SlideShare une entreprise Scribd logo

20181116.smart can cable_v2

Mocke Tech
Mocke Tech

Introduction of Smart CAN Cable for automobile security.

Ingénierie
1  sur  39
Télécharger pour lire hors ligne
© 2018 LAC Co., Ltd. Smart CAN Cable, another IPS for CANBUS network November 16, 2018 Ryoichi KIDA and Kiyotaka ATSUMI IoT Tech. Lab., CYBER GRID JAPAN, LAC Co., Ltd.
© 2018 LAC Co., Ltd. - 3 - Disclaimer This presentation is personal opinions and is not any opinions on behalf of organizations to belong to.
© 2018 LAC Co., Ltd. - 4 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
© 2018 LAC Co., Ltd. - 5 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
© 2018 LAC Co., Ltd. - 6 - Introduction In the future situation of the automobile  OEM will be forced to install connection to cloud and V2X (C2X in Europe) by the governments. We mean almost cars will be connected.  Connection to cloud will provide latest map, latest situation of traffic jam, latest firmware, and it will be used on remote maintenance when your car is broken.  V2X(C2X) will provide a useful information:  Traffic signal will change to red soon,  A motorcycle behind an oncoming car when you are going to make a left turn,  A huge baggage fell from a truck in front 500m ahead  and many other useful information for safety.
© 2018 LAC Co., Ltd. - 7 - Introduction In the future situation of the automobile  OEM will be forced to install connection to cloud and V2X (C2X in Europe) by the governments. We mean almost cars will be connected.  Connection to cloud will provide latest map, latest situation of traffic jam, latest firmware, and it will be used on remote maintenance when your car is broken.  V2X(C2X) will provide a useful information:  Traffic signal will change to red soon,  A motorcycle behind an oncoming car when you are going to make a left turn,  A huge baggage fell by a truck in front 500m ahead  and many other useful information. *1) IOActive: Remote Exploitation of an Unaltered Passenger Vehicle https://ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf *2) KEEN Security Lab: Experimental Security Assessment of BMW Cars: A Summary Report https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
© 2018 LAC Co., Ltd. - 8 - Introduction Important facts  Any software has bugs, and some of them will be vulnerabilities.  Malicious actors always search and exploit any vulnerabilities including connected-cars.  Malicious actors plant a malware into computers including ECUs to collect useful information for the next attack.  The malware survives in the computer and in the ECU, and it will do the next attack. How do we prevent this? Observe malicious activities and handle incidents.
© 2018 LAC Co., Ltd. - 9 - Introduction Possibilities of MSS for connected-cars  MSS is a service that security analysts check the logs sent from the customer's FW and IDS, and they call the customer when they find a critical attack.  Does it adapt to connected-cars?
© 2018 LAC Co., Ltd. - 10 - Introduction Possibilities of MSS for connected-cars Malicious Actor Security Operation Center Applying MSS to connected-cars using current in-vehicle security measures (IDS, MAC, and so on) for connected-cars. Attack! Oh my gosh! Your car is compromised by the actor. You must put your car to the edge of the road and stop the engine. I pray for your safety. I cannot control this car! Please help me! Security Operation Center cannot prevent this attack because they do not identify which ECU is compromised.
© 2018 LAC Co., Ltd. - 11 - Introduction Possibilities of MSS for connected-cars Malicious Actor Security Operation Center Applying MSS to connected-cars using an in-vehicle security measure of identifying a compromised ECU. Attack! Oh my gosh! An ECU in your car is compromised by the actor. Due to prevent the attack, we stop the compromised ECU. You must put your car to the edge of the road and stop the engine. OK! maybe I can manage it. The behavior of the car is stable because the compromised ECU is identified and stopped.
© 2018 LAC Co., Ltd. - 12 - Introduction Possibilities of MSS for connected-cars That is, MSS for connected-cars needs a measure of identifying a compromised ECU.
© 2018 LAC Co., Ltd. - 13 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
© 2018 LAC Co., Ltd. - 14 - Current security measures Studies of security measures We found some studies on security measures for an in- vehicle network related to our study.  IDS/IPS  Message Authentication Code (MAC).  Identity-Anonymized CAN (IA-CAN).  ... Actually, many researchers engage in security measures for connected-cars.
© 2018 LAC Co., Ltd. - 15 - Current security measures Proposed IDS/IPS Ideas Many ideas are proposed to identify an illegal frame. ECU IDS ECU ECU …  Blacklist / Whitelist  Corrupted frame  Unlikely frame  Irregular frame during cyclic frames  Somehow a suspicious frame... OBD-II ECU
© 2018 LAC Co., Ltd. - 16 - Rare ideas are proposed to intercept the illegal frame. ECU IPS ECU ECU …  Overwrite the illegal frame with an error frame  ...  Does it work well?  How do we get back control from the actor? OBD-II ECU Current security measures Proposed IDS/IPS Ideas
© 2018 LAC Co., Ltd. - 17 - Current security measures Message Authentication Code (MAC)  MAC is value calculated using a cryptographic hash function and freshness value from a frame.  AUTOSAR defines Message Authentication Code (MAC). AUTOSAR: Specification of Secure Onboard Communication https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf SOF CAN ID (11bits) RTR IDE R Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) SOF CAN ID (11bits) RTR IDE R DLC (4bits) Data Field (0-32bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) Original CAN frame CAN frame with MAC Fresh- ness (4bits) MAC (28bits) DLC (4bits)
© 2018 LAC Co., Ltd. - 18 - Current security measures Message Authentication Code (MAC)  Advantage:  Almost illegal frame may be refused by all ECUs because its frame does not have any legal MACs.  Disadvantage:  MAC may not refuse any illegal frames if an actor can control to calculate correctly MAC.  MAC cannot identify which ECU is compromised if MAC uses the same crypt key on all ECUs.  MAC requires a rich computing resources to ECUs.  MAC reduces the length of data field from 64bits to 32bits.  MAC may be weak for a flood attack. AUTOSAR: Specification of Secure Onboard Communication https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf
© 2018 LAC Co., Ltd. - 19 - Current security measures Identity-Anonymized CAN (IA-CAN)  Sender identification is encrypted with freshness value and set the extended CANID field.  All ECUs have the same synchronized freshness value  All ECUs can identify the sender ECU when they receive every frame. Xia, Z., Kawabata, T., Komano, Y., ”A Secure Design for Practical Identity-Anonymized CAN Application,” Embedded Security in Cars (escar) Europe, November 16, 2016 SOF CAN ID (11bits) SRR IDE R1 Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) Original CAN frame with extended ID IA-CAN frame DLC (4bits) Extended ID (18bits) RTR R2 SOF CAN ID (11bits) SRR IDE R1 Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) DLC (4bits) Encrypted Sender ID (18bits) RTR R2
© 2018 LAC Co., Ltd. - 20 - Current security measures Identity-Anonymized CAN (IA-CAN)  Advantage:  Unknown sender ECU may be refused.  Disadvantage:  IA-CAN cannot refuse an illegal frame from a right sender ECU.  IA-CAN needs the extended CANID field (18 bits). We mean we cannot use the extended CANID field.  IA-CAN may be weak for a flood attack. Xia, Z., Kawabata, T., Komano, Y., ”A Secure Design for Practical Identity-Anonymized CAN Application,” Embedded Security in Cars (escar) Europe, November 16, 2016
© 2018 LAC Co., Ltd. - 21 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
© 2018 LAC Co., Ltd. - 22 - Our Proposal Connector … Connector Connector Connector Connector ECU IDS ECU ECU ECU Smart CAN Cable  Smart CAN Cable identifies the compromised ECU that sends an illegal frame.  Smart CAN Cable is independently controllable that each ECU may send a frame or may not. OBD-II Smart CAN Cable The idea of identifying a compromised ECU
© 2018 LAC Co., Ltd. - 23 - How to identify the compromised ECU Connector … Connector Connector Connector Connector ECU IDS ECU ECU ECU Smart CAN Cable OBD-II 1. All connectors have a ring buffer to record frames from ECU directly connected to itself. 2. IDS asks all connectors whether they have an illegal frame in their own ring buffer if IDS identifies the illegal frame. 3. That is the compromised ECU directly connected to the connector having the illegal frame. Smart CAN Cable The idea of identifying a compromised ECU
© 2018 LAC Co., Ltd. - 24 - Example: ECU2 sends an illegal frame. Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised Illegal frame Hash value of the illegal frame Information of compromised ECU Smart CAN Cable The idea of identifying a compromised ECU
© 2018 LAC Co., Ltd. - 25 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised The hash value of the frame is recorded into the connector's ring buffer and broadcasts on CANBUS Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
© 2018 LAC Co., Ltd. - 26 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised IDS decides the frame is illegal. Illegal! Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
© 2018 LAC Co., Ltd. - 27 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised IDS asks all connectors whether they have the illegal frame. Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
© 2018 LAC Co., Ltd. - 28 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised Only the connector connected to ECU2 has the same frame. That is, ECU2 is compromised. = Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
© 2018 LAC Co., Ltd. - 29 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised The connector broadcasts the information of compromised ECU, and cut the compromised ECU. = × Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
© 2018 LAC Co., Ltd. - 30 - Requires of Smart CAN Cable's connectors  Due to record the frame from a ECU, each connector must identify the direction of a frame from CANBUS or from the ECU directly connected to itself.  Each connector scans a frame in its own ring buffer when the IDS asks to find the message.  All connectors must not lose any frame.  All connectors must not delay any frame. Smart CAN Cable The idea of identifying a compromised ECU
© 2018 LAC Co., Ltd. - 31 - Smart CAN Cable Structure of each connector (Previous ver.) Inside of Connector ECU Transceiver Repeater CAN BUS Controller Ring Buffer Transceiver  Record a hash value of a message from ECU into its own ring buffer.  Search the hash value in its own ring buffer when IPS sends the hash value.  Order to stop to relay any messages to repeater after it finds the hash value. Controller role
© 2018 LAC Co., Ltd. - 32 - CANH CANL Circuit Breaker ECU R R Current Direction Detector CANL CANB CANID Timing Filter MCU Ring Buffer DIRM CANT CANH DIRS CANL CANH Inside of the connector Smart CAN Cable Structure of each connector (Current ver.) We can identify the direction of a message using voltage drop with a sense resister. Sense resister
© 2018 LAC Co., Ltd. - 33 - Receiver ECU Sender ECU has voltage drop Receiver ECU has no voltage drop 120Ω 120Ω ∞Ω 1Ω 1Ω ∞Ω 1Ω 1Ω 1Ω 1Ω ~ 0~2v Calculation: Whole resistance value R = 1 / ( 1 / 120 + 1 / 120 + 1 / ( 1 + ∞ + 1) + 1 / ( 1 + ∞ + 1)) = 60 [Ω] VA VS VR Voltage Drop : VS, VR VS = 1 / ( 1 + R + 1) × 2[v] = 0.0323[v] VR = 1 / ( 1 + ∞ + 1) × VA = 0 [v] Voltage Drop : VA, VA = R / ( 1 + R + 1) ×2[v] = 60 / ( 1 + 60 + 1) ×2 = 1.94[v] Only while sending period, the sense resister has voltage drop Smart CAN Cable Abstract of the electric circuit
© 2018 LAC Co., Ltd. - 34 - Smart CAN Cable Signal timing chart  The resister with a sender ECU has voltage drop while sending ID, and we can know the direction of the frame.  The resister with a receiver ECU has no voltage drop except ACK bit in the frame. But ACK bit is not in CANID timing filter, so Signal Direction outputs always "Low".
© 2018 LAC Co., Ltd. - 35 - Smart CAN Cable Other Implementations  Black list: a set of CANIDs that is never received by the ECU.  White list: a set of CANIDs that is sent by the ECU. It will be an illegal frame if the ECU sends a frame using a CANID not including white list. (The ECU never sends IDS's frame, for example)  Each connector has each black list and white list adapting each ECU directly connecting to the its connector.  Each connector needs minimal IDS function when it finds an illegal frame using black list and white list.  Configurator is also needed. Configurator is an independent device on CANBUS, which maintains black lists and white lists in all connectors.  Smart CAN Cable can work well with other security measures. We mean, OEM can freely choose any security measures and Smart CAN Cable together.
© 2018 LAC Co., Ltd. - 36 - Smart CAN Cable Potential vulnerabilities  Smart CAN Cable overlooks illegal frames until IDS identify the illegal frames. At least the first illegal frame will reach to every ECU. (except the case of which each connector finds illegal message using white list / black list)  The performance of Smart CAN Cable depends on the IDS performance. We don't define any IDS specs. We mean Smart CAN Cable can collaborate any IDSs.  Smart CAN Cable may cut a good health ECU incorrectly if the IDS wrongly identify a normal frame as an illegal frame.  Current implementation cannot separate between the first frame and the replay attack frame if they are sent sequentially. In this case, two connectors have the same message, and they will cut its own ECU at the same time if the IDS detects that the frame is illegal.
© 2018 LAC Co., Ltd. - 37 - Smart CAN Cable Current status  Currently, PoC of Smart Can Cable is under developing.  Current Direction Detector is nearly completed.  Software on MCU is nearly completed.  We focus to build CANID Timing Filter with FPGA.  It will be completed by the end of this year.
© 2018 LAC Co., Ltd. - 38 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
© 2018 LAC Co., Ltd. - 39 - Conclusion  MSS for connected-cars needs a security measure of identifying a compromised ECU.  We explained how Smart CAN Cable detects and cut a compromised ECU .  Smart CAN Cable can work with an IDS that is made by any companies, and Smart CAN Cable's performance depends on this IDS.  We introduced other similar studies(MAC, IA-CAN), and explain how different among them and Smart CAN Cable.  Smart CAN Cable can work with any security measures together on the in-vehicle network such as IDS, MAC, IA-CAN, and so on.
Thank you. Any Questions ? © 2018 LAC Co., Ltd. 株式会社ラック 〒102-0093 東京都千代田区平河町2-16-1 平河町森タワー Tel 03-6757-0113 Fax 03-6757-0193 sales@lac.co.jp www.lac.co.jp ※ 本資料は2018年10月現在の情報に基づいて作成しており、記載内容は予告なく変更される場合があります。 ※ 本資料に掲載の図は、資料作成用のイメージカットであり、実際とは異なる場合があります。 ※ LAC、ラック、JSOC、サイバー救急センターは株式会社ラックの登録商標です。 ※ その他記載されている会社名、製品名は一般に各社の商標または登録商標です。

Recommandé

Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
ATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceChristopher Korban
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue TechniqueOne Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue TechniqueDaniel Weiss
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 

Recommandé

Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
ATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceChristopher Korban
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue TechniqueOne Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue TechniqueDaniel Weiss
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!Priyanka Aash
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainErik Van Buggenhout
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
ATT&CK BINGO
ATT&CK BINGOATT&CK BINGO
ATT&CK BINGOAdam Pennington
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourAdam Pennington
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
 
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...Mocke Tech
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAlison Chaiken
 

Contenu connexe

Tendances

When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!Priyanka Aash
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainErik Van Buggenhout
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourAdam Pennington
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
 

Tendances (20)

When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
ATT&CK BINGO
ATT&CK BINGOATT&CK BINGO
ATT&CK BINGO
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The Password
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
 

Similaire à 20181116.smart can cable_v2

Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...Mocke Tech
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAlison Chaiken
 
Advanced car security system
Advanced car security systemAdvanced car security system
Advanced car security systemAmi Goswami
 
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyEB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyAlexander Much
 
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationIntegration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationSachin Mehta
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsAlison Chaiken
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
Wi-Fi Controlled Car
Wi-Fi Controlled CarWi-Fi Controlled Car
Wi-Fi Controlled CarIRJET Journal
 
IRJET- The Smart in-Car Technology
IRJET- The Smart in-Car TechnologyIRJET- The Smart in-Car Technology
IRJET- The Smart in-Car TechnologyIRJET Journal
 
IRJET- Review Paper on Iot Based Technology in Automobiles
IRJET- Review Paper on Iot Based Technology in AutomobilesIRJET- Review Paper on Iot Based Technology in Automobiles
IRJET- Review Paper on Iot Based Technology in AutomobilesIRJET Journal
 
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry PiIRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry PiIRJET Journal
 
IRJET- Tracking of Vehicle’s Location using Probe Request
IRJET- Tracking of Vehicle’s Location using Probe RequestIRJET- Tracking of Vehicle’s Location using Probe Request
IRJET- Tracking of Vehicle’s Location using Probe RequestIRJET Journal
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
 
IRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET- Smart Vehicle Automation with Blackbox using IoTIRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET- Smart Vehicle Automation with Blackbox using IoTIRJET Journal
 
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systemsSolutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systemsGanesan Narayanasamy
 
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)ParthaS
 

Similaire à 20181116.smart can cable_v2 (20)

Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
 
Advanced car security system
Advanced car security systemAdvanced car security system
Advanced car security system
 
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyEB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safety
 
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and CommunicationIntegration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and Communication
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in CarsFrom Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car Security
 
Edmunds presentation
Edmunds presentationEdmunds presentation
Edmunds presentation
 
Fleet Concerns
Fleet ConcernsFleet Concerns
Fleet Concerns
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
Wi-Fi Controlled Car
Wi-Fi Controlled CarWi-Fi Controlled Car
Wi-Fi Controlled Car
 
IRJET- The Smart in-Car Technology
IRJET- The Smart in-Car TechnologyIRJET- The Smart in-Car Technology
IRJET- The Smart in-Car Technology
 
IRJET- Review Paper on Iot Based Technology in Automobiles
IRJET- Review Paper on Iot Based Technology in AutomobilesIRJET- Review Paper on Iot Based Technology in Automobiles
IRJET- Review Paper on Iot Based Technology in Automobiles
 
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry PiIRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
 
IRJET- Tracking of Vehicle’s Location using Probe Request
IRJET- Tracking of Vehicle’s Location using Probe RequestIRJET- Tracking of Vehicle’s Location using Probe Request
IRJET- Tracking of Vehicle’s Location using Probe Request
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
 
IRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET- Smart Vehicle Automation with Blackbox using IoTIRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET- Smart Vehicle Automation with Blackbox using IoT
 
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systemsSolutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
 
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
 

Plus de Mocke Tech

勤怠管理の音声ガイド -- 音声によるUI/UXを考える
勤怠管理の音声ガイド -- 音声によるUI/UXを考える勤怠管理の音声ガイド -- 音声によるUI/UXを考える
勤怠管理の音声ガイド -- 音声によるUI/UXを考えるMocke Tech
 
最新ニュースを音読させる
最新ニュースを音読させる最新ニュースを音読させる
最新ニュースを音読させるMocke Tech
 
制御システムのための検知と監視
制御システムのための検知と監視制御システムのための検知と監視
制御システムのための検知と監視Mocke Tech
 
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)Mocke Tech
 
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズムヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズムMocke Tech
 
MitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMocke Tech
 
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkA trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkMocke Tech
 
Making Portable Super Computer
Making Portable Super ComputerMaking Portable Super Computer
Making Portable Super ComputerMocke Tech
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringMocke Tech
 
Online programming examination
Online programming examinationOnline programming examination
Online programming examinationMocke Tech
 
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibratorsMocke Tech
 
20190808.kuruma iotlt.can cable
20190808.kuruma iotlt.can cable20190808.kuruma iotlt.can cable
20190808.kuruma iotlt.can cableMocke Tech
 

Plus de Mocke Tech (13)

勤怠管理の音声ガイド -- 音声によるUI/UXを考える
勤怠管理の音声ガイド -- 音声によるUI/UXを考える勤怠管理の音声ガイド -- 音声によるUI/UXを考える
勤怠管理の音声ガイド -- 音声によるUI/UXを考える
 
最新ニュースを音読させる
最新ニュースを音読させる最新ニュースを音読させる
最新ニュースを音読させる
 
制御システムのための検知と監視
制御システムのための検知と監視制御システムのための検知と監視
制御システムのための検知と監視
 
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
 
Slide
SlideSlide
Slide
 
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズムヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
 
MitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxy
 
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkA trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M network
 
Making Portable Super Computer
Making Portable Super ComputerMaking Portable Super Computer
Making Portable Super Computer
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Online programming examination
Online programming examinationOnline programming examination
Online programming examination
 
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
 
20190808.kuruma iotlt.can cable
20190808.kuruma iotlt.can cable20190808.kuruma iotlt.can cable
20190808.kuruma iotlt.can cable
 

Dernier

+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...Health
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxnuruddin69
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxmaisarahman1
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...HenryBriggs2
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadhamedmustafa094
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086anil_gaur
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 

Dernier (20)

+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 

20181116.smart can cable_v2

  • 1. © 2018 LAC Co., Ltd. Smart CAN Cable, another IPS for CANBUS network November 16, 2018 Ryoichi KIDA and Kiyotaka ATSUMI IoT Tech. Lab., CYBER GRID JAPAN, LAC Co., Ltd.
  • 2. © 2018 LAC Co., Ltd. - 3 - Disclaimer This presentation is personal opinions and is not any opinions on behalf of organizations to belong to.
  • 3. © 2018 LAC Co., Ltd. - 4 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
  • 4. © 2018 LAC Co., Ltd. - 5 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
  • 5. © 2018 LAC Co., Ltd. - 6 - Introduction In the future situation of the automobile  OEM will be forced to install connection to cloud and V2X (C2X in Europe) by the governments. We mean almost cars will be connected.  Connection to cloud will provide latest map, latest situation of traffic jam, latest firmware, and it will be used on remote maintenance when your car is broken.  V2X(C2X) will provide a useful information:  Traffic signal will change to red soon,  A motorcycle behind an oncoming car when you are going to make a left turn,  A huge baggage fell from a truck in front 500m ahead  and many other useful information for safety.
  • 6. © 2018 LAC Co., Ltd. - 7 - Introduction In the future situation of the automobile  OEM will be forced to install connection to cloud and V2X (C2X in Europe) by the governments. We mean almost cars will be connected.  Connection to cloud will provide latest map, latest situation of traffic jam, latest firmware, and it will be used on remote maintenance when your car is broken.  V2X(C2X) will provide a useful information:  Traffic signal will change to red soon,  A motorcycle behind an oncoming car when you are going to make a left turn,  A huge baggage fell by a truck in front 500m ahead  and many other useful information. *1) IOActive: Remote Exploitation of an Unaltered Passenger Vehicle https://ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf *2) KEEN Security Lab: Experimental Security Assessment of BMW Cars: A Summary Report https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
  • 7. © 2018 LAC Co., Ltd. - 8 - Introduction Important facts  Any software has bugs, and some of them will be vulnerabilities.  Malicious actors always search and exploit any vulnerabilities including connected-cars.  Malicious actors plant a malware into computers including ECUs to collect useful information for the next attack.  The malware survives in the computer and in the ECU, and it will do the next attack. How do we prevent this? Observe malicious activities and handle incidents.
  • 8. © 2018 LAC Co., Ltd. - 9 - Introduction Possibilities of MSS for connected-cars  MSS is a service that security analysts check the logs sent from the customer's FW and IDS, and they call the customer when they find a critical attack.  Does it adapt to connected-cars?
  • 9. © 2018 LAC Co., Ltd. - 10 - Introduction Possibilities of MSS for connected-cars Malicious Actor Security Operation Center Applying MSS to connected-cars using current in-vehicle security measures (IDS, MAC, and so on) for connected-cars. Attack! Oh my gosh! Your car is compromised by the actor. You must put your car to the edge of the road and stop the engine. I pray for your safety. I cannot control this car! Please help me! Security Operation Center cannot prevent this attack because they do not identify which ECU is compromised.
  • 10. © 2018 LAC Co., Ltd. - 11 - Introduction Possibilities of MSS for connected-cars Malicious Actor Security Operation Center Applying MSS to connected-cars using an in-vehicle security measure of identifying a compromised ECU. Attack! Oh my gosh! An ECU in your car is compromised by the actor. Due to prevent the attack, we stop the compromised ECU. You must put your car to the edge of the road and stop the engine. OK! maybe I can manage it. The behavior of the car is stable because the compromised ECU is identified and stopped.
  • 11. © 2018 LAC Co., Ltd. - 12 - Introduction Possibilities of MSS for connected-cars That is, MSS for connected-cars needs a measure of identifying a compromised ECU.
  • 12. © 2018 LAC Co., Ltd. - 13 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
  • 13. © 2018 LAC Co., Ltd. - 14 - Current security measures Studies of security measures We found some studies on security measures for an in- vehicle network related to our study.  IDS/IPS  Message Authentication Code (MAC).  Identity-Anonymized CAN (IA-CAN).  ... Actually, many researchers engage in security measures for connected-cars.
  • 14. © 2018 LAC Co., Ltd. - 15 - Current security measures Proposed IDS/IPS Ideas Many ideas are proposed to identify an illegal frame. ECU IDS ECU ECU …  Blacklist / Whitelist  Corrupted frame  Unlikely frame  Irregular frame during cyclic frames  Somehow a suspicious frame... OBD-II ECU
  • 15. © 2018 LAC Co., Ltd. - 16 - Rare ideas are proposed to intercept the illegal frame. ECU IPS ECU ECU …  Overwrite the illegal frame with an error frame  ...  Does it work well?  How do we get back control from the actor? OBD-II ECU Current security measures Proposed IDS/IPS Ideas
  • 16. © 2018 LAC Co., Ltd. - 17 - Current security measures Message Authentication Code (MAC)  MAC is value calculated using a cryptographic hash function and freshness value from a frame.  AUTOSAR defines Message Authentication Code (MAC). AUTOSAR: Specification of Secure Onboard Communication https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf SOF CAN ID (11bits) RTR IDE R Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) SOF CAN ID (11bits) RTR IDE R DLC (4bits) Data Field (0-32bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) Original CAN frame CAN frame with MAC Fresh- ness (4bits) MAC (28bits) DLC (4bits)
  • 17. © 2018 LAC Co., Ltd. - 18 - Current security measures Message Authentication Code (MAC)  Advantage:  Almost illegal frame may be refused by all ECUs because its frame does not have any legal MACs.  Disadvantage:  MAC may not refuse any illegal frames if an actor can control to calculate correctly MAC.  MAC cannot identify which ECU is compromised if MAC uses the same crypt key on all ECUs.  MAC requires a rich computing resources to ECUs.  MAC reduces the length of data field from 64bits to 32bits.  MAC may be weak for a flood attack. AUTOSAR: Specification of Secure Onboard Communication https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf
  • 18. © 2018 LAC Co., Ltd. - 19 - Current security measures Identity-Anonymized CAN (IA-CAN)  Sender identification is encrypted with freshness value and set the extended CANID field.  All ECUs have the same synchronized freshness value  All ECUs can identify the sender ECU when they receive every frame. Xia, Z., Kawabata, T., Komano, Y., ”A Secure Design for Practical Identity-Anonymized CAN Application,” Embedded Security in Cars (escar) Europe, November 16, 2016 SOF CAN ID (11bits) SRR IDE R1 Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) Original CAN frame with extended ID IA-CAN frame DLC (4bits) Extended ID (18bits) RTR R2 SOF CAN ID (11bits) SRR IDE R1 Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) DLC (4bits) Encrypted Sender ID (18bits) RTR R2
  • 19. © 2018 LAC Co., Ltd. - 20 - Current security measures Identity-Anonymized CAN (IA-CAN)  Advantage:  Unknown sender ECU may be refused.  Disadvantage:  IA-CAN cannot refuse an illegal frame from a right sender ECU.  IA-CAN needs the extended CANID field (18 bits). We mean we cannot use the extended CANID field.  IA-CAN may be weak for a flood attack. Xia, Z., Kawabata, T., Komano, Y., ”A Secure Design for Practical Identity-Anonymized CAN Application,” Embedded Security in Cars (escar) Europe, November 16, 2016
  • 20. © 2018 LAC Co., Ltd. - 21 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
  • 21. © 2018 LAC Co., Ltd. - 22 - Our Proposal Connector … Connector Connector Connector Connector ECU IDS ECU ECU ECU Smart CAN Cable  Smart CAN Cable identifies the compromised ECU that sends an illegal frame.  Smart CAN Cable is independently controllable that each ECU may send a frame or may not. OBD-II Smart CAN Cable The idea of identifying a compromised ECU
  • 22. © 2018 LAC Co., Ltd. - 23 - How to identify the compromised ECU Connector … Connector Connector Connector Connector ECU IDS ECU ECU ECU Smart CAN Cable OBD-II 1. All connectors have a ring buffer to record frames from ECU directly connected to itself. 2. IDS asks all connectors whether they have an illegal frame in their own ring buffer if IDS identifies the illegal frame. 3. That is the compromised ECU directly connected to the connector having the illegal frame. Smart CAN Cable The idea of identifying a compromised ECU
  • 23. © 2018 LAC Co., Ltd. - 24 - Example: ECU2 sends an illegal frame. Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised Illegal frame Hash value of the illegal frame Information of compromised ECU Smart CAN Cable The idea of identifying a compromised ECU
  • 24. © 2018 LAC Co., Ltd. - 25 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised The hash value of the frame is recorded into the connector's ring buffer and broadcasts on CANBUS Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
  • 25. © 2018 LAC Co., Ltd. - 26 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised IDS decides the frame is illegal. Illegal! Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
  • 26. © 2018 LAC Co., Ltd. - 27 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised IDS asks all connectors whether they have the illegal frame. Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
  • 27. © 2018 LAC Co., Ltd. - 28 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised Only the connector connected to ECU2 has the same frame. That is, ECU2 is compromised. = Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
  • 28. © 2018 LAC Co., Ltd. - 29 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised The connector broadcasts the information of compromised ECU, and cut the compromised ECU. = × Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
  • 29. © 2018 LAC Co., Ltd. - 30 - Requires of Smart CAN Cable's connectors  Due to record the frame from a ECU, each connector must identify the direction of a frame from CANBUS or from the ECU directly connected to itself.  Each connector scans a frame in its own ring buffer when the IDS asks to find the message.  All connectors must not lose any frame.  All connectors must not delay any frame. Smart CAN Cable The idea of identifying a compromised ECU
  • 30. © 2018 LAC Co., Ltd. - 31 - Smart CAN Cable Structure of each connector (Previous ver.) Inside of Connector ECU Transceiver Repeater CAN BUS Controller Ring Buffer Transceiver  Record a hash value of a message from ECU into its own ring buffer.  Search the hash value in its own ring buffer when IPS sends the hash value.  Order to stop to relay any messages to repeater after it finds the hash value. Controller role
  • 31. © 2018 LAC Co., Ltd. - 32 - CANH CANL Circuit Breaker ECU R R Current Direction Detector CANL CANB CANID Timing Filter MCU Ring Buffer DIRM CANT CANH DIRS CANL CANH Inside of the connector Smart CAN Cable Structure of each connector (Current ver.) We can identify the direction of a message using voltage drop with a sense resister. Sense resister
  • 32. © 2018 LAC Co., Ltd. - 33 - Receiver ECU Sender ECU has voltage drop Receiver ECU has no voltage drop 120Ω 120Ω ∞Ω 1Ω 1Ω ∞Ω 1Ω 1Ω 1Ω 1Ω ~ 0~2v Calculation: Whole resistance value R = 1 / ( 1 / 120 + 1 / 120 + 1 / ( 1 + ∞ + 1) + 1 / ( 1 + ∞ + 1)) = 60 [Ω] VA VS VR Voltage Drop : VS, VR VS = 1 / ( 1 + R + 1) × 2[v] = 0.0323[v] VR = 1 / ( 1 + ∞ + 1) × VA = 0 [v] Voltage Drop : VA, VA = R / ( 1 + R + 1) ×2[v] = 60 / ( 1 + 60 + 1) ×2 = 1.94[v] Only while sending period, the sense resister has voltage drop Smart CAN Cable Abstract of the electric circuit
  • 33. © 2018 LAC Co., Ltd. - 34 - Smart CAN Cable Signal timing chart  The resister with a sender ECU has voltage drop while sending ID, and we can know the direction of the frame.  The resister with a receiver ECU has no voltage drop except ACK bit in the frame. But ACK bit is not in CANID timing filter, so Signal Direction outputs always "Low".
  • 34. © 2018 LAC Co., Ltd. - 35 - Smart CAN Cable Other Implementations  Black list: a set of CANIDs that is never received by the ECU.  White list: a set of CANIDs that is sent by the ECU. It will be an illegal frame if the ECU sends a frame using a CANID not including white list. (The ECU never sends IDS's frame, for example)  Each connector has each black list and white list adapting each ECU directly connecting to the its connector.  Each connector needs minimal IDS function when it finds an illegal frame using black list and white list.  Configurator is also needed. Configurator is an independent device on CANBUS, which maintains black lists and white lists in all connectors.  Smart CAN Cable can work well with other security measures. We mean, OEM can freely choose any security measures and Smart CAN Cable together.
  • 35. © 2018 LAC Co., Ltd. - 36 - Smart CAN Cable Potential vulnerabilities  Smart CAN Cable overlooks illegal frames until IDS identify the illegal frames. At least the first illegal frame will reach to every ECU. (except the case of which each connector finds illegal message using white list / black list)  The performance of Smart CAN Cable depends on the IDS performance. We don't define any IDS specs. We mean Smart CAN Cable can collaborate any IDSs.  Smart CAN Cable may cut a good health ECU incorrectly if the IDS wrongly identify a normal frame as an illegal frame.  Current implementation cannot separate between the first frame and the replay attack frame if they are sent sequentially. In this case, two connectors have the same message, and they will cut its own ECU at the same time if the IDS detects that the frame is illegal.
  • 36. © 2018 LAC Co., Ltd. - 37 - Smart CAN Cable Current status  Currently, PoC of Smart Can Cable is under developing.  Current Direction Detector is nearly completed.  Software on MCU is nearly completed.  We focus to build CANID Timing Filter with FPGA.  It will be completed by the end of this year.
  • 37. © 2018 LAC Co., Ltd. - 38 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
  • 38. © 2018 LAC Co., Ltd. - 39 - Conclusion  MSS for connected-cars needs a security measure of identifying a compromised ECU.  We explained how Smart CAN Cable detects and cut a compromised ECU .  Smart CAN Cable can work with an IDS that is made by any companies, and Smart CAN Cable's performance depends on this IDS.  We introduced other similar studies(MAC, IA-CAN), and explain how different among them and Smart CAN Cable.  Smart CAN Cable can work with any security measures together on the in-vehicle network such as IDS, MAC, IA-CAN, and so on.
  • 39. Thank you. Any Questions ? © 2018 LAC Co., Ltd. 株式会社ラック 〒102-0093 東京都千代田区平河町2-16-1 平河町森タワー Tel 03-6757-0113 Fax 03-6757-0193 sales@lac.co.jp www.lac.co.jp ※ 本資料は2018年10月現在の情報に基づいて作成しており、記載内容は予告なく変更される場合があります。 ※ 本資料に掲載の図は、資料作成用のイメージカットであり、実際とは異なる場合があります。 ※ LAC、ラック、JSOC、サイバー救急センターは株式会社ラックの登録商標です。 ※ その他記載されている会社名、製品名は一般に各社の商標または登録商標です。