS Abstract Vehicle Access Auto OS Secure Container IVI OS Interface Controller Very limited access Vehicle Wide access Network Gateway Unprivileged Unprivileged Read access container container / Firewall Configurable Secure RTOS access Microcontroller i.MX6Q+ Main Processor Internet CAN Bus

  21. VEHICLE NETWORK CONTROLLED ACCESS Auto OS Vehicle Access Controller IVI OS Secure Container Vehicle Vehicle Unprivileged Unprivileged Network Network container container Controller Controller Secure RTOS Microcontroller i.MX6Q+ Main Processor Vehicle Network

  22. SECURITY MINDED DESIGN Cloud services PATTERN • Follows automotive Auto OS IVI OS Secure Container Telematics: Instrument Cluster: design patterns IVI: Rich UI controls. Diagnostics Notification FOTA control. engine • Separation of control, critical control and rich control Vehicle Network API • Example: Diagnostics vECU Vehicle Network CAN Bus

  23. HARDWARE SECURITY TECHNOLOGIES ARM TrustZone Secure Key Storage Secure IVI OS Container Auto OS Unprivileged Unprivileged i.MX6Q+ Main Processor container container ARM Cortex-A9 Quad ARM TrustZone Secure RTOS RAM CAAM i.MX6Q+ Main Processor High Assurance Boot and Chain of Trust

  24. MORE SECURITY SOLUTIONS • Vehicle network protection • Cryptography • Intrusion detection system • Open source development model • External partners • Research • Training

  25. WHAT’S NEXT

  26. SECURITY FORMALIZATION • Broader analysis • NIST SP-800, SAE J3061, ISO 15288 • Privacy standards • Integration to processes • Secure System State • Security Taxonomy • Mathematical proofs

  27. SECURITY TAXONOMY Source: NIST SP 800-160

  28. SECURE SYSTEM STATE • Design with safe state (ISO 26262) • Example implementation: – Reference monitor (IDS) – Re-flash from ROM Source: NIST SP 800-160

  29. INTEGRATION TO PROCESSES • ISO 15288 good framework • Code first vs specification • Not just engineering • Aims to enable ‘organizational learning’ -> same breach does not happen twice • Work split between OEM/T1 and AGL ?

  30. MORE SECURITY SOLUTIONS • More cost-efficient solutions enable better security – AGL, APPSTACLE, ASSET • Improve overall level of security • Implement HW solutions with SW • Developer training

  31. SOFTWARE DEFINED CAR CONVENTIONAL SOFTWARE CENTRIC ARCHITECTURE ARCHITECTURE

  32. SOFTWARE DEFINED CAR CONVENTIONAL SOFTWARE CENTRIC ARCHITECTURE ARCHITECTURE

  33. SUMMARY • Connected vehicles are happening now • Need uncompromised solutions – Same as safety • There are plenty of solutions – But none solves it alone • More holistic approach is future

  34. LINK-MOTION.COM info@link-motion.com mikko.hurskainen@link-motion.com kanae.kubota@link-motion.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cardiff School Board Meeting May 10, 2018 Create a safe and secure environment Connect the

Cardiff School Board Meeting May 10, 2018 Create a safe and secure environment Connect the

Cardiff School Board Meeting May 10, 2018 Create a safe and secure environment Connect the school to the community: put active uses at the edges Prioritize green space and views. Provide ample play space. Improve traffic flow and safety for

299 views • 15 slides
Measure GG ICOC Presentation June 21, 2018 1 Project Overview Create a safe and secure

Measure GG ICOC Presentation June 21, 2018 1 Project Overview Create a safe and secure

Measure GG ICOC Presentation June 21, 2018 1 Project Overview Create a safe and secure environment Connect the school to the community: put active uses at the edges Prioritize green space and views. Provide ample play space. Improve traffic

999 views • 52 slides
Rolland-Warner 6-7 Campus INCOMING 6 TH GRADE INFORMATION NIGHT FEBRUARY 29, 2016 Safe, Secure,

Rolland-Warner 6-7 Campus INCOMING 6 TH GRADE INFORMATION NIGHT FEBRUARY 29, 2016 Safe, Secure,

Rolland-Warner 6-7 Campus INCOMING 6 TH GRADE INFORMATION NIGHT FEBRUARY 29, 2016 Safe, Secure, Known Philosophy Being a Family: Knowing Students Programming Interventionist to assist counselors 0 Hour Utilizing I connect

459 views • 22 slides
Cardiff School Schematic Design Board Meeting April 3, 2018 Create a safe and secure

Cardiff School Schematic Design Board Meeting April 3, 2018 Create a safe and secure

Cardiff School Schematic Design Board Meeting April 3, 2018 Create a safe and secure environment Connect the school to the community: put active uses at the edges Prioritize green space and views. Provide ample play space. Improve traffic

598 views • 47 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
Updating Guidance on the Safe and Secure Handling of Medicines September 2016 Why the update?

Updating Guidance on the Safe and Secure Handling of Medicines September 2016 Why the update?

Updating Guidance on the Safe and Secure Handling of Medicines September 2016 Why the update? Section Title The safe and secure handling of medicines brief history Guidelines for the safe THE SAFE AND SECURE HANDLING OF MEDICINES: &

302 views • 13 slides
SECURE YOUR SECOND LOVE VEHICLE INSURANCE Half of your life is spent on wheels, why not insure

SECURE YOUR SECOND LOVE VEHICLE INSURANCE Half of your life is spent on wheels, why not insure

Congratulations!!! Your Vehicle Insurance is Done!! SECURE YOUR SECOND LOVE VEHICLE INSURANCE Half of your life is spent on wheels, why not insure your vehicle, so your life wheel doesnt stop. I&I will insure your second love!

151 views • 3 slides
Alvirne 2020 Budget Committee Presentation November 6, 2019 Project Priorities 1. Safe/secure

Alvirne 2020 Budget Committee Presentation November 6, 2019 Project Priorities 1. Safe/secure

Alvirne 2020 Budget Committee Presentation November 6, 2019 Project Priorities 1. Safe/secure building entrance and Main Office 2. Safe/secure drop-off sequence (site improvements) 3. Improved function for high school cafeteria (student

221 views • 20 slides
Safe Truck Platooning on public roads from the perspective of a vehicle approval authority

Safe Truck Platooning on public roads from the perspective of a vehicle approval authority

Safe Truck Platooning on public roads from the perspective of a vehicle approval authority Arjan van Vliet RDW, The Netherlands Vehicle Authority March the 21 th , Brussel Informal Transport Council Declaration of Amsterdam Experiencing

269 views • 13 slides
Connecting Europe facility Support to safe and secure parkings 6 November 2018 Mobility and

Connecting Europe facility Support to safe and secure parkings 6 November 2018 Mobility and

Connecting Europe facility Support to safe and secure parkings 6 November 2018 Mobility and Transport Safe and secure parking in CEF (2014-2017) 8 Actions (works and studies) co-funded under CEF since 2014. Total budget: 45,574,586

199 views • 9 slides
Safe CAV on public roads from the perspective of a vehicle approval authority Arjan van Vliet

Safe CAV on public roads from the perspective of a vehicle approval authority Arjan van Vliet

Safe CAV on public roads from the perspective of a vehicle approval authority Arjan van Vliet RDW, The Netherlands Vehicle Authority March the 15 th , Helmond RDWs field of work How to assess safety? For mass production: UN ECE (WP1

410 views • 11 slides
Project Things A secure gateway to connect your things to Internet February 2, 2019

Project Things A secure gateway to connect your things to Internet February 2, 2019

Project Things A secure gateway to connect your things to Internet February 2, 2019 <https://fosdem.org/2019/schedule/event/project_things> Speakers Dipesh Monga @ Mozilla Techspeakers Philippe Coval @ Samsung OpenSource 2 The hidden

558 views • 28 slides
The New York Secure Ammunition and Firearms Enforcement (SAFE) Act Dr. Ed Engelbride Dr. Bruce

The New York Secure Ammunition and Firearms Enforcement (SAFE) Act Dr. Ed Engelbride Dr. Bruce

The New York Secure Ammunition and Firearms Enforcement (SAFE) Act Dr. Ed Engelbride Dr. Bruce McBride Regina McGraw, Esq. Joseph Storch, Esq. Sarah Harvey SAFE Act Basics Response to the Sandy Hook Elementary School shooting in Newton,

512 views • 18 slides
Secure and Fair Enforcement for Mortgage Licensing (SAFE Act) - Background The Secure and

Secure and Fair Enforcement for Mortgage Licensing (SAFE Act) - Background The Secure and

SAFE Act, RESPA, and ECOA Requirements for the HOME Program Administered by The information provided in this document is provided for general information only. TDHCA endeavors to ensure the accuracy and validity of all information contained

649 views • 32 slides
Secure Management of Hazardous Materials in Sri Lanka Hazardous Waste Management PCB Safe

Secure Management of Hazardous Materials in Sri Lanka Hazardous Waste Management PCB Safe

International Conference on Safe & Secure Management of Hazardous Materials in Sri Lanka Hazardous Waste Management PCB Safe Handling & Disposal Ed Verhamme. Managing Partner September 17th & 18th 2015 Consultant, Coach &

732 views • 46 slides
TOUCAN: A proTocol tO secUre Controller Area Network Giampaolo Bella Gianpiero Costantino

TOUCAN: A proTocol tO secUre Controller Area Network Giampaolo Bella Gianpiero Costantino

AutoSec 2019 Dallas, TX, USA TOUCAN: A proTocol tO secUre Controller Area Network Giampaolo Bella Gianpiero Costantino Pietro Biondi Ilaria Matteucci 1 Automotive communication domains User to Vehicle Vehicle to Infrastructure

363 views • 12 slides
Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood Applied Research Lab : Reconfigurable Network Group Department of Computer Science and Engineering

214 views • 9 slides
Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what this device is doing, but at least its still doing the same thing. CRITIS 2017, October 9 th , 2017 Pol Van Aubel 1/31 Authors Joint work:

928 views • 31 slides
Cyber@UC Meeting 40 CEH Networking If Youre New! Join our Slack ucyber.slack.com SIGN

Cyber@UC Meeting 40 CEH Networking If Youre New! Join our Slack ucyber.slack.com SIGN

Cyber@UC Meeting 40 CEH Networking If Youre New! Join our Slack ucyber.slack.com SIGN IN! Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing Projects:

644 views • 40 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies for Local Responding To and Trust Assessment Area Monitoring and Area

291 views • 8 slides
ISGC 2017 Security Workshop Sven Gabriel Security Incident handling in Federated Clouds

ISGC 2017 Security Workshop Sven Gabriel Security Incident handling in Federated Clouds

ISGC 2017 Security Workshop Sven Gabriel Security Incident handling in Federated Clouds www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Introduction CSIRT 2017 March

703 views • 39 slides
Business Continuity at DESY a collection of themes and thoughts covering among others

Business Continuity at DESY a collection of themes and thoughts covering among others

Business Continuity at DESY a collection of themes and thoughts covering among others measures, procedures and dependencies Peter van der Reest, Yves Kemp, DESY IT Hepix Spring 2014, 21.05.2014 General DESY risk assessment > DESY

469 views • 15 slides
Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian Vetter Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2016 julian (sect) Software Security SoSe 2016 1 / 21

220 views • 21 slides

More recommend