Automotive Security Challenges And The Automotive Serdes


Download Automotive Security Challenges And The Automotive Serdes


Preview text

AUTOMOTIVE SECURITY CHALLENGES AND THE AUTOMOTIVE SERDES ALLIANCE SOLUTION.

Dr. Lars Völker Stefan Lachner

2020-10-14

INTRODUCTION.
• The automotive industry must cope with a changing world!
• Trend 1: Autonomous driving changes vehicles!
• Highly critical functions are automated with increasing amounts of software. • For high levels the driver wants to give up control of the vehicle.
• Trend 2: Attacks against vehicles are getting more common!
• Vehicle attacks get more interesting. • Attackers better understand vehicles every day.
• What happens if you combine those two?

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

2

TECHNICA ENGINEERING
AUTOMOTIVE SECURITY CHALLENGES AND THE ASA SOLUTION.
TABLE OF CONTENTS
• Introduction. • Automotive life cycle. • What to consider for secure SerDes? • ASA SerDes Security! • Summary.

THE AUTOMOTIVE LIFE CYCLE.
• Automotive is different and has specific requirements.
• Building vehicles:
• Building vehicles needs to be automated and robust. • OEMs cannot trust every plant worldwide.
• Startup and vehicle usage:
• Startup times and sleep cycles are very critical. • Scalability is very important. • Vehicles have a long life. • Service in the garage needs to be considered.
• For more details refer to [1].

[1] Dr. Lars Völker, BMW: “Why is network security in vehicles so hard?”, Hanser Automotive Networks, 2018.

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

4

WHAT TO CONSIDER FOR SECURE SERDES?

• Life Cycle:
• Production in OEM plant. • Part replacement. • Part transfer between vehicles. • Development Support. • Lifecycle Requirements in Supply Chain. • Counterfeit Parts.

Use Case or Requirement

• Security attacks on vehicle to consider:
• Sensor stolen and sold as spare part. (Component theft). • Man-in-the-Middle devices. • Manipulation of SerDes links. • Data leakage / data protection.

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

5

VEHICLE IN PLANT.
• Production: Vehicle assembly in OEM plant.
• Vehicle is assembled. • Tester connects plant vehicle to plant IT.
• Install Software? Coding? Generating Keys? Certs?
• Plant IT is connected to central IT.
• Transfer data to and from central infrastructure.
• Requirements:
• Assembly needs to be fast! • Plant might not be online 100% of the time! • Plant might not be fully trusted!

SerDes Link
Vehicle Root ECU CPU DReovoicte Cam

”Tester”

Plant IT

OEM Central IT

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

6

VEHICLE IN SERVICE.
• Service is done by OEM owned or controlled or totally independent garage.
• Only limited trust by OEM possible. • Testers in Garage might not be fully online.
• Relevant use cases:
• Part replacement: exchange broken part.
• Part broken by accident. • Vehicle needs to work again. Securely.
• Part transfer: transfer between vehicles.
• This needs to possible for the owner. • This is very similar to “reusing stolen parts”. • How to separate those two?

OEM Vehicle

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

Vehicle Cam
Vehicle Cam
7

VEHICLE DEVELOPMENT.
• OEM needs to develop and validate.
• Security needs to allow Development.
• Requirements for vehicle development:
• OEM needs to record and understand communication. • OEM needs to be able to simulate parts. • OEM needs to be able to transfer and modify parts.
• The same is true for Tier-1, etc.

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

Cam 0.1 Cam 0.3 Cam 1.0
8

SUPPLY CHAIN AND COUNTERFEITING.

• Parts needs to be distributed world-wide.

• Theft in supply chain is possible.

OEM

• Counterfeit parts:
• Problems for Safety and Security! • Customers might be tricked into lower quality. • Tools might be stolen of Tier-1.

Tier-1 Cam

Garage

• Requirements:
• Allow control of supply chain! • Stop counterfeiting.

Thief Counterfeiter

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

9

ATTACK: COMPONENT THEFT.
• More expensive components (RADAR, LIDAR, …) used.
• The market for component theft is huge!
• Replacement parts for fixing a vehicle after an accident. • Parts to “upgrade” vehicle features. • Parts to masquerade mileage manipulation.
• Component theft costs are high!
• Vehicles are stolen or broken into. • Damages on vehicle are high (e.g. cut cable harness or broken window). • This is reflected in insurance premiums.
• Component theft needs to be made useless for the attacker!

2020-10-14

Automotive Security Challenges and the Automotive SerDes Alliance Solution

10

Preparing to load PDF file. please wait...

0 of 0
100%
Automotive Security Challenges And The Automotive Serdes