a holistic security approach for the connected car€¦ · vector cybersecurity sympopsioum 2019 -...

© SYSGO AG · INTERNAL 1

A holistic Security Approach

for the connected Car

Vector Cyber Security Symposium, 03.04.2019

© SYSGO AG · INTERNAL 2

Agenda

• SYSGO Introduction

• Security Challenges

• Hacker Types

• OEM Need

• Security Use Cases

• Key Take Away

© SYSGO AG · INTERNAL 3

The Company - SYSGO AGEmbedded Software Technology Leader

Founded 1991 (Mainz/Germany)

>80% Engineers have

certification competences

Since 2012 independent

entity from the Thales Group

(~65,000 Employees and Operations in 56 countries)

Local Facilities in Germany, France, Czech Republic, UK

Global Distribution and support network including

EMEA and APAC

© SYSGO AG · INTERNAL 4

Embedded Devices Trends Impacting Security

• Deployed embedded systems are more and more inter-connected

and connected to Internet

• Complexity and functional density of embedded devices are

rising

• Heterogeneous information flows are more common

• Need for high-assurance for mixed-critical systems

Increase challenges on addressing security issues

• Need for:

• Security to be integrated into the device (H/W and S/W)

• Proper separation and control of functionalities and information flow

• Need proper compositional certification approach

© SYSGO AG · INTERNAL 5

Connected Car – Attack Surfaces

© SYSGO AG · INTERNAL 6

National Interest

Personal Gain

Personal Fame

Curiosity

Script-Kiddy HobbyistHacker

Expert Specialist

Vandal

Thief

Spy

Trespasser

The World Today

Tools created by experts now used by less-skilled attackers and criminals

Fastest growing segment

Author

From: Intel Open Source Technology Center – GENIVI 2012 AMM

Motivation for Hackers

© SYSGO AG · INTERNAL 7

Security & Safety Cert Overview

Aerospace Automotive Railway Smart Grids

SafetyLong history of

standardisation

Introduced

standard

Long history of

standardisation

Based on

industrial

automation

Security

Defining next

level on security

standard;

Clear path

Starting work

on security

standard;

Defining path

Starting work

on security

standard;

Defining path

Many national

initiatives;

Defining path

© SYSGO AG · INTERNAL 8

The Quality vs. Security Analogy

Quality Security

• Nobody wants to pay for it

• It is expected

• You never reach 100%

• Always needs monitoring

© SYSGO AG · INTERNAL 9

BMW

© SYSGO AG · INTERNAL 10

Security Status @ Automotive OEMs

• All OEMs are looking after an e2e security solution

• They own value- and data stream in already existing

infrastructure

• Invest in software competence

• Collaborate with “start ups” to accelerate innovation

• Most of them unsure about security requirements

• Customers are not willing to pay for security features

(for embedded devices)

© SYSGO AG · INTERNAL 11

End-2-End architecture approach e.g. PKI

Secure Gateway & Funct. Sep. Platform

Optional

HSM

Hardware Platform

Gateway /

Download

Manager

Security

KMS

onboardClient-Applications by 3rd

Parties

Update

Services

1 On-board Devices

(ECUs)• ECUs communicate and

behave securely

• With optional hardware

security module

Key Management Backend Infrastructure

Key Gen & Distribution PKI Management

3 Key Management

Infrastructures• Back-End supporting ECUs

• Should be a single-handed,

centralized Architecture (not

split per each ECU)

• For automotive OEM this

means a global approach

WAN / „OTA“

Key Management & Update

Infrastructure2 Com Network• Infrastructure

© SYSGO AG · INTERNAL 12

Security by Design

Root of Trust

Secure Development

Secure Life Cycle

ISO 27000 Common

Criteria

Secure

Boot

Sec. Update

(S)OTA

CloudSecure Com

Secure Architecture

App App App App

© SYSGO AG · INTERNAL 13

IDS use case

© SYSGO AG · INTERNAL 14

Key Take Away

• Security architectures need a holistic view on requirements over

• Backbone, cloud

• Edge services

• Embedded device

• They need constant update capabilities (e.g. via OTA)

• Secure by multiple – partly overlapping - approaches

• Hardware

• Software

• Functional separation

• Key management and handling

• Firewalls …

• And not jeopardizing performance, cost and latency of systems

© SYSGO AG · INTERNAL 15

Thank you for your attention!

More information on www.sysgo.com

Or contact at partner@sysgo.com