RSS_Auto_Poster
Well-known member
Written by Paul Weissler
As vehicleconnectivity becomes ubiquitous, the threat of being hacked rises. The longer a car is on the road, the more its access points become exposed. Thus the industry"s feverish race to find a robust and ongoing cyber defense at every level. At the 2016 SAE World Congress, an expert at microprocessor supplier Intel gave her assessment of what the industry must do to ensure that defense. According to Lorie Wigle, General Manager of Intel"s Internet of Things (IoT) Security, while encryption (particularly of the CAN bus) has been highly-touted, "the reality is encryption is going to address just part of the threat." There is no "silver bullet" solution, Wigle said. Security must be a continuing operation, not a single preparatory event. And it extends beyond the vehicle. Biggest bang in cloud "Clouds and infrastructure also must besecured," she explained, noting that the "biggest bang for the buck" for a high-threat attacker is in "the cloud," not the car parc. Although manyconsider today"s threat level high, the automotive fleet actuallyrepresents relatively low complexity, despite the fact that a typical car has25 to 200 microprocessors and up to 65 million lines of codes, about half ofwhich are for the multimedia systems, she said. Acurrent luxury model has 144 ECU connections 73 are on CAN busses, 61 are on LIN (Local Interconnect Networks) and 10 on FlexRay. Further, a fully-optioned vehicle may have up to 100 electric motors for interior controls. The cloud may bethe highest value target, but the vehicle itself is the object of many groups of potential attackers. Wigle pointed out sixprimary threat models. The most common is the car thief, whose access into the vehicle is typically physical entry but also via wireless. More technically astute is the hacker seeking his minutes of fame and working the purely wireless approach. The highest threats, however, come from thecriminal who may have medium to very high technical knowledge and can combinewireless with physical access to pose a danger to passengers. There"s also the workshoptuner with total physical access to modify a vehicle"s control settings. Perhaps the highest hacker-threat comes from counterfeiters and competitors, who have physical access and are lookingto understand the vehicle architecture. According to Wigle, the present levelof telematics is largely inthe entertainment area, whereas the future is a fully connectedenvironment V2V, V2I and V2X (vehicle to vehicle and infrastructure, andreal-time integration with on-board drive/brake systems). Vehicle automated operation is on a handfulof cars, and limited in most cases to advanced forms of adaptive cruise and related semi-autonomoussystems. Data analytics on-board is currently focused on performance and such navigation-related items asvehicle location, whereas the future will go well beyond, into vehicle-driverpersonal data. Bumper-to-bumper defense The term "bumper tobumper" used to only describe a vehicle"s warranty. Recently it has also come to describe the adaptive security perimeter around the vehicle and extending into the cloud, Wigle said. Best practices willrequire moving "attack surfaces" to the cloud where possible. She pointed toIntel McAfee"s cloud-based IPS (Intrusion Prevention System) as anexample. However, Intel also is promoting its vehicleenhanced head unit including a "Hardware Security Module" intended to provide broad-based operating and security hardware coverage. The system includes a Wind River hypervisor,which can run multiple operating systems on a single central processing unit,and Intel"s PC-established "Trusted Execution Engine." This hardware technology is designed to attest to the authenticity of a platform andits operating system and establish levels of trust to provide security. OTA (over theair) software updates, Wigle said, will not be between individual devices, butfrom and to certified groups. There are twosides of providing vehicle electrical system security, she noted. One is a secure,flexible development process as described in the guidebook for SAE J3061. This requires identifying and numbering allattack surfaces and conducting threat analyses, reducing attack surfaces andhardening the hardware and software. Itis accompanied by SAE J3101, which defines a common set of requirements forhardware protection which exceeds the capability of the software alone. Wigle alsopointed to Intel"s formation of the Automotive Security Review Board, to becomposed of researchers from industry vendors, to develop solutions usingIntel-based platforms. ASRB is workingwith three "white hat" security research operations IOActive,iamthecavalry.org and opengarages.org to recruit cybersecurity professionals tocontribute.
Date written: 19-Apr-2016 04:55 EDT
More of this article on the SAE International Website
ID: 3040
As vehicleconnectivity becomes ubiquitous, the threat of being hacked rises. The longer a car is on the road, the more its access points become exposed. Thus the industry"s feverish race to find a robust and ongoing cyber defense at every level. At the 2016 SAE World Congress, an expert at microprocessor supplier Intel gave her assessment of what the industry must do to ensure that defense. According to Lorie Wigle, General Manager of Intel"s Internet of Things (IoT) Security, while encryption (particularly of the CAN bus) has been highly-touted, "the reality is encryption is going to address just part of the threat." There is no "silver bullet" solution, Wigle said. Security must be a continuing operation, not a single preparatory event. And it extends beyond the vehicle. Biggest bang in cloud "Clouds and infrastructure also must besecured," she explained, noting that the "biggest bang for the buck" for a high-threat attacker is in "the cloud," not the car parc. Although manyconsider today"s threat level high, the automotive fleet actuallyrepresents relatively low complexity, despite the fact that a typical car has25 to 200 microprocessors and up to 65 million lines of codes, about half ofwhich are for the multimedia systems, she said. Acurrent luxury model has 144 ECU connections 73 are on CAN busses, 61 are on LIN (Local Interconnect Networks) and 10 on FlexRay. Further, a fully-optioned vehicle may have up to 100 electric motors for interior controls. The cloud may bethe highest value target, but the vehicle itself is the object of many groups of potential attackers. Wigle pointed out sixprimary threat models. The most common is the car thief, whose access into the vehicle is typically physical entry but also via wireless. More technically astute is the hacker seeking his minutes of fame and working the purely wireless approach. The highest threats, however, come from thecriminal who may have medium to very high technical knowledge and can combinewireless with physical access to pose a danger to passengers. There"s also the workshoptuner with total physical access to modify a vehicle"s control settings. Perhaps the highest hacker-threat comes from counterfeiters and competitors, who have physical access and are lookingto understand the vehicle architecture. According to Wigle, the present levelof telematics is largely inthe entertainment area, whereas the future is a fully connectedenvironment V2V, V2I and V2X (vehicle to vehicle and infrastructure, andreal-time integration with on-board drive/brake systems). Vehicle automated operation is on a handfulof cars, and limited in most cases to advanced forms of adaptive cruise and related semi-autonomoussystems. Data analytics on-board is currently focused on performance and such navigation-related items asvehicle location, whereas the future will go well beyond, into vehicle-driverpersonal data. Bumper-to-bumper defense The term "bumper tobumper" used to only describe a vehicle"s warranty. Recently it has also come to describe the adaptive security perimeter around the vehicle and extending into the cloud, Wigle said. Best practices willrequire moving "attack surfaces" to the cloud where possible. She pointed toIntel McAfee"s cloud-based IPS (Intrusion Prevention System) as anexample. However, Intel also is promoting its vehicleenhanced head unit including a "Hardware Security Module" intended to provide broad-based operating and security hardware coverage. The system includes a Wind River hypervisor,which can run multiple operating systems on a single central processing unit,and Intel"s PC-established "Trusted Execution Engine." This hardware technology is designed to attest to the authenticity of a platform andits operating system and establish levels of trust to provide security. OTA (over theair) software updates, Wigle said, will not be between individual devices, butfrom and to certified groups. There are twosides of providing vehicle electrical system security, she noted. One is a secure,flexible development process as described in the guidebook for SAE J3061. This requires identifying and numbering allattack surfaces and conducting threat analyses, reducing attack surfaces andhardening the hardware and software. Itis accompanied by SAE J3101, which defines a common set of requirements forhardware protection which exceeds the capability of the software alone. Wigle alsopointed to Intel"s formation of the Automotive Security Review Board, to becomposed of researchers from industry vendors, to develop solutions usingIntel-based platforms. ASRB is workingwith three "white hat" security research operations IOActive,iamthecavalry.org and opengarages.org to recruit cybersecurity professionals tocontribute.
Date written: 19-Apr-2016 04:55 EDT
More of this article on the SAE International Website
ID: 3040
