preventing external connected devices from compromising vehicle … · 2019. 3. 1. · volkswagen...
TRANSCRIPT
Preventing External Connected Devices From Compromising Vehicle SystemsVector CongressNovember 7, 2017Novi, MI
Bob Gruszczynski – VWoAOBD Communication Expert
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 3
•Challenges to OEMs regarding data access•Vehicle data access vs. vehicle security
•Many entities requesting both legitimate and non-legitimate access•Inspection and Maintenance•Workshop/Service
Current Cybersecurity Status
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 4
•Vehicle data access vs. vehicle security •Insurance “telematics”•Other “telematics”•“Prognostics”•Modification of powertrain components (“tuning”)•Malicious attacks (“hacking”)•Digital Millennium Copyright Act (DMCA)
Current Cybersecurity Status
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 5
Initially, due to research activity into vehicle hacking, efforts began to describe/define issues• SAE- Electrical and Electronics Diagnostic Committee
(J3005), Cybersecurity Systems Engineering Committee (J3061)
• NHTSA - Request for Comment on Automotive Electronic Control Systems Safety and Security
• US Government- GAO, US DOT, DHS S&T, NIST• ISO TC204, TC32
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 6
•OBD Devices•Wirelessly enabled
Wireless network can be spoofed•Bluetooth enabled
Malware installed in phone app•Carnegie Mellon University study with NIST Volpe Research Center – results at:https://resources.sei.cmu.edu/asset_files/WhitePaper/2016_019_001_453877.pdf
Preliminary results show poor software design and cybersecurity practices across a high percentage of currently deployed devices.
Current Cybersecurity Status
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 7
Current situation:
scen
ario
hack
erat
tack
hacker attackover the mobile communication tothe customerOBD dongle
hacker starts criticalfunctions over theUDS protocol
Volkswagen Group of AmericaEngineering and Environmental Office (EEO)
There are many discussions about further concepts to solve the security problem with e.g. 3rd-party dongles:
1. concept for a short-term solution• Gateway equipped• Non-Gateway equipped• “Hybrid”
2. concept for a long-term solution• Planned in future as a two step solution
• first step: protection of diagnostic access• second step: protection of diagnostic data
8
Volkswagen Group of AmericaEngineering and Environmental Office (EEO)
Concept for a long-term solutionfirst step: protection of diagnostics access
9
IT-Backendcreation of security tokenidentity and access
managementLog saves all events,
accesses, and errors
Diagnostic systemprivate key and
certificate signing requestrouting of security
tokenIndividual-ID: (VIN,
ECU-ID, Project-ID)
secure channel
Electronic Control Unit (ECU)signature verification and
public key
Volkswagen Group of AmericaEngineering and Environmental Office (EEO)
Concept for a long-term solutionsecond step: protection of diagnostic data
10
IT-Backendprivate key and certificate
signing request & data
Diagnostic systemIndividual-ID: (VIN,
ECU-ID, Project-ID)
secure channel
Electronic Control Unit (ECU)signature verification and
public key for every request which change data or start secured functions
For the second step – there are a lot of open questions regarding process and possibleadvantages/ disadvantages, potential risksand problems (e.g. total dependence on Backend-System)
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 11
• September 28: NHTSA requests SAE to take the lead and convene industry group to examine issue
• October 14: NHTSA response to House Committee highlights SAE role:“At NHTSA’s urging, SAE International has started a working group that is looking to explore ways to harden the OBD-II port. This group is making good progress and the Agency remains hopeful that the group will move expeditiously to develop a set of recommendations.”
• September 12: Letter from House Committee on Energy and Commerce to NHTSA RE: OBD-II Security
“…request that NHTSA convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem.”
Why the Renewed Focus on OBDII Security?
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 12
SAE Committees/Task Forces• J3061 – Cybersecurity Guidebook for Cyber-Physical
Vehicle Systems• J3016 – Guidebook Helping to Frame Cybersecurity
Policy• J3005-1, -2 – Guidelines for Operation and Security of
Devices Connected to the Data Link Connector (DLC)• J3138 – Next slides…
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 13
• SAE hosted invitation-only industry workshop December 1.
• Goals:1. Identify common issues, needs, and approach to secure
the OBD2. Gain buy-in to development of an accelerated standards
approach• Very well-attended by industry
– Leads: Mark Zachos, DGTech and Bob Gruszczynski , VW– OEMS: BMW, Ford, GM, Honda, Hyundai, Isuzu, Toyota, VW – Heavy Truck: Volvo, Cummins – Associations: MEMA, ETI, Booz-Allen (Auto ISAC)– Government/Regulators: ARB, NHTSA, NIST
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 14
• Discussion yielded the following high-level scope items:
What are we worried about? What are we not worried about?• DLC access Point (J1939/J1962 connector)• Re-programming modules; only concerned about
unlocking • Someone spoofing normal message content
(writing non-diagnostic messages)• Overloading the CAN Bus• Overloading the gateway• Ensuring solution complies with existing
regulations and MOUs• New on-road vehicles (less than 14K pound
GVW)
• Other access points (infotainment, etc.)
• J1979 functionality• Emission-related diagnostics;
J1939 equivalent diagnostic functionality
• Physical attacks to the in-vehicle network
• Privacy• Tool/dongle security
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 15
Next Steps1. SAE staff work with volunteer leaders to further define
rationale, scope, and process2. Created new SAE Committee – Data Link Connector
Vehicle Security Committee3. Created new Task Force to house New Work Item –
J3138 (Task Force Name TBD)4. Committee meets monthly5. J3138 in ballot6. New Work Item Proposals started to address long-term
items above
Volkswagen Group of AmericaEngineering and Environmental Office (EEO) 16
Thanks for your attention !!!
Bob GruszczynskiOBD Communication Expert
Volkswagen [email protected]