Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Automotive Security

    Hochgeladen von

    Bura Roxana
    352 Ansichten18 Seiten
    The document discusses automotive cyber security. It notes that modern cars are complex computer systems that are vulnerable to cyber attacks. It outlines the aims of security such as confidentiality, authenticity and integrity. It describes the layered security concept and specific security measures like secure download, secure boot, secure communication and secure diagnostics. These measures use techniques like encryption, hashing, digital signatures and access control to protect vehicles and their systems from cyber threats.

    Originalbeschreibung:

    Automotive

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The document discusses automotive cyber security. It notes that modern cars are complex computer systems that are vulnerable to cyber attacks. It outlines the aims of security such as confidentiality, authenticity and integrity. It describes the layered security concept and specific security measures like secure download, secure boot, secure communication and secure diagnostics. These measures use techniques like encryption, hashing, digital signatures and access control to protect vehicles and their systems from cyber threats.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    352 Ansichten18 Seiten

    Automotive Security

    Hochgeladen von

    Bura Roxana
    The document discusses automotive cyber security. It notes that modern cars are complex computer systems that are vulnerable to cyber attacks. It outlines the aims of security such as confidentiality, authenticity and integrity. It describes the layered security concept and specific security measures like secure download, secure boot, secure communication and secure diagnostics. These measures use techniques like encryption, hashing, digital signatures and access control to protect vehicles and their systems from cyber threats.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 18

    Automotive Cyber Security

    Andi Otea
    March 2017

    1
    FOCUS ON WHAT WORK ON TASKS
    REALLY MATTERS AND WHERE YOU DO NOT
    PROVIDES CLEAR UNDER-STAND THE
    BENEFIT FOR HELLA VALUE FOR HELLA

    HF-7761EN_C (2014-06)
    HF-7761DE_C (2013-10)
    Automotive Cyber Security
    Content

    Modern Car

    Automotive Cyber-Security overview

    Aims of Security

    Layered Security Concept

    Secure Download

    Secure Boot

    Secure Communication

    Secure Diagnostics

    2 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Modern cars are complex

    3 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Automotive Cyber Security overview

    Remember to lock your car is no longer sufficient advice to protect your vehicle

    Computer attacks are now a clear and present danger for car users, dealers,
    manufacturers, and suppliers

    4 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Automotive Security & Safety

    Computer security joins reliability and safety as a cornerstone for consumer


    confidence and continued success in the automotive industry

    5 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Evolution of Security Challenges

    6 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Aims of Security

    7 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Layered Security Concept

    8 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Download

    Security Goal: Confidentiality, Authenticity and Integrity of Software and System Data

    It shall be ensured that SW is downloaded to the ECU in a secured way, i.e.:

    the download image cannot be investigated while transmitted to the ECU


    the download image has not been created/modified by an unauthorized party
    the download image has been correctly flashed to the ECU without any errors

    9 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Download

    Classic Software update tester connected directly to the car

    Over the Air (OTA) update software update received wirelessly

    Secure Transfer: Send Software update Encrypted

    Authenticity check: recalculate the Hash on the received Software and compare it with
    a Reference Hash

    10 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Boot

    Security Goal: Authenticity and Integrity of Software

    It shall be ensured that only SW with proven authenticity & integrity is executed:

    that has not been created/modified by an unauthorized party


    that has been correctly flashed to the ECU without any errors

    To provide Secure Boot functionality the ECU must be equipped with a HSM
    (hardware security module) that acts as a trust anchor

    11 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Communication

    12 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Communication

    Security Goal: Authenticity and Integrity of onboard-communication

    It shall be ensured that messages transferred over onboard communication busses:

    cannot be manipulated during transmission

    cannot be recorded and transmitted later again (replay attack)

    e.g. by an attacker without detection by the receiver of the message

    13 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Criptographic Hash function

    It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed
    size

    Is designed to be a one-way function (a function infeasible to invert)

    Usecases: digital signatures and Message Authentication Codes (MACs)

    A key is a piece of information (a parameter) that determines the functional output of a


    cryptographic algorithm

    14 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Key-Hashed MAC

    15 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Diagnostics

    Modern care has multiple ECUs with complex software

    There is need for interacting with the car

    Parameter changes
    Check errors

    This should be done only by authorized persons, in a secure way

    16 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Secure Diagnostics

    Usage of standard Security Access Service($27)

    Tester (Client) request access and receives from ECU (Server) a Seed

    Tester calculates a password (based on Seed and a diagnosis secret Key)

    The ECU calculate its own password (in the same way)

    Tester sends the password to ECU, and if passwords match access is granted

    Access Req

    Send Seed

    Send Password

    17 Automotive Cyber Security | 2017


    Automotive Cyber Security
    Thank You!

    18 Automotive Cyber Security | 2017

    Das könnte Ihnen auch gefallen