Niloy Ray, Deputy General Manager, Mercedes Benz Research & Development India Pvt Ltd

1. Daimler AG
State of Automotive Security
Niloy Ray

2. Daimler AG
Physical
Wireless
Attack
D-Bus
Compromise
Central
Gateway
HeadUnit
ECU
ECU
ECU
Cellular
Network
Internet
Machine
COM
DEV
CAN
DEV
Make
Changes in
Infotainment
Connect from
Cell Provider
Connect from Internet
2
3
4
5
Send Arbitrary CAN
Messages
Flash CAN Device
With Backdoored
version
6
1
8
Build CAN Message
Map
7
ECU
ECU
ECU
ECU
ECU
ECU
Diagnostic Messages
at Low Speed
9
Spoof ECUs11
Configuration
Messages at ADAS
10

3. Daimler AG
Cryptographic Hygiene
Hardening
Isolation
3rd Party Trust
Obscurity
Authorization
Authentication

4. Daimler AG
Internet
Authority Cloud Environment
Smart Roads / Smart Cities
VANET with
DSRC/WiFi
(M2M)
Drivers
Personal
Devices
Cloud Environment
(Analytics / Applications)
(Data Supply / FrontEnd)
Internet Connectivity
3G/LTE/5G
Fleet Customers
Fleet Owners
Suppliers
Dealers
Content
Providers
Finance Insts.
Insurance
Authorities
Regulators
Research Inst.
IoT
Backend
Open API
Data
Delivery
In Vehicle
Network
Applications

5. Daimler AG
Cryptographic Hygiene
Hardening
Isolation
3rd Party Trust
Obscurity
Authorization
Authentication
Tuning
Cloud Hygiene
Development Hygiene
Secure Communication
API Hygiene
Data Protection and Privacy
Threat Modeling
Trusted Computing
Secure OTA
Collaborative Trust
Detection
Incident Response
Threat Intel
Pentesting
Red Team Blue Team

6. Daimler AG
Vehicle
Autonomy
Autonomous
Driving
LifeCycle
Driven
Vehicle
Self
Management
Vehicle
As
A Fleet Member
Vehicle
As
A Citizen
Identity
Employee /
Entrepreneur
Locale
ConceptualizationDesignManufacture
In Vehicle Network
DecommissionSensors
Autonomous
Vehicle
Kit
Multi OEM Vehicle
Actuators

7. Daimler AG
Cryptographic Hygiene
Hardening
Isolation
3rd Party Trust
Obscurity
Authorization
Authentication
Tuning
Cloud Hygiene
Development Hygiene
Detection
Secure Communication
API Hygiene
Data Protection and Privacy
Threat Modeling
Incident Response
Trusted Computing
Secure OTA
Collaborative Trust
Threat Intel
Redundant Sensors Vehicle Identity Management
Multi Sensor Integration
Closed Information
Vehicle Membership Management
Security Provenance
Pentesting
Red Team Blue Team

8. Daimler AG
CyberPhysical
Risks
Traditional
CyberSecurity
Risks
Evita
Car2Car
SAE J3061
AUTOSAR
ISO 26262
ISO/SAE 21434
UNECE
NHTSA / ITS
Governance and Compliance

9. Daimler AG
Cryptographic Hygiene
Hardening
Isolation
3rd Party Trust
Obscurity
Authorization
Authentication
Tuning
Cloud Hygiene
Development Hygiene
Detection
Secure Communication
API Hygiene
Data Protection and Privacy
Threat Modeling
Incident Response
Trusted Computing
Secure OTA
Collaborative Trust
Threat Intel
Redundant Sensors Vehicle Identity Management
Multi Sensor Integration
Closed Information
Vehicle Membership Management
Security Provenance
Pentesting
Red Team Blue Team
Compliance
Best Practices
Standards
• Eco System of Diverse Stakeholders
• Rapidly Evolving Technology
• Complex Architectures
• Race to Features
• Adversarial Safety
Challenging Trends

10. Daimler AG
Electronic
Vehicle
Remote Vehicle
Mgmt. and
Operations
Environmental
and Driving
Support
Fleet
Management &
Content Services
M2M
Smart Infra
Integration
Extended Risk Continuum
Information Security Cyber Security Business Risks Vehicle/People Safety
IT Infra
Applications
Scope has changed and so has Risks
Automated /
Augmented
Security
Model Driven /
Simulated
Security
Layered
Security
Holistic and Automated Security
Lifecycle
Integrated
Security
Need New Capabilities
Adverserial
Security
Cybersecurity through collaboration
Connected Vehicle Security as a core research practice
Connected Vehicle Security as a Strategic Initiative
Safety in a connected world
People
CAL

11. Daimler AG
Have a Safe Trip