Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
SESSION ID:
#RSAC
Andreas Wuchner
HOW SECURE IS THE HYPER-CONNECTED CAR?
SBX3-R1
CTO Security InnovationDXC Technology
Dionis Teshler
CTO, Co-FounderGuardKnox
#RSAC
Presentation Overview
3
DXC and GuardKnox – the German connectionIntroduction to the modern carThe hyper-connected carHow to secure the hyper-connected car?Summary and Way Forward
#RSAC
GuardKnox intro
7
Iron Dome MissileDefense System
Israeli F-16I Program Israeli F-35 Program
Arrow 3 Anti BallisticMissile Defense System
7
#RSAC
How many computers (ECUs) are there in a modern passenger car?
14
15
40
80
150
0
20
40
60
80
100
120
140
160
2004 2006 2008 2010 2012 2014 2016 2018 2020
# of
ECU
s
Model Year
#RSAC
How many lines of code are there in the modern car?
15
145,000 l i n e s o f c o d e
40,000,000 l i n e s o f c o d e
300,000,000l i n e s o f c o d e
100,000,000 l i n e s o f c o d e
#RSAC
Beyond complexity, cars are becoming increasingly connected
1711117777
TPMS
VEHICLETO VEHICLE
COMMUNICATION
V2X
OBD II PORTANTI THEFT
KEYLESSENTRY
TELEMATICS
VEHICLETO INFRASTRUCTURE
COMMUNICATION
INFOTAINMENT
#RSAC
Hottest new features in 2018 cars
18
Semi-Autonomous Driving
Advanced Safety
In-Vehicle Wellness
Rich Video/Audio Streaming
Augmented Reality
Feature Rich Bluetooth
Finding Parking
Advanced Rear-seat Infotainment
Noise Level Adjustment
Smarter Smart Keys
#RSAC
The US is leading adoption of connected and autonomous vehicles
23
Source: Grand View Research
140K
#RSAC
Automotive cyber Enterprise cyber
25
Prevent Data TheftBusiness Continuity
99% reliability with false positives
Passenger SafetyVehicle Reliability
99.999%
#RSAC
Key requirements for an automotive security solution – challenging paradigms
26
No constantconnectivity
requiredSecurity fromthe ground up
No humaninteraction
StandaloneOperation
#RSAC
The connected car requires multiple security layers according to functional domain
272772
Direct impact on safety of passengers
Major inputs into safety critical systems
General vehicle systems, environment
Data monetization, Telematics, FMS
Infotainment, Applications, Convenience
•DIONIS TESHLER, GUARDKNOX | AUTOMOTIVE SAFETY AND CYBER SECURITY: THE ROAD TO THE SAFE CONNECTED CAR28 GUARDKNOX PROPRIETARY AND COPYRIGHT © 2018
GatewayECU
System Perspective
INFOTAINMENTECU
RKEECU
ADASECU
V2XGateway
TelematicsGateway
4G
28
#RSAC
Discrete security domains – the “connectivity” domain and the “driving” domain
29
Connectivity
Driving
InfotainmentTelematics
UI/UX
ActiveSafety
EngineManagement Breaks
•DIONIS TESHLER, GUARDKNOX | AUTOMOTIVE SAFETY AND CYBER SECURITY: THE ROAD TO THE SAFE CONNECTED CAR31 GUARDKNOX PROPRIETARY AND COPYRIGHT © 2018
Defense in Depth
RKEECU
ADASECU
V2XGateway
TelematicsGateway
Connectivity
Root of Trust
ADAS
Isolate Safety Critical ECUs
Verification ofSensor Data
GatewSecure Data
Handling + Privacy
Gaaaaaattttttteeeeeewway
CertificateManagement
3rd Party Application Sandboxing
INFOTAINMENTECU
4G
31
#RSAC
Regulation and standardization are playing a major role in cybersecurity for automotive
33
Future thought: Consumer Security Rating
Automotive security standards – ISO 21434
Legislation – SPY CAR act
#RSAC
Automotive architecture will need to incorporate robust security from the ground up
36
Defense-In-Depthapproach
Incorporate securityinto communication and
sensors (incl. V2X)
Automotive-readyoperations center
#RSAC
RKEECU
ADASECU
V2XGateway
TelematicsGateway
Connectivity
Root of Trust
ADAS
Isolate Safety Critical ECUs
Verification ofSensor Data
GatewSecure Data
Handling + Privacy
Gaaaatetetetetewaw y
CertificateManagement
3rd Party Application Sandboxing
INFOTAINMENTECU
4G
Where do we start? Secure Separation!
37
ADASECECUU
#RSAC
What can we do as consumers? (Apply Slide)
38
BE AWARE that modern cars are connected and thus vulnerable
Security research on your next car – make security a part of your buying decision
Join the automotive cyber security community – need for security professionals in the automotive industry is growing
Be weary of plugging things into the OBD port, especially while driving!
#RSAC
Practical user guide for buying a secure car
39
Carburetors for Security
Buy track ready
More cylinders foradded resilience
SESSION ID:
#RSAC
Andreas Wuchner
THANK YOU!
SBX3-R1
[email protected]+41-79-547-3908
Dionis Teshler
[email protected]+1-213-599-6261