protecting autonomous vehicles and connected services with software defined perimeter
TRANSCRIPT
1www.movimentogroup.com
Protecting Autonomous Vehicles and Connected Services withSoftware Defined Perimeter
November 7, 2017
Live Webinar Series
2www.movimentogroup.com
Session Host Guest Speaker
Follow me on
Mahbubul AlamCTO & CMOMovimento Group
Follow me on
Junaid IslamCTO & FounderVidder
Mahbubul Alam is an international entrepreneur, technology and business executive with broad management experience. A frequent author, speaker and multiple patent holder, he currently holds the position of CTO/CMO at Movimento, a Delphi company, reinventing the company’s technology and strategy. He has been honored with the ‘2016 Bay Area CIO of the Year’ award finalist by the Silicon Valley Business Journal and the San Francisco Business Times.
Junaid is a well known cybersecurity expert with 30 years of networking and security experience. He is the CTO of Vidder which is the leading provider of SDP-based secure systems. In addition to his work in the private sector, Junaid also supports a number of US national cybersecurity initiatives.
3www.movimentogroup.com
Agenda
Ø Industry DirectionØ Cyber Attack VectorsØ Automotive Cyber RiskØ Secure Enclave DesignØ Software Defined PerimeterØ Key TakeawaysØ Q&A
4www.movimentogroup.com
The Evolution of the Automotive Industry
2000 20302015Past Future
Ø Thousands of TransistorsØ 100 Thousands Lines of CodeØ Manual Diagnostics
Ø Limited ConnectivityØ Digital Radio Services
Ø Basic HMIØ No Cyber Threats
Ø Billions of TransistorsØ 100 Millions Lines of CodeØ Automated Diagnostics
Ø Moderate ConnectivityØ Apps Integration
Ø Limited Virtual AssistanceØ Basic Cybersecurity
Ø Quantum TransistorsØ Billions Lines of CodeØ Self-Diagnostics
Ø Integral ConnectivityØ Connected Services
Ø CyberneticØ Default Cybersecurity
5www.movimentogroup.com
Industry Direction: Connected Services EcosystemOEM / RETAIL / FLEET
PLATFORMCUSTOMER VEHICLE
Flow of Data Flow of Money
DATA CONSUMERS
• Vehicle information database
• Multi-module OTA update
• Secure content delivery• Big Data capture
• CT-EDGE data methods• Highly configurable
acquisition logic• Data Strategy
alignment with Business Value
• Fleet management
3RD PARTY DATA EXCHANGE
Unlocking The Turnkey Monetization Opportunities
externalinternal
D e l p h i ( A P T I V )
6www.movimentogroup.com
Connected Ecosystem
Telematics
Machine Learning
100+ ECU/Sub-systems connecting to Frontend & Backend Applications.
FrontendApps
BackendPartners
Ecommerce
OEM
7www.movimentogroup.com
Connected Ecosystem
Multiple identities and entitlements inside and outside the
vehicle.
Bi-directional communications
from different processes.
Backend partners
communicating with in-vehicle
systems.
8www.movimentogroup.com
Attack Vectors
Location SpoofingLaterally Moving
MalwareOTA Re-Tasking
Credentials Theft DNS Spoofing Connected Services
Exploitation
9www.movimentogroup.com
Potential Outcomes
Vehicle Theft Hijack/Ransom Terrorism
Data Theft Poor Operation Non-Operation
10www.movimentogroup.com
Cybersecurity Challenges
Autonomous Vehicles are in
a state of constant
upgrades.
New applications
(e.g. car sharing) will add to the complexity.
Global supply chain provides many points of entry for cyber-
attacks.
11www.movimentogroup.com
Secure Enclave Security Model
Secure Enclaves utilize dedicated connectivity to a trusted compute environment
FrontendApps
BackendPartners
Telematics
Machine Learning
Ecommerce
12www.movimentogroup.com
Software Defined Perimeter
Ø Control channel based architectureØ Attribute based access controlØ Attestation & federated identityØ Edge-based forwardingØ Multi-protocol supportØ IPv4/IPv6 addressing
SDP Gateway
SDP Client
SDP Controller
SDP Gateway
SDP Gateway
IdentityAttestation Policy
13www.movimentogroup.com
SDP Enables Secure Enclaves
Ecommerce
SDP Controller
SDP Client SDP
Gateway
Hardware Identity
SoftwareAttestation
ServicePlan
14www.movimentogroup.com
SDP Enables Secure Enclaves
Hardware Identity
SoftwareAttestation
ServicePlan
SDP Controller
SDP Client EcommerceSDP
Gateway
15www.movimentogroup.com
SDP Enables Secure Enclaves
Vehicle Identity
DriverIdentity
ServicePlan
SDP Controller
SDP Data ChannelSDP
Client EcommerceSDP Gateway
16www.movimentogroup.com
SDP Connected Ecosystem
Telematics
Machine Learning
SDP enables us to partition networks, manage connectivity and enforce security policies
FrontendApps
BackendPartners
Ecommerce
SDP Gateway
SDP Gateway
SDP Gateway
SDP Gateway
SDP Gateway
SDP Client
Policy
17www.movimentogroup.com
MovimentoClient
ContentDelivery
InfotainmentService
App Store
SoftwareUpdates
OTASDPClient
OEMs
Tier-1Suppliers
ServiceProviders
ContentProviders
Goal: Secure Closed Loop Architecture
SDP
SecureOver-The-AirDelivery
SecureOver-The-AirData
MovimentoUnifiedOTACloudPlatform
App Delivery
OTASoftwareUpdates
InfotainmentService
Management ContentDelivery
SoftwareManagement
Big Data
CyberSecurity
18www.movimentogroup.com
Key Takeaways
Connected ecosystem foundational to future.
Multiple cyber attack vectors must be mitigated.
Secure enclaves are an ideal security model.
Software Defined Perimeter enables secure enclaves.
Proactive security requires closed-loop architecture.
20www.movimentogroup.com
Securing the Software Defined Car™ Using
Artificial Intelligence and OTA UpdatesDate: Tuesday | 14 November, 2017Time: 8 AM PST / 11 AM EST / 5 PM CET / 9:30 PM IST
Saving Lives Using Artificial Intelligence and
Context-based Automotive OTA Software UpdatesDate: Tuesday | 5 December, 2017Time: 8 AM PST / 11 AM EST / 5 PM CET / 9:30 PM IST
Upcoming Webinars