kaspersky automotive security · remote assistance connected car evolution non connected car...

14
1 KASPERSKY AUTOMOTIVE SECURITY

Upload: others

Post on 17-Mar-2020

15 views

Category:

Documents


2 download

TRANSCRIPT

1

KASPERSKY

AUTOMOTIVE

SECURITY

2

Cloud Services,

Remote

assistance

CONNECTED CAR EVOLUTION

Non connected

car

Connected

devices, GPS,

Internet

Autonomous car,

complete remote

control

PAST YESTEDAY TODAY FUTURE

4

CONNECTED CAR EVOLUTION. Benefits

Cloud Services,

Remote

assistance

Non connected

car

Connected

devices, GPS,

Internet

Autonomous car,

complete remote

control

PAST YESTEDAY TODAY FUTURE

5

CONNECTED CAR EVOLUTION. Benefits and Cyber Risks

Cloud Services,

Remote

assistance

Non connected

car

Connected

devices, GPS,

Internet

Autonomous car,

complete remote

control

PAST YESTEDAY TODAY FUTURE

6

CONNECTED CAR TODAY

Vehicle-to-Vehicle

Vehicle-to-InfrastructureInternet

Cloud Services

Mobile

7

CONNECTED CAR MAIN SECURITY OBJECTIVES

Protect Each ModuleAll ECU, Sensors, BCU

Protect CommunicationsPhysical and remote connections

Persist Advanced ThreatsAnalytics and Analysis

Protect Cloud ServicesOTA updates and Management

Safety

8

CONNECTED CAR MAIN INTERNAL VULNERABLE POINTS

Head UnitECUs

Vehicle Buses

9

POTENTIAL THREAT VECTORS

Private Data

Key StoreH

ead U

nit

Browser

Keypad

ECU

Man-in-the-Middle

Attack

Attack from

Mobile Device

Attack on Key /

Certificate

Stores

Sniffing of

User Data

Attack from

Downloaded AppsMalware Delivery Thru

Data Storage Device

Malicious

Firmware

Update

Remote

Attack on

Vehicle Bus

Compromised

Actuator

Exploiting

Software

Vulnerabilities Operating

System

Attack on

OBD2

10

CONNECTED CAR SECURITY LAYERS

Car Gateway

Car Cloud

Services

Network

Access

Car Network

ECU

Layers Threat vectors

Car Cloud Services• Man in-The-Middle-Attack

• Attack From Downloaded Apps

NW Access• Sniffing of User Data

• Attack From Downloaded Apps

• Exploiting Software Vulnerabilities

Car Gateway

• Attack from Apps in Mobile Device

• Exploiting SW Vulnerabilities

• Malicious Firmware Update

• Malware Delivery Thru Data Storage Devices

Car Network• Compromised Engine Actuator

• Attack on Vehicle Bus

Car ECU, IVI, OBD2• Attack on Key,

• Malicious Firmware Update

• Attack on Vehicle Bus

12

Cloud Services Mobile

Internet In Car Security

Security for Data Centers

Kaspersky Security Network

Fraud Prevention

DDoS Protection

Anti Targeted Attack

CONNECTED CAR SAFETY THRU SECURITY

Mobile Security SDK

Mobile Device Management

Mobile App Management

Mobile Security

KasperskyOS

Kaspersky Secure Hypervisor

Kaspersky Security System

Security Expertise

Vehicle-to-Vehicle

Vehicle-to-Infrastructure

13

HOW WE WORK

Threat model

• Define security objectives

• Create detailed description of scenarios, with results of misuse/abuse cases identification

• Threat modelling

• Define high-level security requirements

• Create a security-focused system architectural concept

• Refine threat model and security requirements

Architecture

• Specify system requirements for the security features

• Create test plans and test cases for the security features

• Design architecture

• Create low-level design

Development & testing

• Development and testing

• Residual risks assessment

• Integration with HW and testing

• Creation of instrumentation

• Final testing and residual risk assessment

• Penetration testing (separate dedicated team)

14

15

16

KASPERSKY LAB

AUTOMOTIVE SECURITY TECHNOLOGIES