Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs) Thomas Gaska Lockheed Martin MST Owego and Binghamton University.

Similar presentations


Presentation on theme: "Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs) Thomas Gaska Lockheed Martin MST Owego and Binghamton University."— Presentation transcript:

1 Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs) Thomas Gaska Lockheed Martin MST Owego and Binghamton University 1

2 Introduction There is a future opportunity to leverage COTS security technology being developed for the driverless car into future UAS Integrated Modular Architectures (IMAs) Infrastructure and Information Security are critical issues in networked UAS team configurations with increasing degrees of autonomy and collaboration The security hierarchy includes off-board connectivity level gateways, application level software security mechanisms, platform and subsystem network security gateways, processing infrastructure elements, and security primitives and protocols 2

3 Agenda 1.) Common Security Challenges – UAS and Driverless Cars 2.) Dual Use Security Taxonomy 3.) Automotive Industry Security Initiatives Mapped to Potential UAS Relevance 4.) Future Embedded Security Product Directions 5.) Conclusions 3

4 Common Security Challenges – UAS and Driverless Cars Increased cooperative platform autonomy => Mixed capability management and levels of autonomy Need to cooperate with less and more capable manned systems with goal of optionally piloted capability Connectivity to the Cloud and GIG => Every platform will interact as a sensor for situation awareness Need to offload system-of-system management to an adhoc, trusted in-frastructure Connectivity within the platform for storage and onboard/offboard services at multiple trust levels => Multiple Levels of Security Need Multiple security domains within and across the platforms Protection of critical program information and tamper resistance => Trusted Computing Elements Need to balance open architecture and enforce trust Increase standardization to support collapsing into a common component infrastructure => Next Generation Integrated Modular Avionics (IMA) Need to leverage Moores Law multicore explosion while maintaining safety and security Increase cross platform reuse => Domain standardization initiatives Need hardware agnostic software components and uniform software interfaces Affordability consistent with the threat, policy, and customer => Early demonstration of advanced solution capability for acceptance/validation Need for incremental technology insertion across a wide range of affordability targets Next generation avionics architectures need to provide enhanced IA and TP solutions to protect new capabilities 4

5 Automotive Autonomy Applications Architecture 5 Automotive components, standards, and topologies will need to be incrementally developed in a reference architecture REF 1

6 IMA Architecture – Driverless Cars Future autonomous architectures will drive distributed security into a new generation of modular component based SW/HW Planning/.Control Cloud Services Cloud 6 SENSOR NETUAS NET CLOUD NET VMS NET

7 Information Assurance and Trusted Processing Definitions Infrastructure security is the security to prevent tampering in the computer and networking hardware and software infrastructure Infrastructure security is typically associated with Tamper Resistant Computing and Information Security associated with Information Assurance (IA) Both of these security infrastructures need to be properly addressed and incremental extended in to enable future levels of autonomy 7

8 Generic Security Hierarchy 1.Cloud (public, private, hybrid) to Platform Exchanges 2.Platform to Platform Exchanges 3.Off-board Communication Security 4.Platform Storage Security 5.Platform Network Security 6.Embedded Processing Node SW/HW Security 7.Platform Application/Infrastructure Software 8

9 Avionics Security Taxonomy Mapped to University Research and Automotive Domains Layer #Information Assurance for Avionics Trusted Processing for Avionics University Security Research Focus Areas Automotive Security Industry Focus 1 – Cloud (public, private, hybrid) to Platform Exchanges Private Cloud Security SW Infrastructure Trusted Network Infrastructure HW Access control/identity management, data control/data loss, anomaly detection/security policy, hypervisor vulnerabilities Car will connected to the Vendor/3 rd Party Cloud over a 3G/4G link – Tesla S, SysSec 2 – Platform to Platform Exchanges Secure Certification and Exchange Protocols Secure IP Based RadiosAd hoc networks, sensor networks, mesh networks, and vehicular networks CAR2X, PRESERVE – Integration and Demonstration, SysSec 3 – Off-board Communication Security Intrusion Detection SWTrusted Network Gateway HW, Encrypted Communications HW Accelerated Intrusion Detection System/Firewall System CAR2X, PRESERVE – Integration and Demonstration, SysSec 4 – Platform Storage Security Cross Domain Solution SW Encrypted Storage HWEncrypted file systems - encrypt users data, manage and create keys OVERSEE 5 – Platform Network Security Security Services SWEncrypted Communications HW Anomaly detection, Clean slate security protocols OVERSEE 6 – Embedded Processing Node SW/HW Security Malware Detection SW, Virtual Machines SW Secure Root-of-Trust HW, Secure Boot Assist HW, and Secure Execution HW Intrusion Prevention System/Application Layer Firewall, Trusted Processor Module (TPM) Extensions, Secure Processor SoC/3DIC HW ESCRYPT – Secure Operating Systems, EVITA – High, Med, Low HW Security Modules (HSMs), EURO-MILS, EVITA 7 – Platform Application SW Trusted Applications SWSecure HW Virtualization Support Autonomy Architecture with Cloud Fusion AUTOSAR SW Components 9

10 Securing Adhoc VehiculAr Inter- NETworking (VANET) Secure Vehicle Communications (SEVECOM) In car architecture components including Information Assurance Network Security – Car to Car Network Security Module Car to Car Coms Information Assurance Infrastructure - In car Network Security Module GateWay/Firewall Intrusion Detection/Attestation Trusted Processor - Tamper- Evident Security Module Key/Certificate Storage Secure Crypto Processing Secure Execution 10 REF 2

11 Information Assurance Mechanisms In Network Connected Topologies Identification – Typically use trusted third parties to validate credentials Authentication of Data Origin – With no real-time connection to Certifying authority and in one way broadcast environment Attribute Identification – Traffic density information data authentication Integrity Protection – Signatures Confidentiality Protection – Encryption Attestation of Sensor Data – Location Obfuscation/Verification Tamper Resistant-Communication – Replay Protection – Access Control – Authentication and Authorization – Jamming/DoS Protection – Firewall – Sandbox – Filtering Based on Rules REF 2 11

12 Experimental Security Analysis of a Modern Automobile Intel CTO Justin Rattner predicts that driverless cars will be available within 10 years and that buyers by then will increasingly be more interested in a vehicle's internal technology than the quality of its engine God help us when one of them runs into somebody or runs over somebody Most New Functionality in an Automobile is Electronics and Software – There are many vulnerabilities in current bridged networks 12 REF 3

13 Trusted Processing Mechanisms Hierarchy 13 REF 4

14 E-Safety Vehicle Intrusion Protected Applications (EVITA) Defines 3 classes of Hardware Security Modules (HSMs) Full Medium Lite OVERSEE ads virtualization and firewalls at each node 14 REF 5

15 AUTomotive Open System Architecture (AUTOSAR) AUTOSAR codesign methodology uses a Component Software Design Model and a virtual function bus 1) Develop requirements and constraints 2) Describe SW-Component independently of HW 3) Describe HW independently of Application SW 4) Describe System – network topology, communication Generate software executable based on configuration information for each ECU using formal methods 15 REF 6

16 Parallel Domain Security Extensions 16 Addressing General Purpose, Safe, and Secure Multicore: Incremental Path to Unified Hypervisor Infrastructure Trusted Computing: HW Root-of-Trust(HSM), Secure Boot, Dynamic Monitoring Enforced IMA Partitioning: Isolated Execution Environments via Virtualization Unified Security Services: Crypto Servcies, Secure Boot, Communication Gateway with Firewalls/ Intrusion Protection Reuseable SW Components: HW Agnostic and Uniform API Layering AUTOMOTIVE UAS AUTOSAR UAS Standards Initiatives Embedded Controllers with Trust Services Multicore Hypervisors That Support mixed GP, Safe and Secure Reusable Units of Portability in Layered Architectures (Drivers, Transport Services) Extensions for Systems-of- Systems Security Interoperability EURO-MILS SAE ESCAR

17 Representative Derived Embedded Computing Products Cloud Based Security Infrastructure Secure Network Gateway – Intrusion Detection – Firewalls – Multiple Levels of Security Secure Microcontroller – Multiple Levels of Tamper Resistant vs Cost – Secure Boot Support Secure Software APIs – Network Services – Crypto Services – Virtualization 17

18 Secsys Security Assessment/Analysis 18 REF 7

19 IMA Context Networked Car 19 REF 8

20 Flight Avionics Networks AFDX, Firewire, 1553, ARINC 429 Flight Avionics Processing HW Components IMA & Non IMA WRAs Flight Infrastructure SW Partitioned by SBC or ARINC 653 Partition Mission Avionics Networks Ethernet, 1553, FC Mission Avionics Processing HW Components IMA & Non IMA WRAs Mission Infrastructure SW Partitioned by SBC with Middleware and POSIX OS Msn Sensors Datalinks SUBSYS1SUBSYS1 Open HW Stds Topology Open SW Stds SUBSYSNSUBSYSN Radios AC Sensors Application SW Components SUBSYS1SUBSYS1 SUBSYSMSUBSYSM Application SW Components Other Platforms and the GIG MIL Mission & Wpn Subsystems MIL/COM Flt Subsystems FACE and GIG SW MODERNIZATION => Modular Interoperable Interfaces, Formal Methods UNIFIED NETWORK ARCHITECTURE = Multiple Levels of Security MULTICORE AND VIRTUALIZATION, PROCESSOR POOLING, HIGHER DENSITY PACKAGING => Embedded Secure Processing on Multicore with MILS GIG MSG INTEROPERABILITY AND INCREASED PT-PT BW => Unified Security Protocols MOBILE AND INTERNET CONNECTIVITY TO THE CLOUD => with Adhoc Network Security, IDS, Cross Domain Solutions Future Avionics Reference Architecture 20

21 Conclusions There are many parallels with regard to Information Assurance and Trusted Processing challenges for next generation avionics and automotive architectures Automotive related University Research and Automotive Consortiums have significantly increased focus on development of security for embedded systems Next generation UAS architectures require an affordable, balanced, reference security architecture while exploiting third party software and 10 billion transistor hardware chips by 2020 Embedded university research and automotive security consortiums can provide access to significant dual use solutions for avionics and other embedded industries 21

22 References REF 1 - Kumar, S., S. Gollakota, D. Katabi, 2012, A Cloud-Assisted Design for Autonomous Driving, MIT REF 2 - Groll, André, Jan Holle, Marko Wolf, Thomas Wollinger, 2010, Next Generation of Automotive Security: Secure Hardware and Secure Open Platforms, ITS World 2010 REF 3 - Koscher, Carl, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, 2010, Experimental Security Analysis of a Modern Automobile, Oakland 2010 REF 4 - Hwang, D., Patrick Schaumont, Shenglin Yang, Ingrid Verbauwhede, 2006, Multi-level Design Validation in a Secure Embedded System, IEEE Transctions on Computers, Vol. 55, No. 11, November 2006 REF 5 - Wolfe, M., 2009, Designing Secure Automotive Hardware for Enhancing Traffic Safety – The EVITA Project, CAST Workshop Mobile Security for Intelligent Cars REF 6 - AUTOSAR Web Site – REF 7 - Syssec Web Site, syssec Deliverable D6.2: Intermediate Report on the Security of the Connected Car – REF 8 - Tverdyshev, Sergey, EURO-MILS, Secure European Virtualisation for Trustworthy Applications in Critical Domains, SYSGO, Presentation for EURO-MILS Project REF 9 - Gaska, Thomas, 2013, Assessing Dual Use Embedded Security For IMA, Digital Avionics Systems Conference 2013 REF 10 - Gaska, Thomas, 2014, Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs), AUVSI 2014 – This paper includes the web sites for all research programs mentioned in the taxonomy table for future study 22


Download ppt "Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs) Thomas Gaska Lockheed Martin MST Owego and Binghamton University."

Similar presentations


Ads by Google