Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lockheed Martin MST Owego and Binghamton University

Similar presentations

Presentation on theme: "Lockheed Martin MST Owego and Binghamton University"— Presentation transcript:

1 Lockheed Martin MST Owego and Binghamton University
Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs) Thomas Gaska Lockheed Martin MST Owego and Binghamton University

2 Introduction There is a future opportunity to leverage COTS security technology being developed for the driverless car into future UAS Integrated Modular Architectures (IMAs) Infrastructure and Information Security are critical issues in networked UAS team configurations with increasing degrees of autonomy and collaboration The security hierarchy includes off-board connectivity level gateways, application level software security mechanisms, platform and subsystem network security gateways, processing infrastructure elements, and security primitives and protocols

3 Agenda 1.) Common Security Challenges – UAS and Driverless Cars
2.) Dual Use Security Taxonomy 3.) Automotive Industry Security Initiatives Mapped to Potential UAS Relevance 4.) Future Embedded Security Product Directions 5.) Conclusions

4 Common Security Challenges – UAS and Driverless Cars
Increased cooperative platform autonomy => Mixed capability management and levels of autonomy Need to cooperate with less and more capable manned systems with goal of optionally piloted capability Connectivity to the Cloud and GIG => Every platform will interact as a sensor for situation awareness Need to offload system-of-system management to an adhoc, trusted in-frastructure Connectivity within the platform for storage and onboard/offboard services at multiple trust levels => Multiple Levels of Security Need Multiple security domains within and across the platforms Protection of critical program information and tamper resistance => Trusted Computing Elements Need to balance open architecture and enforce trust Increase standardization to support collapsing into a common component infrastructure => Next Generation Integrated Modular Avionics (IMA) Need to leverage Moore’s Law multicore explosion while maintaining safety and security Increase cross platform reuse => Domain standardization initiatives Need hardware agnostic software components and uniform software interfaces Affordability consistent with the threat, policy, and customer => Early demonstration of advanced solution capability for acceptance/validation Need for incremental technology insertion across a wide range of affordability targets Next generation avionics architectures need to provide enhanced IA and TP solutions to protect new capabilities

5 Automotive Autonomy Applications Architecture
REF 1 Automotive components, standards, and topologies will need to be incrementally developed in a reference architecture

6 IMA Architecture – Driverless Cars
SENSOR NET UAS NET Planning/.Control VMS NET Cloud Services CLOUD NET Cloud Future autonomous architectures will drive distributed security into a new generation of modular component based SW/HW

7 Information Assurance and Trusted Processing Definitions
Infrastructure security is the security to prevent tampering in the computer and networking hardware and software infrastructure Infrastructure security is typically associated with Tamper Resistant Computing and Information Security associated with Information Assurance (IA) Both of these security infrastructures need to be properly addressed and incremental extended in to enable future levels of autonomy

8 Generic Security Hierarchy
Cloud (public, private, hybrid) to Platform Exchanges Platform to Platform Exchanges Off-board Communication Security Platform Storage Security Platform Network Security Embedded Processing Node SW/HW Security Platform Application/Infrastructure Software

9 Avionics Security Taxonomy Mapped to University Research and Automotive Domains
Layer # Information Assurance for Avionics Trusted Processing for Avionics University Security Research Focus Areas Automotive Security Industry Focus 1 – Cloud (public, private, hybrid) to Platform Exchanges Private Cloud Security SW Infrastructure Trusted Network Infrastructure HW Access control/identity management, data control/data loss, anomaly detection/security policy, hypervisor vulnerabilities Car will connected to the Vendor/3rd Party Cloud over a 3G/4G link – Tesla S, SysSec 2 – Platform to Platform Exchanges Secure Certification and Exchange Protocols Secure IP Based Radios Ad hoc networks, sensor networks, mesh networks, and vehicular networks CAR2X, PRESERVE – Integration and Demonstration, SysSec 3 – Off-board Communication Security Intrusion Detection SW Trusted Network Gateway HW, Encrypted Communications HW Accelerated Intrusion Detection System/Firewall System 4 – Platform Storage Security Cross Domain Solution SW Encrypted Storage HW Encrypted file systems - encrypt user’s data, manage and create keys OVERSEE 5 – Platform Network Security Security Services SW Encrypted Communications HW Anomaly detection, Clean slate security protocols 6 – Embedded Processing Node SW/HW Security Malware Detection SW, Virtual Machines SW Secure Root-of-Trust HW, Secure Boot Assist HW, and Secure Execution HW Intrusion Prevention System/Application Layer Firewall, Trusted Processor Module (TPM) Extensions, Secure Processor SoC/3DIC HW ESCRYPT – Secure Operating Systems, EVITA – High, Med, Low HW Security Modules (HSMs), EURO-MILS, EVITA 7 – Platform Application SW Trusted Applications SW Secure HW Virtualization Support Autonomy Architecture with Cloud Fusion AUTOSAR SW Components

10 Securing Adhoc VehiculAr Inter-NETworking (VANET)
Secure Vehicle Communications (SEVECOM) In car architecture components including Information Assurance Network Security – Car to Car Network Security Module Car to Car Coms Information Assurance Infrastructure - In car Network Security Module GateWay/Firewall Intrusion Detection/Attestation Trusted Processor - Tamper-Evident Security Module Key/Certificate Storage Secure Crypto Processing Secure Execution REF 2

11 Information Assurance Mechanisms In Network Connected Topologies
Identification Typically use trusted third parties to validate credentials Authentication of Data Origin With no real-time connection to Certifying authority and in one way broadcast environment Attribute Identification Traffic density information data authentication Integrity Protection Signatures Confidentiality Protection Encryption Attestation of Sensor Data Location Obfuscation/Verification Tamper Resistant-Communication Replay Protection Access Control Authentication and Authorization Jamming/DoS Protection Firewall Sandbox Filtering Based on Rules REF 2

12 Experimental Security Analysis of a Modern Automobile
Intel CTO Justin Rattner predicts that driverless cars will be available within 10 years and that buyers by then will increasingly be more interested in a vehicle's internal technology than the quality of its engine God help us when one of them runs into somebody or runs over somebody Most New Functionality in an Automobile is Electronics and Software – There are many vulnerabilities in current bridged networks REF 3

13 Trusted Processing Mechanisms Hierarchy

14 E-Safety Vehicle Intrusion Protected Applications (EVITA)
Defines 3 classes of Hardware Security Modules (HSMs) Full Medium Lite OVERSEE ads virtualization and firewalls at each node REF 5

15 AUTomotive Open System Architecture (AUTOSAR)
AUTOSAR codesign methodology uses a Component Software Design Model and a virtual function bus 1) Develop requirements and constraints 2) Describe SW-Component independently of HW 3) Describe HW independently of Application SW 4) Describe System – network topology, communication Generate software executable based on configuration information for each ECU using formal methods REF 6

16 Parallel Domain Security Extensions
Reuseable SW Components: HW Agnostic and Uniform API Layering Unified Security Services: Crypto Servcies, Secure Boot, CommunicationGateway with Firewalls/ Intrusion Protection Enforced IMA Partitioning: Isolated Execution Environments via Virtualization AUTOSAR UAS Standards Initiatives EURO-MILS SAE ESCAR Extensions for Systems-of-Systems Security Interoperability AUTOMOTIVE UAS Reusable Units of Portability in Layered Architectures (Drivers, Transport Services) Multicore Hypervisors That Support mixed GP, Safe and Secure Embedded Controllers with Trust Services Addressing General Purpose, Safe, and Secure Multicore: Incremental Path to Unified Hypervisor Infrastructure Trusted Computing: HW Root-of-Trust(HSM), Secure Boot, Dynamic Monitoring

17 Representative Derived Embedded Computing Products
Cloud Based Security Infrastructure Secure Network Gateway Intrusion Detection Firewalls Multiple Levels of Security Secure Microcontroller Multiple Levels of Tamper Resistant vs Cost Secure Boot Support Secure Software APIs Network Services Crypto Services Virtualization

18 Secsys Security Assessment/Analysis

19 IMA Context Networked Car

20 Future Avionics Reference Architecture
FACE and GIG SW MODERNIZATION => Modular Interoperable Interfaces, Formal Methods MIL Mission & Wpn Subsystems SUBSYS1 SUBSYSN SUBSYS1 SUBSYSM MIL/COM Flt Subsystems Application SW Components Application SW Components Open SW Stds MULTICORE AND VIRTUALIZATION, PROCESSOR POOLING, HIGHER DENSITY PACKAGING => Embedded Secure Processing on Multicore with MILS Mission Infrastructure SW Partitioned by SBC with Middleware and POSIX OS Flight Infrastructure SW Partitioned by SBC or ARINC 653 Partition Msn Sensors AC Sensors Mission Avionics Processing HW Components IMA & Non IMA WRAs Flight Avionics Processing HW Components IMA & Non IMA WRAs Open HW Stds Datalinks Radios Mission Avionics Networks Ethernet, 1553, FC Flight Avionics Networks AFDX, Firewire, 1553, ARINC 429 Topology UNIFIED NETWORK ARCHITECTURE = Multiple Levels of Security MOBILE AND INTERNET CONNECTIVITY TO THE CLOUD => with Adhoc Network Security, IDS, Cross Domain Solutions GIG MSG INTEROPERABILITY AND INCREASED PT-PT BW => Unified Security Protocols Other Platforms and the GIG

21 Conclusions There are many parallels with regard to Information Assurance and Trusted Processing challenges for next generation avionics and automotive architectures Automotive related University Research and Automotive Consortiums have significantly increased focus on development of security for embedded systems Next generation UAS architectures require an affordable, balanced, reference security architecture while exploiting third party software and 10 billion transistor hardware chips by 2020 Embedded university research and automotive security consortiums can provide access to significant dual use solutions for avionics and other embedded industries

22 References REF Kumar, S., S. Gollakota, D. Katabi, 2012, A Cloud-Assisted Design for Autonomous Driving, MIT REF 2 - Groll, André, Jan Holle, Marko Wolf, Thomas Wollinger, 2010, Next Generation of Automotive Security: Secure Hardware and Secure Open Platforms, ITS World 2010 REF 3 - Koscher, Carl, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, 2010, Experimental Security Analysis of a Modern Automobile, Oakland 2010 REF 4 - Hwang, D., Patrick Schaumont, Shenglin Yang, Ingrid Verbauwhede, 2006, Multi-level Design Validation in a Secure Embedded System, IEEE Transctions on Computers, Vol. 55, No. 11, November 2006 REF 5 - Wolfe, M., 2009, Designing Secure Automotive Hardware for Enhancing Traffic Safety – The EVITA Project, CAST Workshop Mobile Security for Intelligent Cars REF 6 - AUTOSAR Web Site REF 7 - Syssec Web Site, syssec Deliverable D6.2: Intermediate Report on the Security of the Connected Car REF 8 - Tverdyshev, Sergey, EURO-MILS, Secure European Virtualisation for Trustworthy Applications in Critical Domains, SYSGO, Presentation for EURO-MILS Project REF 9 - Gaska, Thomas, 2013, Assessing Dual Use Embedded Security For IMA, Digital Avionics Systems Conference 2013 REF 10 - Gaska, Thomas, 2014, Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs), AUVSI 2014 This paper includes the web sites for all research programs mentioned in the taxonomy table for future study

Download ppt "Lockheed Martin MST Owego and Binghamton University"

Similar presentations

Ads by Google