DOT/DHS: Joint Agency Work on Automotive Cyber SecurityMarch 16, 2017Brendan Harris, Advanced Vehicle Technology DivisionThe National Transportation Systems CenterAdvancing transportation innovation for the public goodU.S. Department of TransportationOffice of the Secretary of TransportationJohn A. Volpe National Transportation Systems Center1
Agenda DHS & DOT-Volpe Automotive Cybersecurity R&D Program Overview Telematics Cybersecurity Open Source Testing Tools2
DOT’s Volpe National Transportation System CenterEstablished in 1970 Part of U.S. Department of Transportation (DOT) Office of Research andTechnology Mission: To Improve the nation’s transportation system by serving as acenter of excellence for informed decision making, anticipatingemerging transportation issues, and advancing technical, operational,and institutional innovations Fee-for-service; no direct appropriations www.volpe.dot.gov 3
DHS Cybersecurity forGovernment Vehicles Program –Telematics Overview4
Modern Vehicle Architecture5
Government Critical Mission Use First responder and law enforcement vehicles– fire, rescue, ambulance, police Must be safe and reliable Undercover vehicles – mission critical Must be safe and reliable Blend in – not tracked or identified eitherby emanating too much or by notemanating at all Government official / overseas embassyvehicles (e.g., "Black SUV") Must be safe and reliable but does notneed to hide Non-Tactical DoD Vehicles Commercial motor vehiclesGeneral use government vehicles Vehicles that do not fall into above categories6
General Services Administration (GSA) Telematics ProgramTelematics The term “Telematics” refers to a technology that combines telecommunications and informationprocessing to send, receive, and store information related to remote objects, such as vehicles.(Source GAO 14-443, Federal Vehicle Fleets) EO 13693: Sustainability into the Next Decade (March 2016) Requirements-By 2017, all agencies should ensure that telematics collects the maximum vehicle diagnostics (fuel consumption,emissions, maintenance, utilization, idling, speed, and location data) at the asset level for acquisitions of newpassenger, light duty and medium duty vehicles (where appropriate)Source: General Services Administration(GSA) Office of Fleet ManagementExecutive OrderReporting RequirementSpeedLocation dataIdlingUtilizationMaintenanceFuel consumptionEmissions (varies by year,manufacturer, make & model)GPS TrackingOnlyXXXXGPS Tracking &Vehicle DiagnosticsXXXXXXX7
Government Fleet Management Telematics and RisksPhysical ArchitectureECMENGINECANBUSSECURITYCLUSTERBCMCAN BUSLogical ER))OBDDONGLEw/ TELEMATICSConnected to anExternal NetworkBASESTATIONProviderNetworkInterfacing witha Public ble byAnyone AnywhereWHOELSE?Attack Surface Threats8
Cybersecurity Assessment Potential risks associated with system Wanted to validate security concerns Partnered with Software Engineering Institute to do securitytestingIt’s secure,we useencryptionVendor In 20169
SEI/CERT OBD-2 Device Testing ConfigurationWiFi Access PointEttus ResearchSoftware-DefinedRadioPower SupplyLinux laptopwithOpenBTSSIMcardsBusPirateDevice UnderTestAndroid Phones10
Software Engineering Institute (SEI) /CERTOBD-2 Device Tests Development / un-configured device (Tested Q1 2016) Accepted unauthenticated admin commands via SMSCould load our own, trojan firmwareUnauthenticated service on InternetNo encryption in transitProduction device (Tested Q1 2017) SMS disabledCan no longer force download of trojan firmwareInternet service appropriately firewalledRemaining risksooInherent cellular vulnerabilitiesStill no encryption in transit (Man-in-the-middle)It’s Secure,we useencryptionVendor In 201711
SEI/CERT: OBD-2 Device Tests Methodology Report Explains risks and potential impacts of security problemsin OBD-II devices Describes a repeatable methodology for testing thedevices for the most common security problems andmisconfigurations Technical appendices detail how to perform some of thespecialized testing and what equipment is needed.12
Cybersecurity Primer for Fleet Managerso Fleet Management Solution is an Information System All Federal Information Systems require Federal Information Security Management Act (FISMA)compliance FISMA requires compliance with NIST standardso Multiple components to the systemVehicleTelematicsCommunicationsManagement SystemDatabaseo Probability of multiple vendors working collaboratively to provide solution Fleet managers need to remain aware of interactions between devices and and/or vendors Fleet managers responsibility to ensure all devices and vendors comply with NIST guidelineso Primary responsibility is to protect Government personnel, property, and data13
Automotive CybersecurityR&D Showcase14
DHS/Volpe Center Automotive Cybersecurity R&DShowcase (October 18-20, 2016) Open Source Automotive Cybersecurity Research Tool Forum (October 19-20) – Many automotivecybersecurity Open Source Software (OSS) research tools are in development. Tools support areas: newhardware interfaces, discovery, injection, sniffing, reverse engineering, fuzzing, software defined radio(SDR) and simulation. Forum goals: Demonstrate the current state of the art in automotive cybersecurity tools on real automobiles Begin to foster researcher-to-researcher relationships Share knowledge about cybersecurity research issues and automation challenges Incentivize increased academic and security researcher interest in automotive cybersecurity Connect tool developers with collaborators, end users, and potential funding sources15
Open Source Development ModelDevelopersBug ReportsFeature RequestsTrustedDevelopersSource CodeTrustedRepositoryGoal: Active apted from D. Wheeler: “Using an Open Source Software Approach for CybersecurityTechnology Transition”, November 201516
Why Use Open Source? Prevent duplication of effort Easier to get started in a new space Develop new rather than existing features Technology Transition Fewer barriers to access the technology Easy to continue where someone left off Communication between developers andusers Continuous Improvement “User as Developer” model creates apositive feedback loop More eyes on code, more bugs identified17
Simulation Tool: UDS-SIMCreated by Craig Smith (OpenGarages/Rapid 7) learn what modules are on a given CANinterface Simulates learned interfaces Useful for testing Diagnostic Tools Dealership tools Scan toolsUseful for demonstrating attackswithout a car and teaching students Integrated with open-source fuzzingtool “Peach Fuzzer” *https://www.acsac.org/ (Annual Computer Security Applications ules/request.php?module oc program&action page.php&id 63 (December 6, 2016: Hands-On Interactive Car Hacking)18
Hardware Tool: ChipWhisperer Power Analysis &Glitching AttacksCreated by Colin O’Flynn (NewAETechnology Inc.) Combined hardware and software suite Make it easier to test for side channelvulnerabilities Power Analysis Used to break encryption protocols such asAES Glitching Used to bypass security completely, orcause unintended functions to occur19
Information Gathering Tool: CANpy Developed by Francois Bernier’s teamat Defense Research and DevelopmentCanada (DRDC) Multi-purpose tool written in Python Data LoggingInteracting with CAN busECU DiscoveryBasic Visualization Can run on BeagleBone20
Wireless Security Tools Briefed by Michael Ossmann(Great Scott Gadgets) Overview of wireless interfacesin the automotive industry Open source hardwareinterfaces and software suitesfor wireless security testing21
Secure-Over-The-Air Prototype (Demo) Briefed by Uptane project University of Michigan TransportationResearch Institute (UMTRI) Southwest Research Institute (SwRI) New York University (NYU)Method to deliver secure updates toautomobiles Based on The Update Framework(TUF), an open source frameworkfor delivering software updates 22
Hardware InterfacesCANtact Developed by Eric Evenchick(Linklayer Labs) CAN to USB interface Supports custom scriptingCanCAT Developed by MattCarpenter (Grimm SMFS) CAN Transceiver forproviding low-level accessto CAN bus Useful for Man-in-themiddle and reverseengineering functionalityfor a particular ECU23
Light Detection and Ranging (LIDAR) Spoofing (brief)Briefing by Jon Petit (SecurityInnovation Inc.) One of the key sensors forAutomated Vehicles Possible to create ‘fake’ objectsand cause vehicle to treat themas real objects 24
Open Source Automotive Cybersecurity ResearchTool Forum - Conclusions Virtual workbenches are needed due to limited vehicle access A growing proliferation of open sourcetools Open source tools are getting more powerful and sophisticated Open source software/hardware significantly lowers the entrybarrier for researchers “User as developer” model creates positive feedback loop25
Open Source Automotive Cybersecurity ResearchTool Forum – Next Steps Development of an Open Source OS Tools Portal for use byGovernment researchers, and academia Continuationof the Automotive Cybersecurity R&D Showcasetype of event with more “hands on” activities (e.g. academiatraining classes) Continued outreach to the open source community26
So what does this have to do with supply chain? Tools and Methods are out there – Acquisition Officers -Use procurement language to ensure you are purchasing securecomponentsooo“We have encryption” promises aren’t enoughAsk for 3rd party validation & documentationAsk about updates System Owners - Do your own security testing to validate aftermarket productsintegrated in your systemooKnow what risks you are introducing to your systemIf you are “not a cyber person” talk to one Vendors – Security does not end at the sale, make sure you have a way to securelyupdate your deviceooGet your products Pen Tested, have the documentation on hand & fix the bugsAccept that bugs will be found, create a vulnerability disclosure policy27
Contact InformationBrendan HarrisAdvanced Vehicle TechnologyUSDOT Volpe CenterEmail: Brendan.Harris@dot.govPhone: 617-494-283328
3 DOT’s Volpe National Transportation System Center Established in 1970 Part of U.S. Department of Transportation (DOT) Office of Research and Technology Mission: To Improve the nation [s transportation system by serving as a center of excellence for informed decision making, anticipating emerging transportati
Skip Counting Hundreds Chart Skip Counting by 2s, 5s and 10s to 100 Counting to 120 Dot-to-Dot Zoo: Count by 2 #1 Dot-to-Dot Zoo: Tapir Count by 2 Dot-to-Dot Zoo: Antelope Count by 2 Dot-to-Dot Zoo: Count by 2 #2 Dot-to-Dot Zoo: Count by 2 #3 Dot-to-Dot Zoo: Count by 3 Connect the Dots by 5!
left-hand keys contain the following: Dot 1 under the index finger, Dot 2 under the middle finger, dot 3 under the ring finger, and dot 7 under the little finger, while the right-hand contains: Dot 4 under the index finger, Dot 5 under the middle finger, Dot 6 under the ring finger, and Dot 8 under the little finger. These keys are used to .
Connecting the Dots: Understanding the Constellations 5 Constellation Creation Rubric 5 3 1 Constellation Created A new constellation was created. A familiar constellation was created. A constellation was copied. Dot-to-Dot Pattern A dot-to-dot pattern was made and easily seen. A dot-to-dot pattern was made but hard to see. Only a partial dot-
Staniel ss steel /TAN Length 65 – 145 mm Outer diameter 13 mm DHS Emergency Screw Stainless steel Length 50 –145 mm Outer diameter 14 mm Plates DHS plate with DCP holes Used for more than 25 years. Stainless steel / TAN Barrel angle 130 –150 2 to 20 holes Barrel length: standard and short Thickness 5.8 mm
Nov 09, 2017 · NY JFK CURRID KATHLEEN A kathleen.a.currid@cbp.dhs.gov NY Buffalo DIAMOND RICHARD P richard.p.diamond@cbp.dhs.gov NY JFK DISALVO JOSEPH joseph.disalvo@cbp.dhs.gov NY Alexandria Bay ERWIN DARREN R darren.r.erwin@cbp.dhs.gov NY Massena GRANIE DOUGLAS douglas.m.granie@cbp.dhs.gov NY Alexandria Ba
DHS PD 4300A, 5.3.a Audit Trail Content DHS PD 4300A, 5.3.b: Financial/PII Audit Review DHS PD 4300A, 5.3.c: Audit Records and Logs Protection DHS PD 4300A, 5.3.e: Risks from PII DHS PD 4300A, 5.3
Positioned directly above the cursor router buttons is an 8-dot Perkins-style braille keyboard. Going from the center, the left-hand keys contain the following: Dot 1 under the index finger, Dot 2 under the middle finger, dot 3 under the ring finger, and dot 7 under the little finger, while the right-hand contains: Dot 4 under the
Trinitrobenzenesulfonic acid 2508-19-2 DOT Explosive Trinitrobenzoic acid 129-66-8 DOT Explosive Trinitrochlorobenzene [or] Picryl chloride 88-88-0 DOT Explosive . 1,9-dinitroxy pentamethylene-2,4, 6,8-tetramine DOT Forbidden 1-bromo-3-nitrobenzene 585-79-5 DOT Forbidden 2,2-di-(4,4-di-tert-butylperoxycyclohexyl) propane DOT Forbidden .