Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Safety and Security - New Challenges for the Car Industry

Published byAlice Banks Modified over 6 years ago

Similar presentations

Presentation on theme: "Electronic Safety and Security - New Challenges for the Car Industry"— Presentation transcript:

1 Electronic Safety and Security - New Challenges for the Car Industry
Ross Anderson Cambridge University

2 Vehicle Design and Infosec
Until now, infosec mechanisms were added to vehicles piecemeal with new features Remote locking, digital tachographs, toll tags, stolen vehicle tracking, … They are now starting to interact - a systems view is needed They also interact with safety systems such as ABS, traction control, firmware upgrade … As more and more safety and security features are demanded, the problem will get worse There are also serious competitive issues

3 Outline of Talk Key entry, immobilisers - and carjacking
Tachographs, speed limiters, lojack Road pricing Engine management unit hacking GPRS firmware update; platform issues Feature interactions and screen-of-death Aftermarket control and IP enforcement

4 First Crypto App - Key Entry
Keys, RKE, immobilisers F -> E: {N, R}KF N is a ‘nonce’, for ‘number used once’ - a serial number, random number, or even a random challenge from E How do you manage the keys - especially with many criminals working in the garage trade? Details not trivial - can a thief use a grabber to record and replay? What about a valet parking attendant? Separate codes for lock and unlock?

5 Design detail …

6 Extending the technology
Easy extension of remote key entry technology - home garage door openers Slightly further extension - access to municipal and company parking garages Chamberlain vs Skylink case - is it possible to use a patent or copyright on your crypto to block compatible products and control aftermarkets? So far - not (EU Software Directive) but being fought over (IP Enforcement Directive) Similar technology used in printer ink cartridges, mobile phone batteries, computer games …

7 Monitoring Systems Increasing number of monitoring systems for drivers’ hours, vehicle location, engine use, airbag deployment, … Many more being planned, for example for next-generation road pricing Introduce tensions between vehicle owner or driver, and some third party Is this a safety system, which helps me, or a control system which restricts me? The tension can undermine safety

8 Traditional Technology

9 Tachographs Falling asleep at the wheel causes 16% of accidents on normal roads, 23% on motorways This compares with alcohol causing 3.1% of accidents in the UK, 9.5% in Germany EU requires that heavy goods vehicles have tachographs to monitor drivers’ hours They are also used to investigate accidents and toxic waste dumping, and to deter theft of fuel They are commonly linked to speed limiters

10 Attacks on Tachographs (1)
Survey of over 1000 convictions in 1998 Procedural exploits were 68% of all driver offences, 71% of all operator offences Typical method: ghosting Collusion between drivers and employers Even worse in places like Benelux, near many borders

11 Alice, Bob and Charlie

12 Attacks on Tachographs (2)
25% of driver offences and 21% of operator offences involved tampering with power, impulses, cables and seals Short the cable, or put a switch in it Replace the fuse with a blown one (with safety consequences for Iveco trucks!) State-of-the-art: the radio-controlled interruptor UK police view: the move from mechanical rotating cables to digital electronics had made tampering easier

13 Attacks on Tachographs (3)
Tampering with the tachograph head itself accounted for only 5% of driver offences and 7% of operator offences Tricks: bend the stylus, insert a wire to jam the mechanism, reduce the supply voltage, wire a flasher unit in series, introduce Trojan circuitry in the instrument … This sort of manipulation can be made much harder with modern electronics - but it’s not the main problem!

14 Scope of the Problem If enforcement perfected, or abandoned, annual cost could be lives Some very capable opponents, e.g. firms with over 1000 trucks, many convictions Widely different national enforcement - e.g., Dutch do audits, Britain does roadside checks Secondary hazards, e.g. speed limiters lead vendors to de-rate tyres and brakes Drive to integrate electronics means that tachograph defeats will affect more other systems too, e.g. ABS

15 Knock-on effects EU Tachosmart project set up to replace paper-disk systems with smartcards Security solves the wrong problems - see my paper ‘On the Security of Digital Tachographs’. BSI agreed - but Britain and Germany lost the vote in Brussels New digital systems are easier to hack, and procedural defeats will be easier still during 10-year roll-out period UK government response - GPS-based road pricing to be mandatory for all trucks by 2006 Cars may have to install it by 2010

16 Public fears of Big Brother…
Sunday Times August

17 Firmware Issues People re-chip car engines - a legitimate aftermarket, or a threat to safety? Diesel engine controllers - drivers induce failure in de-rated engine controllers (so there’s a supply chain issue) Now manufacturers want to manage and upgrade firmware via GPRS Police want a law-enforcement-initiated engine deceleration command for any GSM cell But mobile phones are easy to hack - expect viruses, as with PCs. What could viruses do?

18

19 How are car and computer dependability different?
Computer industry is young (50y vs 120y) and technology not stable yet Time-to-market is critical Design and implementation complexity are both high Products general rather than specific Result: most security failures due to opportunistic exploits of bugs, blunders See my paper ‘Why Cryptosystems Fail’

20 How are car and computer economics different?
Customer lock-in has some importance for car makers (spare parts) but for computer companies it’s all-important Shapiro-Varian theorem: value of a software company = total switching costs of all customers E.g. law firm with 100 staff paying $500 a seat for Office - would cost $50,000 to train staff on OpenOffice, convert files … So controlling lock-in is critical. That’s why it’s harder to change from PC -> Mac than from Mercedes -> BMW

21 How do Information Security and Economics Interact?
‘Information Rights Management’ tools in Office 2003 / Trusted Computing move control of a file from the machine owner to the file creator So the law firm with 100 staff needs not just $50,000 in training to move to OpenOffice, but digital certificates from all its 5000 clients! Customer lock-in will increase; so will the value of Microsoft’s software business Also: big battle to extend control from PC platform to DRM, to mobile phone platform… See my ‘Trusted Computing FAQ’ and workshops on economics and infosec

22 Who has control? In one application after another, security has become a struggle for value chain control Mobile phones - will the user, network operator or DRM vendor control software? PCs - will ‘Trusted Computing’ give (even more) control to Microsoft? RFID - power to the brands, or to the retailers? I will cooperate with a security mechanism (works in my interest) but with a control mechanism (works in someone else’s interest)? And when a mechanism mixes safety and control (as with the Iveco ABS implementation)?

23 Franz-Josef Paefgen, who runs VAG’s Betley business, actually drives a 1956 Morris Minor

24 Security Engineering Security engineering is about building systems to remain dependable in the face of malice, error or mischance It focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt them as their environment evolves

25 Conclusions Until now, the various safety and security mechanisms in a car could be designed in isolation Even so, designers often reinvented the wheel Now that all the systems start to talk to each other, a systems approach is vital The issues are not just technical - business models are involved too Vehicle engineers should study the lessons available from other sectors

Download ppt "Electronic Safety and Security - New Challenges for the Car Industry"

Similar presentations

Welcome to the Radionet Monitoring Secure-Com Presentation.

Welcome to the Radionet Monitoring Secure-Com Presentation.
Vista, TC and Competition Policy Ross Anderson Cambridge University and Foundation for Information Policy Research.

Vista, TC and Competition Policy Ross Anderson Cambridge University and Foundation for Information Policy Research.
Competition and ‘Trusted Computing’ Ross Anderson Cambridge University and Foundation for Information Policy Research.

Competition and ‘Trusted Computing’ Ross Anderson Cambridge University and Foundation for Information Policy Research.
Who benefits from stronger Digital Rights Management? Ross Anderson Cambridge University and Foundation for Information Policy Research.

Who benefits from stronger Digital Rights Management? Ross Anderson Cambridge University and Foundation for Information Policy Research.
Operating Systems Or why is Bill Gates so rich? Computers Mr. Specter Steel Valley High School Or why is Bill Gates so rich? Computers Mr. Specter Steel.

Operating Systems Or why is Bill Gates so rich? Computers Mr. Specter Steel Valley High School Or why is Bill Gates so rich? Computers Mr. Specter Steel.
System Security for Cyborgs Ross Anderson Cambridge.

System Security for Cyborgs Ross Anderson Cambridge.
Tussle in cyberspace: Defining tomorrow ’ s internet D.Clark, J.Wroclawski, K.Sollins & R.Braden Presented by: Ao-Jan Su (Slides in courtesy of: Baoning.

Tussle in cyberspace: Defining tomorrow ’ s internet D.Clark, J.Wroclawski, K.Sollins & R.Braden Presented by: Ao-Jan Su (Slides in courtesy of: Baoning.
1 Complements A complement to one product or service is any other product or service that makes the first one more attractive.

1 Complements A complement to one product or service is any other product or service that makes the first one more attractive.
Tracking & Monitoring solutions for trailers Do you need a low cost GPS solution for On-line and On-event fleet and asset tracking? Find out where your.

Tracking & Monitoring solutions for trailers Do you need a low cost GPS solution for On-line and On-event fleet and asset tracking? Find out where your.
Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.

Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
1 Introduction to Security Chapter 11 Information Technology (IT) Security.

1 Introduction to Security Chapter 11 Information Technology (IT) Security.
A337 File Design Computerized and Manual Systems 4/4/2012.

A337 File Design Computerized and Manual Systems 4/4/2012.
Theo Tryfonas Centre in Systems, Faculty of Engineering Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and.

Theo Tryfonas Centre in Systems, Faculty of Engineering Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and.
Not only Safe but Competitive Presentation to Copy Protection Technical Working Group October 22, 2003 Far East Engineering Corp, Tokyo Japan Makoto Saito/Rie.

Not only Safe but Competitive Presentation to Copy Protection Technical Working Group October 22, 2003 Far East Engineering Corp, Tokyo Japan Makoto Saito/Rie.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Networks and Hackers Copyright © Texas Education Agency, 2013. All rights reserved. 1.

Networks and Hackers Copyright © Texas Education Agency, All rights reserved. 1.
Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.

Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.
A337 File Design Computerized and Manual Systems 11/10/2009.

A337 File Design Computerized and Manual Systems 11/10/2009.
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Similar presentations

Ads by Google