DOT/DHS: Joint Agency Work On Automotive Cyber Security

DOT/DHS: Joint Agency Work on Automotive Cyber SecurityMarch 16, 2017Brendan Harris, Advanced Vehicle Technology DivisionThe National Transportation Systems CenterAdvancing transportation innovation for the public goodU.S. Department of TransportationOffice of the Secretary of TransportationJohn A. Volpe National Transportation Systems Center1

Agenda DHS & DOT-Volpe Automotive Cybersecurity R&D Program Overview Telematics Cybersecurity Open Source Testing Tools2

DOT’s Volpe National Transportation System CenterEstablished in 1970 Part of U.S. Department of Transportation (DOT) Office of Research andTechnology Mission: To Improve the nation’s transportation system by serving as acenter of excellence for informed decision making, anticipatingemerging transportation issues, and advancing technical, operational,and institutional innovations Fee-for-service; no direct appropriations www.volpe.dot.gov 3

DHS Cybersecurity forGovernment Vehicles Program –Telematics Overview4

Modern Vehicle Architecture5

Government Critical Mission Use First responder and law enforcement vehicles– fire, rescue, ambulance, police Must be safe and reliable Undercover vehicles – mission critical Must be safe and reliable Blend in – not tracked or identified eitherby emanating too much or by notemanating at all Government official / overseas embassyvehicles (e.g., "Black SUV") Must be safe and reliable but does notneed to hide Non-Tactical DoD Vehicles Commercial motor vehiclesGeneral use government vehicles Vehicles that do not fall into above categories6

General Services Administration (GSA) Telematics ProgramTelematics The term “Telematics” refers to a technology that combines telecommunications and informationprocessing to send, receive, and store information related to remote objects, such as vehicles.(Source GAO 14-443, Federal Vehicle Fleets) EO 13693: Sustainability into the Next Decade (March 2016) Requirements-By 2017, all agencies should ensure that telematics collects the maximum vehicle diagnostics (fuel consumption,emissions, maintenance, utilization, idling, speed, and location data) at the asset level for acquisitions of newpassenger, light duty and medium duty vehicles (where appropriate)Source: General Services Administration(GSA) Office of Fleet ManagementExecutive OrderReporting RequirementSpeedLocation dataIdlingUtilizationMaintenanceFuel consumptionEmissions (varies by year,manufacturer, make & model)GPS TrackingOnlyXXXXGPS Tracking &Vehicle DiagnosticsXXXXXXX7

Government Fleet Management Telematics and RisksPhysical ArchitectureECMENGINECANBUSSECURITYCLUSTERBCMCAN BUSLogical ER))OBDDONGLEw/ TELEMATICSConnected to anExternal NetworkBASESTATIONProviderNetworkInterfacing witha Public ble byAnyone AnywhereWHOELSE?Attack Surface Threats8

Cybersecurity Assessment Potential risks associated with system Wanted to validate security concerns Partnered with Software Engineering Institute to do securitytestingIt’s secure,we useencryptionVendor In 20169

SEI/CERT OBD-2 Device Testing ConfigurationWiFi Access PointEttus ResearchSoftware-DefinedRadioPower SupplyLinux laptopwithOpenBTSSIMcardsBusPirateDevice UnderTestAndroid Phones10

Software Engineering Institute (SEI) /CERTOBD-2 Device Tests Development / un-configured device (Tested Q1 2016) Accepted unauthenticated admin commands via SMSCould load our own, trojan firmwareUnauthenticated service on InternetNo encryption in transitProduction device (Tested Q1 2017) SMS disabledCan no longer force download of trojan firmwareInternet service appropriately firewalledRemaining risksooInherent cellular vulnerabilitiesStill no encryption in transit (Man-in-the-middle)It’s Secure,we useencryptionVendor In 201711

SEI/CERT: OBD-2 Device Tests Methodology Report Explains risks and potential impacts of security problemsin OBD-II devices Describes a repeatable methodology for testing thedevices for the most common security problems andmisconfigurations Technical appendices detail how to perform some of thespecialized testing and what equipment is needed.12

Cybersecurity Primer for Fleet Managerso Fleet Management Solution is an Information System All Federal Information Systems require Federal Information Security Management Act (FISMA)compliance FISMA requires compliance with NIST standardso Multiple components to the systemVehicleTelematicsCommunicationsManagement SystemDatabaseo Probability of multiple vendors working collaboratively to provide solution Fleet managers need to remain aware of interactions between devices and and/or vendors Fleet managers responsibility to ensure all devices and vendors comply with NIST guidelineso Primary responsibility is to protect Government personnel, property, and data13

Automotive CybersecurityR&D Showcase14

DHS/Volpe Center Automotive Cybersecurity R&DShowcase (October 18-20, 2016) Open Source Automotive Cybersecurity Research Tool Forum (October 19-20) – Many automotivecybersecurity Open Source Software (OSS) research tools are in development. Tools support areas: newhardware interfaces, discovery, injection, sniffing, reverse engineering, fuzzing, software defined radio(SDR) and simulation. Forum goals: Demonstrate the current state of the art in automotive cybersecurity tools on real automobiles Begin to foster researcher-to-researcher relationships Share knowledge about cybersecurity research issues and automation challenges Incentivize increased academic and security researcher interest in automotive cybersecurity Connect tool developers with collaborators, end users, and potential funding sources15

Open Source Development ModelDevelopersBug ReportsFeature RequestsTrustedDevelopersSource CodeTrustedRepositoryGoal: Active apted from D. Wheeler: “Using an Open Source Software Approach for CybersecurityTechnology Transition”, November 201516

Why Use Open Source? Prevent duplication of effort Easier to get started in a new space Develop new rather than existing features Technology Transition Fewer barriers to access the technology Easy to continue where someone left off Communication between developers andusers Continuous Improvement “User as Developer” model creates apositive feedback loop More eyes on code, more bugs identified17

Simulation Tool: UDS-SIMCreated by Craig Smith (OpenGarages/Rapid 7) learn what modules are on a given CANinterface Simulates learned interfaces Useful for testing Diagnostic Tools Dealership tools Scan toolsUseful for demonstrating attackswithout a car and teaching students Integrated with open-source fuzzingtool “Peach Fuzzer” *https://www.acsac.org/ (Annual Computer Security Applications ules/request.php?module oc program&action page.php&id 63 (December 6, 2016: Hands-On Interactive Car Hacking)18

Hardware Tool: ChipWhisperer Power Analysis &Glitching AttacksCreated by Colin O’Flynn (NewAETechnology Inc.) Combined hardware and software suite Make it easier to test for side channelvulnerabilities Power Analysis Used to break encryption protocols such asAES Glitching Used to bypass security completely, orcause unintended functions to occur19

Information Gathering Tool: CANpy Developed by Francois Bernier’s teamat Defense Research and DevelopmentCanada (DRDC) Multi-purpose tool written in Python Data LoggingInteracting with CAN busECU DiscoveryBasic Visualization Can run on BeagleBone20

Wireless Security Tools Briefed by Michael Ossmann(Great Scott Gadgets) Overview of wireless interfacesin the automotive industry Open source hardwareinterfaces and software suitesfor wireless security testing21

Secure-Over-The-Air Prototype (Demo) Briefed by Uptane project University of Michigan TransportationResearch Institute (UMTRI) Southwest Research Institute (SwRI) New York University (NYU)Method to deliver secure updates toautomobiles Based on The Update Framework(TUF), an open source frameworkfor delivering software updates 22

Hardware InterfacesCANtact Developed by Eric Evenchick(Linklayer Labs) CAN to USB interface Supports custom scriptingCanCAT Developed by MattCarpenter (Grimm SMFS) CAN Transceiver forproviding low-level accessto CAN bus Useful for Man-in-themiddle and reverseengineering functionalityfor a particular ECU23

Light Detection and Ranging (LIDAR) Spoofing (brief)Briefing by Jon Petit (SecurityInnovation Inc.) One of the key sensors forAutomated Vehicles Possible to create ‘fake’ objectsand cause vehicle to treat themas real objects 24

Open Source Automotive Cybersecurity ResearchTool Forum - Conclusions Virtual workbenches are needed due to limited vehicle access A growing proliferation of open sourcetools Open source tools are getting more powerful and sophisticated Open source software/hardware significantly lowers the entrybarrier for researchers “User as developer” model creates positive feedback loop25

Open Source Automotive Cybersecurity ResearchTool Forum – Next Steps Development of an Open Source OS Tools Portal for use byGovernment researchers, and academia Continuationof the Automotive Cybersecurity R&D Showcasetype of event with more “hands on” activities (e.g. academiatraining classes) Continued outreach to the open source community26

So what does this have to do with supply chain? Tools and Methods are out there – Acquisition Officers -Use procurement language to ensure you are purchasing securecomponentsooo“We have encryption” promises aren’t enoughAsk for 3rd party validation & documentationAsk about updates System Owners - Do your own security testing to validate aftermarket productsintegrated in your systemooKnow what risks you are introducing to your systemIf you are “not a cyber person” talk to one Vendors – Security does not end at the sale, make sure you have a way to securelyupdate your deviceooGet your products Pen Tested, have the documentation on hand & fix the bugsAccept that bugs will be found, create a vulnerability disclosure policy27

Contact InformationBrendan HarrisAdvanced Vehicle TechnologyUSDOT Volpe CenterEmail: Brendan.Harris@dot.govPhone: 617-494-283328

3 DOT’s Volpe National Transportation System Center Established in 1970 Part of U.S. Department of Transportation (DOT) Office of Research and Technology Mission: To Improve the nation [s transportation system by serving as a center of excellence for informed decision making, anticipating emerging transportati