Soumettre la recherche
Mettre en ligne
20181116.smart can cable_v2
•
0 j'aime
•
44 vues
Mocke Tech
Suivre
Introduction of Smart CAN Cable for automobile security.
Lire moins
Lire la suite
Ingénierie
Signaler
Partager
Signaler
Partager
1 sur 39
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Christopher Korban
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
Christopher Korban
ATT&CKing with Threat Intelligence
ATT&CKing with Threat Intelligence
Christopher Korban
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
Katie Nickels
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue Technique
Daniel Weiss
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
Adam Pennington
Recommandé
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Christopher Korban
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
Christopher Korban
ATT&CKing with Threat Intelligence
ATT&CKing with Threat Intelligence
Christopher Korban
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
Katie Nickels
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue Technique
Daniel Weiss
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
Adam Pennington
When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
FireEye, Inc.
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Robert Brandel
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
Firewall buyers-guide
Firewall buyers-guide
Andy Kwong
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
Erik Van Buggenhout
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
ATT&CK BINGO
ATT&CK BINGO
Adam Pennington
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
MARIUS EUGEN OPRAN
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
Adam Pennington
Keynote Session : Kill The Password
Keynote Session : Kill The Password
Priyanka Aash
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Mocke Tech
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
Alison Chaiken
Contenu connexe
Tendances
When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
FireEye, Inc.
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Robert Brandel
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
Firewall buyers-guide
Firewall buyers-guide
Andy Kwong
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
Erik Van Buggenhout
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
ATT&CK BINGO
ATT&CK BINGO
Adam Pennington
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
MARIUS EUGEN OPRAN
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
Adam Pennington
Keynote Session : Kill The Password
Keynote Session : Kill The Password
Priyanka Aash
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
Tendances
(20)
When Insiders ATT&CK!
When Insiders ATT&CK!
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Firewall buyers-guide
Firewall buyers-guide
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
ATT&CK BINGO
ATT&CK BINGO
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
Keynote Session : Kill The Password
Keynote Session : Kill The Password
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
Similaire à 20181116.smart can cable_v2
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Mocke Tech
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
Alison Chaiken
Advanced car security system
Advanced car security system
Ami Goswami
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safety
Alexander Much
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and Communication
Sachin Mehta
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
Alison Chaiken
Connected Car Security
Connected Car Security
Suresh Mandava
Edmunds presentation
Edmunds presentation
Alison Chaiken
Fleet Concerns
Fleet Concerns
BenGardiner17
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
CODE BLUE
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
Security Innovation
Wi-Fi Controlled Car
Wi-Fi Controlled Car
IRJET Journal
IRJET- The Smart in-Car Technology
IRJET- The Smart in-Car Technology
IRJET Journal
IRJET- Review Paper on Iot Based Technology in Automobiles
IRJET- Review Paper on Iot Based Technology in Automobiles
IRJET Journal
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET Journal
IRJET- Tracking of Vehicle’s Location using Probe Request
IRJET- Tracking of Vehicle’s Location using Probe Request
IRJET Journal
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
FFRI, Inc.
IRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET Journal
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Ganesan Narayanasamy
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
ParthaS
Similaire à 20181116.smart can cable_v2
(20)
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Smart CAN Cable -- Another proposal of intrusion prevention system (IPS) for ...
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
Advanced car security system
Advanced car security system
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safety
Integration of Advanced Protocols for Detection and Communication
Integration of Advanced Protocols for Detection and Communication
From Driver Distraction to Driver Augmentation: Open Source in Cars
From Driver Distraction to Driver Augmentation: Open Source in Cars
Connected Car Security
Connected Car Security
Edmunds presentation
Edmunds presentation
Fleet Concerns
Fleet Concerns
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
Wi-Fi Controlled Car
Wi-Fi Controlled Car
IRJET- The Smart in-Car Technology
IRJET- The Smart in-Car Technology
IRJET- Review Paper on Iot Based Technology in Automobiles
IRJET- Review Paper on Iot Based Technology in Automobiles
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET - Implementation of SDC: Self-Driving Car based on Raspberry Pi
IRJET- Tracking of Vehicle’s Location using Probe Request
IRJET- Tracking of Vehicle’s Location using Probe Request
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
IRJET- Smart Vehicle Automation with Blackbox using IoT
IRJET- Smart Vehicle Automation with Blackbox using IoT
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Connected Cars Quickly Becoming Part of the Internet of Things (IoT)
Plus de Mocke Tech
勤怠管理の音声ガイド -- 音声によるUI/UXを考える
勤怠管理の音声ガイド -- 音声によるUI/UXを考える
Mocke Tech
最新ニュースを音読させる
最新ニュースを音読させる
Mocke Tech
制御システムのための検知と監視
制御システムのための検知と監視
Mocke Tech
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
Mocke Tech
Slide
Slide
Mocke Tech
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
Mocke Tech
MitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxy
Mocke Tech
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M network
Mocke Tech
Making Portable Super Computer
Making Portable Super Computer
Mocke Tech
Social Engineering
Social Engineering
Mocke Tech
Online programming examination
Online programming examination
Mocke Tech
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
Mocke Tech
20190808.kuruma iotlt.can cable
20190808.kuruma iotlt.can cable
Mocke Tech
Plus de Mocke Tech
(13)
勤怠管理の音声ガイド -- 音声によるUI/UXを考える
勤怠管理の音声ガイド -- 音声によるUI/UXを考える
最新ニュースを音読させる
最新ニュースを音読させる
制御システムのための検知と監視
制御システムのための検知と監視
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
対向車線から飛んできたトラック、どう処理したい?(ネタ出し)
Slide
Slide
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
ヘテロなクラスタ環境に適した 並列誤差逆伝搬アルゴリズム
MitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxy
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M network
Making Portable Super Computer
Making Portable Super Computer
Social Engineering
Social Engineering
Online programming examination
Online programming examination
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
無線ロータのセキュリティとセーフティ / Safety and security for remote control vibrators
20190808.kuruma iotlt.can cable
20190808.kuruma iotlt.can cable
Dernier
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
Health
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
nuruddin69
Online electricity billing project report..pdf
Online electricity billing project report..pdf
Kamal Acharya
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
maisarahman1
Employee leave management system project.
Employee leave management system project.
Kamal Acharya
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
Omar Fathy
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
hamedmustafa094
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
DineshKumar4165
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
JuliansyahHarahap1
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
JiananWang21
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
JIT KUMAR GUPTA
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
anil_gaur
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
DineshKumar4165
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
bhaskargani46
Dernier
(20)
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
Online electricity billing project report..pdf
Online electricity billing project report..pdf
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
Employee leave management system project.
Employee leave management system project.
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
20181116.smart can cable_v2
1.
© 2018 LAC
Co., Ltd. Smart CAN Cable, another IPS for CANBUS network November 16, 2018 Ryoichi KIDA and Kiyotaka ATSUMI IoT Tech. Lab., CYBER GRID JAPAN, LAC Co., Ltd.
2.
© 2018 LAC
Co., Ltd. - 3 - Disclaimer This presentation is personal opinions and is not any opinions on behalf of organizations to belong to.
3.
© 2018 LAC
Co., Ltd. - 4 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
4.
© 2018 LAC
Co., Ltd. - 5 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
5.
© 2018 LAC
Co., Ltd. - 6 - Introduction In the future situation of the automobile OEM will be forced to install connection to cloud and V2X (C2X in Europe) by the governments. We mean almost cars will be connected. Connection to cloud will provide latest map, latest situation of traffic jam, latest firmware, and it will be used on remote maintenance when your car is broken. V2X(C2X) will provide a useful information: Traffic signal will change to red soon, A motorcycle behind an oncoming car when you are going to make a left turn, A huge baggage fell from a truck in front 500m ahead and many other useful information for safety.
6.
© 2018 LAC
Co., Ltd. - 7 - Introduction In the future situation of the automobile OEM will be forced to install connection to cloud and V2X (C2X in Europe) by the governments. We mean almost cars will be connected. Connection to cloud will provide latest map, latest situation of traffic jam, latest firmware, and it will be used on remote maintenance when your car is broken. V2X(C2X) will provide a useful information: Traffic signal will change to red soon, A motorcycle behind an oncoming car when you are going to make a left turn, A huge baggage fell by a truck in front 500m ahead and many other useful information. *1) IOActive: Remote Exploitation of an Unaltered Passenger Vehicle https://ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf *2) KEEN Security Lab: Experimental Security Assessment of BMW Cars: A Summary Report https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
7.
© 2018 LAC
Co., Ltd. - 8 - Introduction Important facts Any software has bugs, and some of them will be vulnerabilities. Malicious actors always search and exploit any vulnerabilities including connected-cars. Malicious actors plant a malware into computers including ECUs to collect useful information for the next attack. The malware survives in the computer and in the ECU, and it will do the next attack. How do we prevent this? Observe malicious activities and handle incidents.
8.
© 2018 LAC
Co., Ltd. - 9 - Introduction Possibilities of MSS for connected-cars MSS is a service that security analysts check the logs sent from the customer's FW and IDS, and they call the customer when they find a critical attack. Does it adapt to connected-cars?
9.
© 2018 LAC
Co., Ltd. - 10 - Introduction Possibilities of MSS for connected-cars Malicious Actor Security Operation Center Applying MSS to connected-cars using current in-vehicle security measures (IDS, MAC, and so on) for connected-cars. Attack! Oh my gosh! Your car is compromised by the actor. You must put your car to the edge of the road and stop the engine. I pray for your safety. I cannot control this car! Please help me! Security Operation Center cannot prevent this attack because they do not identify which ECU is compromised.
10.
© 2018 LAC
Co., Ltd. - 11 - Introduction Possibilities of MSS for connected-cars Malicious Actor Security Operation Center Applying MSS to connected-cars using an in-vehicle security measure of identifying a compromised ECU. Attack! Oh my gosh! An ECU in your car is compromised by the actor. Due to prevent the attack, we stop the compromised ECU. You must put your car to the edge of the road and stop the engine. OK! maybe I can manage it. The behavior of the car is stable because the compromised ECU is identified and stopped.
11.
© 2018 LAC
Co., Ltd. - 12 - Introduction Possibilities of MSS for connected-cars That is, MSS for connected-cars needs a measure of identifying a compromised ECU.
12.
© 2018 LAC
Co., Ltd. - 13 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
13.
© 2018 LAC
Co., Ltd. - 14 - Current security measures Studies of security measures We found some studies on security measures for an in- vehicle network related to our study. IDS/IPS Message Authentication Code (MAC). Identity-Anonymized CAN (IA-CAN). ... Actually, many researchers engage in security measures for connected-cars.
14.
© 2018 LAC
Co., Ltd. - 15 - Current security measures Proposed IDS/IPS Ideas Many ideas are proposed to identify an illegal frame. ECU IDS ECU ECU … Blacklist / Whitelist Corrupted frame Unlikely frame Irregular frame during cyclic frames Somehow a suspicious frame... OBD-II ECU
15.
© 2018 LAC
Co., Ltd. - 16 - Rare ideas are proposed to intercept the illegal frame. ECU IPS ECU ECU … Overwrite the illegal frame with an error frame ... Does it work well? How do we get back control from the actor? OBD-II ECU Current security measures Proposed IDS/IPS Ideas
16.
© 2018 LAC
Co., Ltd. - 17 - Current security measures Message Authentication Code (MAC) MAC is value calculated using a cryptographic hash function and freshness value from a frame. AUTOSAR defines Message Authentication Code (MAC). AUTOSAR: Specification of Secure Onboard Communication https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf SOF CAN ID (11bits) RTR IDE R Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) SOF CAN ID (11bits) RTR IDE R DLC (4bits) Data Field (0-32bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) Original CAN frame CAN frame with MAC Fresh- ness (4bits) MAC (28bits) DLC (4bits)
17.
© 2018 LAC
Co., Ltd. - 18 - Current security measures Message Authentication Code (MAC) Advantage: Almost illegal frame may be refused by all ECUs because its frame does not have any legal MACs. Disadvantage: MAC may not refuse any illegal frames if an actor can control to calculate correctly MAC. MAC cannot identify which ECU is compromised if MAC uses the same crypt key on all ECUs. MAC requires a rich computing resources to ECUs. MAC reduces the length of data field from 64bits to 32bits. MAC may be weak for a flood attack. AUTOSAR: Specification of Secure Onboard Communication https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf
18.
© 2018 LAC
Co., Ltd. - 19 - Current security measures Identity-Anonymized CAN (IA-CAN) Sender identification is encrypted with freshness value and set the extended CANID field. All ECUs have the same synchronized freshness value All ECUs can identify the sender ECU when they receive every frame. Xia, Z., Kawabata, T., Komano, Y., ”A Secure Design for Practical Identity-Anonymized CAN Application,” Embedded Security in Cars (escar) Europe, November 16, 2016 SOF CAN ID (11bits) SRR IDE R1 Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) Original CAN frame with extended ID IA-CAN frame DLC (4bits) Extended ID (18bits) RTR R2 SOF CAN ID (11bits) SRR IDE R1 Data Field (0-64bits) EOF (7bits) ACK Delimita ACK CRC Delimita CRC (15bits) DLC (4bits) Encrypted Sender ID (18bits) RTR R2
19.
© 2018 LAC
Co., Ltd. - 20 - Current security measures Identity-Anonymized CAN (IA-CAN) Advantage: Unknown sender ECU may be refused. Disadvantage: IA-CAN cannot refuse an illegal frame from a right sender ECU. IA-CAN needs the extended CANID field (18 bits). We mean we cannot use the extended CANID field. IA-CAN may be weak for a flood attack. Xia, Z., Kawabata, T., Komano, Y., ”A Secure Design for Practical Identity-Anonymized CAN Application,” Embedded Security in Cars (escar) Europe, November 16, 2016
20.
© 2018 LAC
Co., Ltd. - 21 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
21.
© 2018 LAC
Co., Ltd. - 22 - Our Proposal Connector … Connector Connector Connector Connector ECU IDS ECU ECU ECU Smart CAN Cable Smart CAN Cable identifies the compromised ECU that sends an illegal frame. Smart CAN Cable is independently controllable that each ECU may send a frame or may not. OBD-II Smart CAN Cable The idea of identifying a compromised ECU
22.
© 2018 LAC
Co., Ltd. - 23 - How to identify the compromised ECU Connector … Connector Connector Connector Connector ECU IDS ECU ECU ECU Smart CAN Cable OBD-II 1. All connectors have a ring buffer to record frames from ECU directly connected to itself. 2. IDS asks all connectors whether they have an illegal frame in their own ring buffer if IDS identifies the illegal frame. 3. That is the compromised ECU directly connected to the connector having the illegal frame. Smart CAN Cable The idea of identifying a compromised ECU
23.
© 2018 LAC
Co., Ltd. - 24 - Example: ECU2 sends an illegal frame. Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised Illegal frame Hash value of the illegal frame Information of compromised ECU Smart CAN Cable The idea of identifying a compromised ECU
24.
© 2018 LAC
Co., Ltd. - 25 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised The hash value of the frame is recorded into the connector's ring buffer and broadcasts on CANBUS Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
25.
© 2018 LAC
Co., Ltd. - 26 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised IDS decides the frame is illegal. Illegal! Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
26.
© 2018 LAC
Co., Ltd. - 27 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised IDS asks all connectors whether they have the illegal frame. Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
27.
© 2018 LAC
Co., Ltd. - 28 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised Only the connector connected to ECU2 has the same frame. That is, ECU2 is compromised. = Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
28.
© 2018 LAC
Co., Ltd. - 29 - Connector … Connector Connector Connector Connector ECU1 IDS ECU2 ECUn ECU Smart CAN Cable OBD-II Compromised The connector broadcasts the information of compromised ECU, and cut the compromised ECU. = × Smart CAN Cable The idea of identifying a compromised ECU Illegal frame Hash value of the illegal frame Information of compromised ECU
29.
© 2018 LAC
Co., Ltd. - 30 - Requires of Smart CAN Cable's connectors Due to record the frame from a ECU, each connector must identify the direction of a frame from CANBUS or from the ECU directly connected to itself. Each connector scans a frame in its own ring buffer when the IDS asks to find the message. All connectors must not lose any frame. All connectors must not delay any frame. Smart CAN Cable The idea of identifying a compromised ECU
30.
© 2018 LAC
Co., Ltd. - 31 - Smart CAN Cable Structure of each connector (Previous ver.) Inside of Connector ECU Transceiver Repeater CAN BUS Controller Ring Buffer Transceiver Record a hash value of a message from ECU into its own ring buffer. Search the hash value in its own ring buffer when IPS sends the hash value. Order to stop to relay any messages to repeater after it finds the hash value. Controller role
31.
© 2018 LAC
Co., Ltd. - 32 - CANH CANL Circuit Breaker ECU R R Current Direction Detector CANL CANB CANID Timing Filter MCU Ring Buffer DIRM CANT CANH DIRS CANL CANH Inside of the connector Smart CAN Cable Structure of each connector (Current ver.) We can identify the direction of a message using voltage drop with a sense resister. Sense resister
32.
© 2018 LAC
Co., Ltd. - 33 - Receiver ECU Sender ECU has voltage drop Receiver ECU has no voltage drop 120Ω 120Ω ∞Ω 1Ω 1Ω ∞Ω 1Ω 1Ω 1Ω 1Ω ~ 0~2v Calculation: Whole resistance value R = 1 / ( 1 / 120 + 1 / 120 + 1 / ( 1 + ∞ + 1) + 1 / ( 1 + ∞ + 1)) = 60 [Ω] VA VS VR Voltage Drop : VS, VR VS = 1 / ( 1 + R + 1) × 2[v] = 0.0323[v] VR = 1 / ( 1 + ∞ + 1) × VA = 0 [v] Voltage Drop : VA, VA = R / ( 1 + R + 1) ×2[v] = 60 / ( 1 + 60 + 1) ×2 = 1.94[v] Only while sending period, the sense resister has voltage drop Smart CAN Cable Abstract of the electric circuit
33.
© 2018 LAC
Co., Ltd. - 34 - Smart CAN Cable Signal timing chart The resister with a sender ECU has voltage drop while sending ID, and we can know the direction of the frame. The resister with a receiver ECU has no voltage drop except ACK bit in the frame. But ACK bit is not in CANID timing filter, so Signal Direction outputs always "Low".
34.
© 2018 LAC
Co., Ltd. - 35 - Smart CAN Cable Other Implementations Black list: a set of CANIDs that is never received by the ECU. White list: a set of CANIDs that is sent by the ECU. It will be an illegal frame if the ECU sends a frame using a CANID not including white list. (The ECU never sends IDS's frame, for example) Each connector has each black list and white list adapting each ECU directly connecting to the its connector. Each connector needs minimal IDS function when it finds an illegal frame using black list and white list. Configurator is also needed. Configurator is an independent device on CANBUS, which maintains black lists and white lists in all connectors. Smart CAN Cable can work well with other security measures. We mean, OEM can freely choose any security measures and Smart CAN Cable together.
35.
© 2018 LAC
Co., Ltd. - 36 - Smart CAN Cable Potential vulnerabilities Smart CAN Cable overlooks illegal frames until IDS identify the illegal frames. At least the first illegal frame will reach to every ECU. (except the case of which each connector finds illegal message using white list / black list) The performance of Smart CAN Cable depends on the IDS performance. We don't define any IDS specs. We mean Smart CAN Cable can collaborate any IDSs. Smart CAN Cable may cut a good health ECU incorrectly if the IDS wrongly identify a normal frame as an illegal frame. Current implementation cannot separate between the first frame and the replay attack frame if they are sent sequentially. In this case, two connectors have the same message, and they will cut its own ECU at the same time if the IDS detects that the frame is illegal.
36.
© 2018 LAC
Co., Ltd. - 37 - Smart CAN Cable Current status Currently, PoC of Smart Can Cable is under developing. Current Direction Detector is nearly completed. Software on MCU is nearly completed. We focus to build CANID Timing Filter with FPGA. It will be completed by the end of this year.
37.
© 2018 LAC
Co., Ltd. - 38 - Outline 1. Introduction 2. Current security measures 3. The idea of Smart CAN Cable 4. Conclusion
38.
© 2018 LAC
Co., Ltd. - 39 - Conclusion MSS for connected-cars needs a security measure of identifying a compromised ECU. We explained how Smart CAN Cable detects and cut a compromised ECU . Smart CAN Cable can work with an IDS that is made by any companies, and Smart CAN Cable's performance depends on this IDS. We introduced other similar studies(MAC, IA-CAN), and explain how different among them and Smart CAN Cable. Smart CAN Cable can work with any security measures together on the in-vehicle network such as IDS, MAC, IA-CAN, and so on.
39.
Thank you. Any
Questions ? © 2018 LAC Co., Ltd. 株式会社ラック 〒102-0093 東京都千代田区平河町2-16-1 平河町森タワー Tel 03-6757-0113 Fax 03-6757-0193 sales@lac.co.jp www.lac.co.jp ※ 本資料は2018年10月現在の情報に基づいて作成しており、記載内容は予告なく変更される場合があります。 ※ 本資料に掲載の図は、資料作成用のイメージカットであり、実際とは異なる場合があります。 ※ LAC、ラック、JSOC、サイバー救急センターは株式会社ラックの登録商標です。 ※ その他記載されている会社名、製品名は一般に各社の商標または登録商標です。
Télécharger maintenant