security patterns for automotive systems
play

Security Patterns for Automotive Systems Betty H.C. Cheng with - PDF document

Jul 01, 2023 •157 likes •327 views

9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview Background Review of threat surfaces Automotive Security Pattern structure Excerpts from Automotive

  1. 9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview • Background • Review of threat surfaces • Automotive Security Pattern structure • Excerpts from Automotive Security Pattern repository 1

  2. 9/16/19 Software Design Patterns • Reuse of successful system designs • Known solution to common problems • Gamma et al. formulation: [1] • Pattern name • Problem addressed • Solution • Consequences of pattern use Security Patterns • Used to manage threats to a given system [2] • Security Patterns research active in several domains: • Distributed Systems [3] • Enterprise Systems [4] • Cloud Computing Systems [5] • Security patterns can be applied to requirements gathering, design and implementation [6] 2

  3. 9/16/19 Previous work on security patterns • Fernandez [2] • Formulation of security patterns for typical enterprise environment • Dougherty et al [7] • Documenting demonstrably security-effective techniques from existing designs • Schumacher et al [8] • Categorize and unify a variety of security patterns • Wassermann and Cheng [9] • Template for security patterns extended to include relation to 10 security principles CAN-Bus Threat Surface • Broadcast protocol available to any attached ECU [10] • Lacks authentication and encryption [10] • Message arbitration is based on a prioritization scheme [11] • Subject to attacks: • ECU injection attacks [12] • Compromising sensitive data [10] • DDOS attacks [13] 3

  4. 9/16/19 V2X Threat Surface • Vehicular Ad-hoc Networks (VANET) allow network nodes to move freely within a range and stay connected [14] • Nodes communicate with other nodes through node hopping, • routing is determined in real-time [15] • Nodes freely enter and leave a given network[15] Other Threat Surfaces • OBD-2 port [16] • Bluetooth network [13] • Telematics System [17] • Key Fob [18] • Media player/ Auxiliary port [19] • Tire Pressure Monitoring System [20 ] • Ad-Hoc V ehicle Networks [21] • Over-the-air firmware updates [12] 4

  5. 9/16/19 Threat Surfaces COMPONENT SURFACE THREA T TYPE OBD-2 Port • Direct Access • Interception • Access via pass-thru • Interruption devise • Modification • Fabrication Key-Fob* • Duplicate Rf-Id chips • Interception • Fabrication • Theft Media Player & Auxiliary • Connected media (e.g. - • Interruption port (e.g. - audio jack or Memory stick, iPods, CD • Fabrication USB port) etc) Dealer Pass-thru device • Connected service • Interruption computer/device • Modification Threat Surfaces (cont) COMPONENT SURFACE THREA T TYPE T elematics Unit • Compromised software • Interception • Compromised connecting • Interruption device • Modification Vehicle Bluetooth Network • Network PIN breakage by • Interception proximal device • Interruption ECU* • Duplicate/malicious non • Modification OEM component • Interruption installation • Fabrication Tire Pressure Monitoring • Intercept broadcast of • Interruption System readings to Dashboard • Fabrication cluster • Interception 5

  6. 9/16/19 Threat Surfaces (cont) COMPONENT SURFACE THREA T TYPE Vehicular Ad-hoc Network • T ransmission from • Interception compromised node to • Interruption another • Fabrication T elematics Service • Service parameters like I.P. • Interception address and subscriber • Interruption identity module (if present) Digital Car Radio • Broadcast data processing • Fabrication • Interruption Template for Security Patterns • Several templates have been used in previous security pattern research: • Security Patterns in Practice [2] • Security Patterns Repository [22] • Security Patterns: Technical Report [9] • We constructed our template following the one defined by Gamma et al for general design patterns and extended by Wasserman and Cheng [9] for security-specific patterns • Incorporation of UML • Incorporation of guiding security principles 6

  7. 9/16/19 Template for Security patterns • Pattern Name and • Constraints Classification • Consequences • Intent • Known Uses • Also Known As • Related Security • Motivation Patterns • Properties • Related Design Patterns • Applicability • Related Security Principles • Structure • Participants • Collaborations • Behavior Guiding Principles • Guiding Security Principles: • Viega-McGraw: Ten principles for building secure software [23] • SAE Standard J3061: Cybersecurity Guidebook for Cyber- Physical Vehicle Systems [24] • Overlaps exist between the two sources • Principles facilitate understanding of Security Patterns and provide security insight [9] 7

  8. 9/16/19 Viega-McGraw Security Principles • V1 - Secure the weakest link • V2* - Practice defense in depth • V3 - Fail securely • V4* - Follow the principle of least privilege • V5 - Compartmentalize • V6 - Keep it simple • V7* - Promote Privacy • V8 - Hiding secrets is hard • V9 - Be reluctant to trust • V10 - Use community resources Source: [23] * Indicates overlap between Viega-McGraw and J3061 SAE standard J3061 • J1* - Protect Personally Identifiable Information and Sensitive data • J2* - Use principle of least privilege • J3* - Apply defense in depth • J4 - Prohibit changes to calibrations and/or software that have not been thoroughly analyzed and tested • J5 - Prevent vehicle owners from intentionally or unintentionally making unauthorized changes to the vehicle’s systems that could introduce potential vulnerabilities Source: [24] * Indicates overlap between Viega McGraw and J3061 8

  9. 9/16/19 STRIDE Properties • Industrial collaborators requested inclusion of Microsoft STRIDE properties [31] for each pattern: Inline with their security-based development process • Commonly used in industry • Threat Property Security Questions Spoofing Authentication Does system use multi-factor authentication? Enforce credential creation, use, and maintenance principles? T ampering Integrity Detect/prevent parameter manipulation? Protect against tampering? Secure design principles used? Repudiation Non-Repudiation Log and verify all user interaction with attribution? Information Disclosure Confidentiality Follow standard encryption for secure connections? Denial of Service Availability Built/tested for high availability? Elevation of Privilege Authorization Support management of all users/privileges? Automotive Security Patterns Repository Pattern Name Description Authorization Manage authorization for use of secured resource Blacklist Prevent suspicious addresses from participating in a network DDoS Redundancy Makes a network more resilient to a (Distributed) Denial of Service Attack (DDoS) Firewall Filters traffic from external entities to allow only authorized uses of a system Multi-Factor Provides redundant authentication scheme and stronger Authentication defense against unauthorized access Multi-level Security Separate levels of access rights in a system Signature IDS Monitor traffic on network for concerning behavior Symmetric Encrypt message so that only intended receiver may read it Encryption Tamper Resistance Deters unauthorized changes to a system Third Party Provides third party validation of a message broadcasted in a Validation network 9

  10. 9/16/19 Characterstics of Patterns in Repository Pattern Appl V1 V2, V3 V4, V5 V6 V7, V8 V9 V10 J4 J5 J3 J2 J1 Authorization P X X X Blacklist P, M X X X DDoS P, M X X X Redundancy Firewall P, D X X X Multi-Factor P X X X Authentication Multi-level P, M X X X X X Security Signature IDS P, D, M X Symmetric P X X Encryption T amper P, D, M X X X X Resistance Third Party D, M X X Validation Sample Patterns from Repository 10

  11. 9/16/19 Authorization Pattern • Classification • Structural • Intent • Facilitate access to protected resource • Motivation • Restricting access to a resource, differentiating access rights • In automotive systems this may be CAN bus, ECU controller interface, etc. • Properties • Can be used to satisfy the Authentication property, and the Authorization property Authorization Pattern • Applicability • Automotive systems where supervision is required • Such management may not exist in system or protocol i.e., CAN bus [11] • Participants • Protection Object • Rights • Subject • Collaborations • Subjects access Protection Objects. • Rights object finds appropriate association between Subjects and Protection Objects 11

  12. 9/16/19 Authorization Pattern • Structure Authorization Pattern • Behavior 12

  13. 9/16/19 Authorization Pattern • Constraints • Performance considerations for authorization protocol • Performing authorization outside shared resource • Consequences • Confidentiality, Integrity, and Availability can all be improved through rigorous rights enforcement • Performance may derogate from extensive rights checking • Additional hardware may incur cost to system • Authorization may limit utilization of shared resources Authorization Pattern • Known uses • Access control unit [25] • Hardware based authorization and authentication system attached to communications bus similar to CAN • Allows for authorization to be done concurrently with bus communication • Hardware allows for faster authentication and authorization protocols • Related Patterns • Checkpoint pattern [9] [26] • RBAC pattern [9] [26] 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering, John Wiley and Sons Ltd., 2006 Lecture outline What is pattern? What is

1.04k views • 83 slides
Rieter Automotive Systems Presentation by Erwin Stoller CEO Rieter Automotive Systems Sept. 30

Rieter Automotive Systems Presentation by Erwin Stoller CEO Rieter Automotive Systems Sept. 30

Rieter Automotive Systems Presentation by Erwin Stoller CEO Rieter Automotive Systems Sept. 30 / Oct. 1, 2004 Presse- und Finanzanalystenreise 30.9.04 1 Rieter Automotive Systems Agenda 1. Market Development Markets, Products,

542 views • 29 slides
Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria M. Larrondo Petrie Dept. of Computer Science and Eng. Florida Atlantic University www.cse.fau.edu/~security {ed, maria}@cse.fau.edu ICWMC/ICCGI

2.27k views • 184 slides
ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO

ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO

LOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO KASPER, PIERRE PAVLIDES PRESENTED BY JACOB BEDNARD, WAYNE STATE UNIVERSITY CSC5991 MAJOR CONTRIBUTIONS VW Group

668 views • 40 slides
HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems Pieter.willems@silexinsight.com December 2019 This is Silex Insight What we do: IP provider for security and video in embedded systems Headquarters in

408 views • 22 slides
A Paravirtualized Android for Next Generation Interactive Automotive Systems Soham Sinha, Ahmad

A Paravirtualized Android for Next Generation Interactive Automotive Systems Soham Sinha, Ahmad

A Paravirtualized Android for Next Generation Interactive Automotive Systems Soham Sinha, Ahmad Golchin, Craig Einstein, Richard West Department of Computer Science, Boston University Interactive Automotive Systems 2 Interactive Automotive

432 views • 20 slides
Automotive Systems Presse- und Finanzanalystenreise 24./25.09.03 Erwin Stoller CEO, Rieter

Automotive Systems Presse- und Finanzanalystenreise 24./25.09.03 Erwin Stoller CEO, Rieter

Automotive Systems Presse- und Finanzanalystenreise 24./25.09.03 Erwin Stoller CEO, Rieter Automotive Systems Agenda Geschftsgang 01 Strategie 02 Ausblick 03 Presse- und Analystenreise 2003 24./25.09.03 / Sto/JW 2 Rieter Automotive

494 views • 34 slides
Scorpion Automotive Ltd UK based Manufacturer Established in Vehicle Security since 1973

Scorpion Automotive Ltd UK based Manufacturer Established in Vehicle Security since 1973

Scorpion Automotive Ltd UK based Manufacturer Established in Vehicle Security since 1973 Forward thinking automobile company incorporating well-known and trusted brands R & D APQP Meeting Head Office Scorpion Automotive Ltd

477 views • 26 slides
Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems

Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems

Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems Security Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage Telematic Control Units Connects to cars OBD-II port Monitors

1.02k views • 28 slides
How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C workshop Pierre.Girard@gemalto.com Rome, November 14, 2012 Agenda Gemalto introduction Car as a programming platform Safety, security and

179 views • 15 slides
Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of

Chapter 5 Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, April 7, 2015 1 /

458 views • 7 slides
Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Chapter 4 Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March 31, 2015 1 /

131 views • 10 slides
Cross-national patterns associated with adult learning systems: Patterns of participation and

Cross-national patterns associated with adult learning systems: Patterns of participation and

Cross-national patterns associated with adult learning systems: Patterns of participation and outcomes RICHARD DESJARDINS UCLA Department of Education Leuven, Belgium, September 2018 Overview What is meant by Adult Learning Systems?

246 views • 21 slides
Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1

Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1

Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1 Challenges for the automotive industry Cultural: Cyber security is new to the industry They need to get the right structures and

377 views • 5 slides
Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of

Chapter 1 Chapter 2 Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March

794 views • 14 slides
Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio Garcia University of Birmingham Joint work with Roel Verdult, David Oswald, Timo Kasper, Josep Balasch, Baris Ege, Pierre Pavlides The automotive

697 views • 65 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
Mobile Goes Remote 25. september 2012 1 onsdag den 26. september 12 Before going remote...

Mobile Goes Remote 25. september 2012 1 onsdag den 26. september 12 Before going remote...

Mobile Goes Remote 25. september 2012 1 onsdag den 26. september 12 Before going remote... Enablers Purpose Execution 2 onsdag den 26. september 12 Market perspective Check: Critical mass on mobile In your pocket Used everywhere

263 views • 23 slides
Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000

Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000

Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000 Background Senior Ethical Hacker. IBM Global Services. 1999 2005 Security Software Developer. Microsoft SWI Attack Team. 2005

943 views • 62 slides
COSIC Ashur, Benedikt Gierlichs and Bart Preneel an imec research group at KU Leuven Lennert

COSIC Ashur, Benedikt Gierlichs and Bart Preneel an imec research group at KU Leuven Lennert

Fast, Furious and Insecure Lennert Wouters , Eduard Marin, Tomer COSIC Ashur, Benedikt Gierlichs and Bart Preneel an imec research group at KU Leuven Lennert Wouters , Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Passive

659 views • 37 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Klbel About Cornelius Cornelius Klbel 2FA since 2005 Smartcards, Aladdin eT oken, privacyIDEA since 2014

311 views • 27 slides
CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security CHAPTER 1 - INTRODUCTION 1 Research in Computer Security Studies in what ways

794 views • 77 slides
CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC Modeling Workshop Beijing, PRC November, 2004 Contents General considerations for policy modeling 1. Examples of CGE applications 2. Strategy

375 views • 34 slides

More recommend