Risk Based Security - Automotive 2017

1 Risk Based Security Automotive Safety & Security , 30. Mai 2017. Christof Ebert and Dominik Lieckfeldt, Vector Consulting Services | 2017-05-30. Agenda u Motivation Risk- Based approach to Cybersecurity Conslusion 2/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Motivation The Challenge of Increasing Functionality u Increasing number and complexity of functions u More and more distributed development u Rising safety, Security and network requirements Car2 Car, Car2X. Cloud Computing 5G mobile communication Fuel-cell technology Autonomous driving Brake-by-wire Steer-by-wire Security & safety Electric powertrain Laser-sourced lighting Adaptive cruise control 3D displays Lane Assistant Gesture HMI.

2 Stop-/Start automatic Ethernet/IP backbone Electric Hybrid powertrain Emergency Break Assist powertrain Electronic stability control Active Head-up Display Adaptive cruise control body control Electronic Brake Control Lane Assistant Gearbox control Emergency call Telediagnostics Stop-/Start automatic Traction control Electric power steering Online Software Updates Emergency Break Assist CAN FLEXRAY AUTOSAR Head-up Display Electronic fuel Anti lock brakes Gearbox control Hybrid powertrain Electronic Brake Control injection Electronic fuel Traction control Electronic stability control Active Telediagnostics Anti-lock brakes injection CAN bus body control.

3 AUTOSAR .. 1975 1985 1995 2005 2015 2025. 3/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Motivation Connectivity + Complexity = Cyber Attacks OEM Suppliers ITS. Operator Eavesdropping, Data leakage Command injection, data corruption, OBD Man in the DSRC. back doors middle attacks 4G LTE. Physical attacks, Password Sensor confusion attacks Rogue clients, malware Public Clouds Service Application Provider vulnerabilities 4/26 2017. Vector Consulting Services GmbH. All rights reserved.

4 Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Motivation Many different attack vectors to be regarded OEM Suppliers ITS Operator Attack Vector DSRC. OBD. E/E Network 4G LTE. Public Clouds Service Provider 5/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Motivation Why do we need to care about Cybersecurity Functional Safety Cyber Security Privacy Goal: Protect health Goal: Protect assets Goal: Protect personal data Risk: Accident Risk: Attack, exploits Risk: Data breach Governance: ISO 26262 Governance: ISO 27001 etc.

5 Governance: Privacy laws Methods: Methods: Methods: HARA, FTA, FMEA, TARA, TARA, . Fail operational, Cryptography, IDIP, Cryptography, . Redundancy, Key management, Explicit consent, . 6/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Motivation Feature Example: Experiences from developer's daily life . Safety Item Key (RF antenna) Lock/Unlock Bolt Passive Entry/ Steering Column Lock Velocity Passive Start QM ASIL D. ? Doors lock Function Hazard S/E/C ASIL. Passive Entry After starting from standstill a nearby second key opens the car from S2/E3/C1 QM.

6 Remote by accident. Doors are unlocked and opened unintentionally. Car could open and hit pedestrian on low speed. Steering Column During driving on high speed (Highway) steering column is locked and S3/E4/C3 D. Lock vehicle crashes in safety fence Steering Column Person nearby is locking steering column from remote whereby S3/??/C3 ?? Lock the vehicle is on medium speed. Functional safety methods do not cover Security issues. An Automotive standard is missing. 7/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector.

7 | 2017-05-30. Motivation Different Threats Demand Holistic Systems Engineering Functional Safety Cyber Security Privacy Goal: Protect health Goal: Protect assets Goal: Protect personal data Risk: Accident Risk: Attack, exploits Risk: Data breach Governance: ISO 26262 Governance: ISO 27001 etc. Governance: Privacy laws Methods: Methods: Methods: HARA, FTA, FMEA, TARA, TARA, . Fail operational, Cryptography, IDIP, Cryptography, . Redundancy, Key management, Explicit consent, . Liability Risk management Holistic systems engineering 8/26 2017. Vector Consulting Services GmbH. All rights reserved.

8 Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Agenda Motivation u Risk- Based approach to Cybersecurity Conslusion 9/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Risk- Based approach to Cybersecurity Functional safety & Cyber Security Risk Based approach Risk = Severity of harmful event Probability of occurrence inacceptable risk Probability acceptable risk Severity The purpose of development measures is to reduce the residual risk (caused by new features) to an acceptable level.

9 10/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Risk- Based approach to Cybersecurity Concept of Threat Analysis and Risk Assessment (TARA). Threat-Model & Concept for Assets Measures Verification risks Solution General Automotive asset categories Example: Identified threats u Safety Safety 1 u Injuries because of malfunctioning Passive - Vehicle functions Entry u Financial Privacy / 2 u Loss of annual sales due to damage to brand Legislati Finance image on - Brand - Private Image u Operational Performance data Doors locked -ECU SW.

10 U Privacy/Legislation Operational Performance 3 u Theft of private data - Driving performance Security considers a larger scope of threats compared with Safety. 11/26 2017. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. | 2017-05-30. Risk- Based approach to Cybersecurity Detailed Steps for TARA. Threat-Model & Concept for Assets Measures Verification risks Solution Asset/Function Security Attack Threat Risk Asset 1 Attack-type 1 Threat 1 EAL (Evaluation Assurance Levels ). Function 1 Attack-type 2 Threat 2 ASIL.