security challenges in automotive hardware/software ... · paul milbredt, audi ag, efta 2010 -...
TRANSCRIPT
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore
Outline
Motivation (current E/E architectures)
Trends (Integrated Architectures / Connected Car)
Challenges Overview
Example CAN Bus
Challenges Electric Vehicles
Recent Automotive Security Issues
Martin Lukasiewycz 3
Increasing Complexity in Automotive Electronics
Martin Lukasiewycz 4
1 3 13
90 100
175
240
5 50
100
0
50
100
150
200
250
300
350
400
Memory [MB] ECUs
Sources:
Paul Milbredt, AUDI AG, EFTA 2010 - Switched FlexRay: Increasing the Effective Bandwidth and Safety of FlexRay Networks
BMW Group, FTF 2010 Orlando - Energy Saving Strategies in Future Automotive E/E Architectures
Audi A8 - 1994
Martin Lukasiewycz 5
Source: Selbststudienprogramm - Audi A8 Audi ABS/EDS/ASR (Bosch)
Martin Lukasiewycz 6
Audi A8 - 2010
Source: Selbststudienprogramm - Audi A8 ’10 Bordnetz und Vernetzung
Automotive Industry
OEMs
BMW, Volkswagen, General Motors,
Toyota, Daimler
Tier 1
Bosch, Continental, Delphi, Denso
Tier 2
Infineon, NXP, Freescale, Renesas
Martin Lukasiewycz 7
Trend 1: From Federated to Integrated Architectures
Martin Lukasiewycz 8
Costs:
Scalability,
Flexibility,
Extensibility
Domain Architecture Concept from BMW
Source: Ethernet for Automotive Applications. Robert
Bruckmeier. Freescale Technology Forum, Orlando. June 23,
2010.
State-of-the-art E/E Architecture
Source: Selbststudienprogramm - Audi A8 ’10 Bordnetz
und Vernetzung
Martin Lukasiewycz 9
In-vehicle network today / Access points
Martin Lukasiewycz 10
Trend 2: Connected Car
Audi AG – Audi Connect
4G
CAR2X
Apple Inc.
Top Ten Most-Destructive Computer Viruses
1) Stuxnet (2009-2010)
2) Conficker Virus (2009)
3) agent.btz (2008)
4) Zeus (2007)
5) PoisonIvy (2005)
6) MyDoom (2004)
7) Fizzer (2003)
8) Slammer (2003)
9) Code Red (2001)
10) Love Letter/I LOVE YOU (2000)
Martin Lukasiewycz 11
Source: http://www.smithsonianmag.com/science-nature/Top-Ten-Most-Destructive-
Computer-Viruses.html
Automotive Design Objectives
Security issues in vehicles
can lead to fatal
consequences.
Martin Lukasiewycz 12
Costs
Safety
Security Vs.
Martin Lukasiewycz 13
Challenges: Security issues in automobile
Malicious software
www.computer-automation.de
Counterfeits
shoeobsession.wordpress.com
Unauthorized products Wireless connectivity
Unprotected sensors
VDO westseattleblog.com
Accessible buses/ECUs
www.bhptuning.de
More than two billion CAN nodes have been sold since the
protocol's development in the early 1980s. Source: D. Wrampler Security Threats and Countermeasures for Intra-vehicle Networks
Martin Lukasiewycz 14
Source:
http://www.ixxat.com/can-controller-area-network-
introduction_en.html
Martin Lukasiewycz 15
CAN bus operation
ECU 0
ECU 1 ECU 2
time
ECU 0
ECU 1
ECU 2 priority
delay
Martin Lukasiewycz 16
CAN vs Secure communication
Message encryption: Message authentication:
Martin Lukasiewycz 17
CAN vs Secure communication
CAN FlexRay Ethernet
confidentiality feasible feasible Available (IPSEC)
integrity - ( only 8byte) feasible Available (IPSEC)
availability - (Event-Triggered) Available (Time-Tiggered protocol +
Bus guardian)
Feasible (PTP + switches: bus
guardian possible )
Security challenges - Electric Vehicles
Martin Lukasiewycz 18
Battery
Charging
plug
Nissan Drive-by-wire
Drive-by-wire
Drive-by-Wire
Energy-efficient recuperation
Enabler of new drive-train architectures
Martin Lukasiewycz 19
Combustion Engine Drivetrain Electric Vehicle with In-Wheel Motor
Mitsubishi Concept-CT MIEV
Caddyinfo.com
Nissan Drive-by-wire
Steer-by-wire
Source: Gunter Freitag, Eine zukunftsfähige E/E-Architektur für PKW
Martin Lukasiewycz 20
Vehicle-to-grid / Charging plug
ISO/IEC 15118:
Battery Management
Martin Lukasiewycz 21
www.mpoweruk.com
Monitors:
voltage
temperature
current
Martin Lukasiewycz 22
Cell Operation
Counterfeits
shoeobsession.wordpress.com
Battery Safety
Source: http://www.digikey.com/us/en/techzone/energy-
harvesting/resources/articles/battery-fuel-gauges.html
Battery cells have to be operated in a safe range
Thank you for your attention.
Questions?
Martin Lukasiewycz 23