security issues related to the future networked car...2019/03/08 · itu-t recommendation x.1373...
Post on 26-Aug-2020
2 Views
Preview:
TRANSCRIPT
Security issues related to the future Networked Car
Koji Nakao
Distinguished Researcher,
Cybersecurity Research Institute, NICT
Collaboration on ITS communication standards(Geneva, Switzerland, 8 March 2019)
Reference Model to be used for Vehicle Threats
assessment (discussed in UNECE WP29-TFCS)
2
2
3
IoT era
3
Classification of IoT business (services)
Managed Un-managed
fixed
movable
Electricity
Trains
Critical Infra
Smart Phone
Life Support Robots
Smart Home
Smart City/Town
ATM
SmartElec. Meter
Smart Health
HEMS
Smart Home Apps
IoTHome GW
ref: Dr. Tokuda, Keio Univ.
Automotive
SIP: Strategic Innovation Promotion Project by Cabinet Office, Gov. of Japan
4
Copyright 2018 Connected Consumer Device Security Council Proprietary 5
IoT Applied Domain in Japan
Res:ITR/2017
1. Automobile2. Objects3. Human4. Livestock
Tracking
MonitoringAnalysis
5. Agri-Field6. Factory7. Home/Building8. Shops9. Public Facility10. Energy Plant11. Transport
Condition12. Truck Operation13. Human Health14. Livestock15. Physical Security16. Disaster17. Nature Environment
Optimization18. Energy Consumption19. Factory Production20. Supply-Chain21. Delivery Route
NewServices
22. Sharing service23. Wearable Device24. Smart Product25. Connected Car26. Smart/Telematics
Insurance27. Smart retails28. IoT Payment Device
https://www.itr.co.jp/company/press/171012PR.html
- Emergency Report Service “HELPNET”
- Leading Safe Driving “Smiling Road”
- Managing your own driving skills “YouDrive”
- V2V/V2I communication service “ITS Connect”
- IoT Platform Service「Vehicle manager」
- Various Navigation Services “T-Connect”
- Remote Parking System
- Anomaly Detection Service for Automotive
6
Examples for use of IoT in Automotive Environment
Source:https://itiger.jp/case/643.html
7
Observation of IoT devices/systems
Worldwide spread infection
• Observed from 218 countries and/or regions
• Especially from
Asian Countries
9
IP CameraDVR
Device categories
60+ categories of IoT devices are observed. IoT devices and IoT services, implemented in Vehicle system can be attack targets. Threats related to IoT in connection with Vehicle environment should be carefully considered.
10
ITS security standards in ITU-T SG17 (Security)
11
ITU-T SG17 ITS Recommendations(under development)
X.1373(rev):Secure software update capability for intelligent transportation
system communication devices
X.itssec-2: Security guidelines for V2X communication systems
X.itssec-3: Security requirements for vehicle accessible external devices
X.itssec-4: Methodologies for intrusion detection system on in-vehicle systems
X.itssec-5: Security guidelines for vehicular edge computing
X.stcv: Security threats in connected vehicles
X.edrsec: Security guidelines for cloud-based event data recorders in
automotive environment
X.fstiscv: Framework of security threat information sharing for connected
vehicles
X.eivnsec: Security guidelines for the Ethernet-based in-vehicle networks
X.mdcv: Security-related mis-behavior detection mechanism based on big
data analysis for connected vehicles
X.srcd: Security requirements for categorized data in V2X communication
12
ITU-T Recommendation X.1373
• Title of Recommendation
– Rec. X.1373 “Secure software update capability for ITS communications devices” (Revision work is on-going)
• Scope
In the context of updates of software modules in the electric devices of vehicles in the intelligent transportation system (ITS) communication environment, this Recommendation aims to provide a procedure of secure software updating for ITS communication devices for the application layer in order to prevent threats such as tampering of and malicious intrusion to communication devices in vehicles. This includes a basic model of software update, security controls for software update and a specification of abstract data format of update software module.
13
Secure Communication
Introduction of Rec. X.1373“Scope”
Embedded Information Device
Power Management Control ECU
Seat Belt Control ECU
Driving Support ECU
Parking Assist ECU
Skid Control ECU
etc.,
Communication Head Unit
Aftermarket Communication Device
Update Server and Log Repositoryat Car Manufacturer / Garage center
........
.
Functionality of Head Unit
! Status check of ECUs! Log collection! In-car diagnosis function
Diagnosis of on-board devices
! Status check of ECUs! Log collection! Verification of update module
Communication protocol
! Between Car and Manufacturer / Garage
! Encryption! Authentication
Functionality of Server
! Stored Data Definition✓ Auth info✓ Log Audit
✓ With considerations of privacy concerns
14
Basic Procedure for OTA Update
Request of diagnose of software status
Result of diagnose with software status
Report of results of ECUs in a vehicle
Receipt for submit of diagnose report
Request of update module
Update module is provided
Notification to User (driver) for Updates
Confirmation for the update
Request for updates to ECUs
Results for updates in ECUs
Report of application of the update
Conformation from the Update server
15
Revision work is now started!
Draft Recommendation X.itssec-2
Security guidelines for V2X communication systems (X.itssec-2) – under development
Scope:• This Recommendation provides security guidelines for V2X
communication systems. V2X (or "vehicle-to-everything") is a generic term comprising the communication modes termed as vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-nomadic devices (V2ND) and vehicle-to-pedestrian (V2P) discussed in this Recommendation. This Recommendation identifies threats in the V2X communications environment and specifies security requirements for V2X communication systems.
• In-vehicle network/communication is out of scope of this Recommendation.
16
Image of V2X Communications
17
Threats in Confidenciality
18
Threats in Integrity
19
X.stcv: Security threats in connected vehicles
Under Development: Based on the result of UNECE WP29 TFCS (Recommendation Cybersecurity)
Scope:Recommendation X.stcv describes security threats to connected
vehicles (vehicle eco-system), for reference and use in other
Recommendations developed by ITU-T . It first specifies the
model of a connected vehicle (vehicle eco-system) and identifies
security threats to the connected vehicle (eco-system).
This will be completed and determined in September, 2019.
20
A concept of connected vehicle (vehicle ecosystem)
21
Content
22
1. Scope
2. Reference
3. Definitions
4. Abbreviation and acronyms, 5. Convention
6. Model of connected vehicle (vehicle ecosystem)
7. Threats to vehicle systems and ecosystem7.1 Threats regarding back-end servers
7.2 Threats to vehicles regarding their communication channels
7.3 Threats to vehicles regarding their update procedures
7.4 Threats to vehicles regarding unintended human actions
7.5 Threats to vehicles regarding their external connectivity and
connections
7.6 Potential targets of, or motivations for, an attack
7.7 Potential vulnerabilities that could be exploited if not sufficiently
protected or hardened Potential targets of, or motivations for, an attack
Draft Rec. X.itssec-3 Title: Security requirements for vehicle accessible external devices
Summary• The purpose of this draft new Recommendation is to standardize security
requirements for vehicle accessible external devices in telecommunication network environments.
• This draft new Recommendation provides security threats in vulnerable points like OBD-II port or wireless connectivity and security requirements for vehicle accessible external devices to secure access to the vehicle internal systems and safe usage of their information.
The following figure illustrates a set of assumed interfaces for accessing external devices.
23
Telematics
Bluetooth
Wi-Fi
SD/USB
OBD
PLC
InternalGateway
Head Unit(AVN/IVI)
ChassisControl
BodyControl
PowertrainControl
ADAS
External communications on Vehicle Internal communications on Vehicle
ExternalGateway
Draft Rec. X.itssec-4
Title: Methodologies for intrusion detection system on in-vehicle systems (under development)
Scope: This new Recommendation aims to provide the Methodologies for intrusion detection system on in-vehicle systems. This Recommendation will include detection models and pattern rules to recognize for the impact and likelihood of threats on vehicle systems throughout the monitoring on internal communications in the vehicle. This Recommendation will contain classifying and understanding threats on the internal communication network as CAN in vehicles which is working with specialized protocols.This Recommendation mainly focuses on the internal communications on the In-vehicle network as CAN which cannot be supported by general IDS, to ensure detecting threats which are impacting ECUs communications by using various efficient light-weight detection models such as Signature based model, Entropy based model, Self-Similarity based model, Hazard Survival based model, etc.
24
Title: Security guidelines for vehicular edge computingScope: Vehicular edge computing (VEC) is a model that supports the core cloud’s capacity for decentralising the concentration of computing resources in data centers. VEC also provides more localized storage and application services to road users, thereby making it possible to achieve lower latency delays, faster response times providing mobility support, location awareness, high availability and Quality of Service for streaming real-time applications since data processing is conducted closer to the vehicle.
This Recommendation provides security guidelines for vehicular edge computing based on an analysis of the threats and vulnerabilities identified within VEC.
25
Draft Rec. X.itssec-5
ITU-T SG17 ITS Recommendations(under development)
X.1373(rev):Secure software update capability for intelligent transportation
system communication devices
X.itssec-2: Security guidelines for V2X communication systems
X.itssec-3: Security requirements for vehicle accessible external devices
X.itssec-4: Methodologies for intrusion detection system on in-vehicle systems
X.itssec-5: Security guidelines for vehicular edge computing
X.stcv: Security threats in connected vehicles
X.edrsec: Security guidelines for cloud-based event data recorders in
automotive environment
X.fstiscv: Framework of security threat information sharing for connected
vehicles
X.eivnsec: Security guidelines for the Ethernet-based in-vehicle networks
X.mdcv: Security-related mis-behavior detection mechanism based on big
data analysis for connected vehicles
X.srcd: Security requirements for categorized data in V2X communication
26
Security issues and standardization
<Security issues under ITS environment>1. Observe and Analyze “Threats” & “Vulnerabilities” including emerging
IoT threats;2. Detection of injected Malwares/Mal-functions in vehicle;3. Conducting Threat assessment and risk management (for vehicle eco-
system);4. Establishment of Remote Software/Firmware update (OTA);5. Research of Appropriate security capabilities (Data confidentiality,
Privacy protection, Authentication. Access control, incl. Lightweight crypto)
6. Remote Maintenance (e.g. Remote Kill Switch) including for IoT devices7. Global Incident handling and Information Sharing capabilities
27
<For ITS security standardization>1. Related SDOs should be coordinated and collaborated;2. Threats assessment methodology for Vehicle eco-system can be
standardized (not only for threat assessment on Vehicle);3. Standards can produce a certain level of security requirements which
will be related to “Certification of Vehicle and Vehicle eco-system”;4. Is there any requirements for establishing global incident handling
and information sharing scheme? Do we need a capability of AUTO-ISAC?
top related