cross-domain security issues for connected … lopez, mohammad al faruque advanced integrated...

Anthony Lopez, Mohammad Al Faruque

Advanced Integrated Cyber -Physical Systems Lab

Cross-Domain Security

Issues for Connected

Autonomous Vehicles

Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles 1

Outline

Overview on Connected Vehicle Security

Ongoing Work

Future Work

2Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles

Cross-Domain Security Framework

PC

C

P

Cyber Physical

Cyber

Physical

Remote vehicle access

Emitted sounds from 3D printer

Virus/ SQL Injection/ Buffer

Overflow/ Etc.

Physical sabotage

3

Impact Domains

Att

ac

k D

om

ain

s

Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Cross-domain Security Issues for Connected Autonomous Vehicles

Connected Autonomous Vehicles


Smart Transportation

(combination of

collaborative and

autonomous actions)

StrongWinds

Requirements

oFunctionality

oExtensibility

oSecurity

Attack Model Attacker is knowledgeable about the targeted

components

oUnderstands networking protocols, hardware,

software, vulnerabilities, control mechanisms

Attacker has sufficient (but not infinite) resources

(vehicle, computing device, packet sniffer, etc.)

oTo communicate with legitimate vehicles

oTo inject code, packets and/or spoofed signals

oQuantifying this is a challenge!


Applications

o Infotainment (Media, Bluetooth, 3G), Navigation, Cruise

Control, Platooning

Internal Network

o CAN, LIN, MOST, FlexRay, TPMS

External Network

o Key Fobs, OTA Updates,

V2X (V2LC,DSRC,WAVE, Toll, IoT)

Hardware

o ECUs, Sensors, Electro-Mechanical Components, Signals

Access Points


Telematics

V2X Comm.

Sensors

Sensors

Abstracted View of Automotive System

Internal Network Sensors

Infotainment

Cyber Domain Attacks Intrusive: Message Falsification/Replay/

Spoofing/Fuzzing

DSRC/WAVE/Telematics/LIDAR/RADAR/TPMS [1-4]

Intrusive: Remote Control of Vehicle

Infotainment/Telematics/Internet/OTA Update [1-4]

Nonintrusive: Eavesdropping

DSRC/WAVE/TPMS/CAN (over EV charging station)

[1-4]


Physical Domain Attacks Spoofing/Jamming/DoS/Delay/Replay

oTire Pressure Monitoring System (TPMS) [6], MEMS

accelerometers and gyroscopes (with acoustics) [7]

oTelematics: GPS (on boats and UAVs), LIDAR (with

laser pointer), RADAR, camera [1-4]

oMechanical and Electrical Components (e.g., brakes,

battery system) [8-11]


Our Work

Case Study: Physical Layer Key Generation for V2X

Communication

More Work:

Security-Aware Functional Modeling

EV Battery System Security

Future Work


Physical Layer Key Generation

for Automotive Cyber-Physical

Systems

1Jiang Wan, Anthony Lopez, Mohammad Al Faruque, Physical Layer Key Generation for Automotive Cyber-Physical Systems, ICCPS '16

Symmetric Key Algorithm

Messages

EncryptDecrypt

Symmetric Key Examples

o AES

Advantages

o Fast

Disadvantages

o Deterministic

o Key Management


Alice Bob

Examples

o ECC

o RSA

Advantages

o Key Management

Disadvantages

o Slow

Asymmetric Key Algorithm

Private KeyPublic Key

A A BB

Alice Bob

A

B

A

B

Messages

Decrypt

Encrypt


Hybrid Solution

Advantages

o Efficient after key exchange

o Key management

Disadvantages

o Slow key exchange

o Memory overhead

o Deterministic symmetric key

Private KeyPublic Key

A A BB

A

B

A

B

Symmetric Key


Alice Bob

Decrypt

Encrypt

Related Work

No Variation

Key Generation Based on Indoor Wireless Channel

o Static environment

o Low entropy

Some Variation

Room 1 Room 2

MobiCom 2008: Mathur et al., MobiCom 2009: Jana et al., TIFS 2010: Ye et al.,MobiCom 2010: Patwari et al.InfoCom 2010: Zeng et al.,IEEE Wireless Communications 2011: Ren et al


Our Contributions

Novel Security Solution for Automotive Applications

Automotive Model

o Wireless channel

o Attack model

Key Generation Algorithm

o Reduces overhead

o Keys with more entropy


Alice Bob

Eve

Attack Model

Non-Intrusive Eavesdropper

o Knowledgeable

o Wants to derive key

o More than few wavelengths

apart


Algorithm

o 𝜏𝑠𝑡𝑒𝑝 ≥ 𝑇𝑐

...

Upper Threshold

Lower Threshold

o Number of Samples in

Group: 𝐺𝑠𝑖𝑧𝑒

o Coherence Time: 𝑇𝑐

o Sampling Period

(Step): 𝜏𝑠𝑡𝑒𝑝 ≥ 𝑇𝑐Same Key

Samples


Alice Bob

Probe Signals

o 𝐺𝑠𝑖𝑧𝑒

Experiments – RC Cars


Car 0

Car 1

Car 2

WifiBluetooth

-35

-30

-25

-20

-15

-10

-5

0

1 51 101 151

RS

S V

alu

e (

dB

m)

Numbers of RSS Values

RSSI measured in Car 0 from Car 1




Experiments – RC Cars

Group Size

Received Signal Strengths

Pair 1: Car 1 and Car 2

Pair 2: Car 1 and Car 0

Generated 64-Bit KeysCar 1 from Car 2 0000001111111111_1111000000000000_

0000011111100000_0000011110000011

Car 2 from Car 1 0000001111111111_1111000000000000_0000011111100000_0000011110000011

Car 1 from Car 0 1100000110000000_0000000100000110_0000000010000000_0000011111111111

Car 0 from Car 1 1100000110000000_0000000100000110_0000000010000000_0000011111111111

Same Keys for Pair 1

Same Keys for Pair 2


EvaluationSecurity Comparison

Performance and Memory Comparison

SecurityStrength

Performance Overhead (seconds)Code Size Overhead

(bytes)

RSA ECCOur Alg.(2 mi/h)

Our Alg. (20 mi/h)

RSA ECC Our Alg.

80 bits 11.42 1.62 1.725 0.95 6292 3682 331

112 bits 85.2 4.38 2.415 1.33 7736 4812 331

0%

39%50%

67.69%

87%

0%

20%

40%

60%

80%

100%

Pre-dist. Latch-PUF DFF-PUF Our Tech. SRAM-PUF

Av

er

ag

e m

in-

en

tro

py

Pre-Distributed Keys

Hardware PUF

High Entropy

Faster Smaller

67% Min-Entropy10X faster and 20X smaller than RSA1-2X faster and 10X smaller than ECC


1

Other Works:

Security-Aware Modeling &

EV Battery System Security


Security-Aware Functional Modeling


Electric Vehicle Battery System Security


Figure Taken From Reference 8

EV Battery System Security Solutions?

Battery Authentication

o Deriving unique

signature of the battery

from measurements

Intrusion Detection

o Malicious behavior

detection and

verification

Sensor Attack Prevention

o Detecting anomalies


Battery Authentication

Abstraction

Future Work

V2X Malicious Activity Detection and Prevention

o Applications: Cooperative Adaptive Cruise

Control and Platooning

o Deriving a method to detect malicious behavior

o Is game theory suitable?

o Requires real-time decision making for

security and functionality of the system


Questions?

26

Thank You!


References

27

1. V. Thing and J. Wu. Autonomous Vehicle Security: A Taxonomy of Attacks and Defences, In iThings-GreenCom-CPSCom-SmartData 2016.

2. K. Thomas, Hackers demo Jeep security hack, 2015, [online] Available: http://www.welivesecurity.com/2015/07/22/hackers-demo-jeep-security-hack

3. C. Miller, C. Valasek, Remote exploitation of an unaltered passenger vehicle, 2015, [online] Available: https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Miller.

4. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security, SEC’11, pages 6–6, Berkeley, CA, USA, 2011. USENIX Association

5. Sandip Ray, Wen Chen, Jayanta Bhadra, and Mohammad Abdullah Al Faruque. 2017. Extensibility in Automotive Security: Current Practice and Challenges: Invited. In Proceedings of the 54th Annual Design Automation Conference 2017 (DAC '17). ACM, New York, NY, USA, Article 14, 6 pages. DOI: https://doi.org/10.1145/3061639.3072952

6. Trippel, T., Weisse, O., Xu, W., Honeyman, P., & Fu, K. WALNUT: Waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017). To appear.


http://www.welivesecurity.com/2015/07/22/hackers-demo-jeep-security-hack

https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Miller

https://doi.org/10.1145/3061639.3072952

References

28

7. Rob Millerb Ishtiaq Roufa, Hossen Mustafaa, Sangho Ohb Travis Taylora, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb. 2010. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. 19th USENIX Security Symposium, Washington DC (2010), 11–13.

8. Lopez, A. B., Vatanparvar, K., Nath, A. P. D., Yang, S., Bhunia, S., & Al Faruque, M. A. (2017). A Security Perspective on Battery Systems of the Internet of Things. Journal of Hardware and Systems Security, 1-12.

9. Waszecki, P., Mundhenk, P., Steinhorst, S., Lukasiewycz, M., Karri, R., & Chakraborty, S. (2017). Automotive electrical/electronic architecture security via distributed in-vehicle traffic monitoring. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

10. Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M., Bouard, A., Harris, W. R., ... & Chakraborty, S. (2013, March). Security challenges in automotive hardware/software architecture design. In Proceedings of the Conference on Design, Automation and Test in Europe (pp. 458-463). EDA Consortium.

11. Shoukry, Y., Martin, P., Tabuada, P., & Srivastava, M. (2013, August). Non-invasive spoofing attacks for anti-lock braking systems. In International Workshop on Cryptographic Hardware and Embedded Systems (pp. 55-72). Springer, Berlin, Heidelberg


cross-domain security issues for connected … lopez, mohammad al faruque advanced integrated...

Documents