Design And Implementation Of IDs For AVB-TSN Networks

1y ago
10 Views
2 Downloads
1.36 MB
27 Pages
Last View : 22d ago
Last Download : 2m ago
Upload by : Bria Koontz
Transcription

DESIGN ANDIMPLEMENTATION OFIDS FOR AVB/TSNNETWORKSRodrigo Alves (UFPE/BOSCH)Michael Buchalik (BOSCH)Divanilson R. Campelo (UFPE)Timo Lothspeich (BOSCH)

Design and Implementation of IDS for AVB/TSN NetworksAgendaIntrusion Detection Systems (IDS)MotivationThreat ScenariosEvaluation & MeasurementsConclusion and Future WorkAutomotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

INTRUSION DETECTIONSYSTEMS (IDS)

Design and Implementation of IDS for AVB/TSN NetworksAutomotive Security - OverviewOBDOBDGateway1Individual ECUHUPT 2In-vehicle networkECU software and data Integrity protection of criticalintegrity protectionin-vehicle signals andmessagesECU Electric Control UnitADASADAS Advanced DriverAssistance SystemBCM Body Control ModuleBCMPTGWHU 34 Power Train Gateway Head Unit5E/E-ArchitectureConnected VehicleIntrusion Detection SystemProtected and separateddomains by E/Earchitecture and gatewayVehicle firewall andsecurity standards forexternal interfacesNetwork communicationbehavior is monitoredand analyzedIn recent history, the automotive industry has spent significant effort to secure it’s products.Security can be found on different layers.4Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksIntrusion Detection SystemA strong push from the U.S. government for “timely detection and rapid response” of potential vehicle cybersecurity incidents in the field.5Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-222019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. Robert Bosch GmbH 2016.

MOTIVATION

Design and Implementation of IDS for AVB/TSN NetworksAudio Video Bridging / Time Sensitive 1Qca-2015(Path Reservation)TSNP802.1AS-Rev(Reliable gPTP )802.1Qcc2018(Enhanced SRP NetworkConfiguration)(Credit nfiguration-802.1Qbv2015(TT edundantPaths)802.1Qbu2016(Frame preemption)802.1Qci2017(IngressFiltering ationfor: CAN, LIN,FlexRay, etc.)1722.1-2013(AVDECC)P802.1Qcr(Async TrafficShaper) A set of standards to add deterministic features to the network like precise timing, bounded latency,guaranteed bandwidth, fault tolerant, etc.7Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksMotivation: Ethernet TSN StackEnd node 1EthernetStack Rev2Eth PHYLegend:Vendor AVendor BVendor CVendor DVendor EEnd node 2EthernetStack Rev1Eth PHYEnd node 3SwitchEthernetStackEth PHYWhat youthinkWhat youhave“If you want to protect your network, know your network“8Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksMotivation: One Header, Three ProtocolsMAAPSRPgPTP9Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksMotivation: Complex Header e.g AVTP10Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

THREATS SCENARIOS

Design and Implementation of IDS for AVB/TSN NetworksAVB/TSN IDS Focus Monitor Time Synchronization (AS) Monitor Stream Reservation (Qat) Traffic Shaping (Qbv, Qch) Network configuration (AVDECC) Transport Protocols (AVTP)12Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksThreats and Anomaly Detection - Example 1Man-In-the-MiddleUsualFollow-upIntervalMissing Follow-uptimeFollow-up messagesSync messagesSync Interval13Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksThreats and Anomaly Detection - Example 2Rogue GrandmasterI am theTime SourceGrandmaster!Time SourceTime SourceI am a betterGrandmaster!ECU 1 - GrandmasterECU 2SwitchECU 2ECU 3ECU 1 - GrandmasterECU 1 - GrandmasterSwitchMalicious ECUECU 3ECU 2SwitchMalicious ECUECU 3time14Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksThreats and Anomaly Detection - Example 3Spoofed streamsFlooding attacksECU 1Valid Stream 1ECU 2SwitchECU 315Deviations fromprotocol specificationECU 1ECU 1Invalid Stream 1Malicious ECUFloodingECU 2SwitchMalicious ECUECU 3Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.Version PTP 2ECU 2SwitchECU 3Version PTP 1Malicious ECU

Design and Implementation of IDS for AVB/TSN NetworksThreats and Anomaly Detection - Example 4Denial of ServiceECU 1MAAP PROBEAddress 1ECU 2SwitchECU 3MAAP DEFENDAddress 1Malicious ECUECU 1MAAP PROBEAddress 2ECU 2SwitchECU 1MAAP PROBEAddress 3MAAP DEFENDAddress 2Malicious ECUECU 2ECU 3SwitchMAAP DEFENDAddress 3 Malicious ECUECU 3time16Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

EVALUATION &MEASUREMENTS

Design and Implementation of IDS for AVB/TSN NetworksPoC Implementation – Preliminary 671234567Test EquipmentSwitching18Test EquipmentIDSAutomotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.Test EquipmentIPS

Design and Implementation of IDS for AVB/TSN NetworksTest Case 1: Latency1.) RFC 2544: Benchmarking Methodology for Network Interconnected DevicesAverage Latency (µs)140120100806040200SwitchingIDSIPSAverage Latency19Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksTest Case 2: gPTP Synchronization – Offset and P2P-DelayOffset (ns)Peer-to-Peer Delay 00000500000SwitchingSwitchingIDSNegative Offset20IPSPositive OffsetAutomotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.IDSMin. Mean Path DelayAvg. Mean Path DelayMax. Mean Path DelayIPS

Design and Implementation of IDS for AVB/TSN NetworksTest Case 3: CPU Throughput for IPSThroughput [frame/s]Throughput 030020050000100450006412825651210241536064Packets size21Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.128256512Packet size10241536

CONCLUSION ANDFUTURE WORK

Design and Implementation of IDS for AVB/TSN NetworksGeneral Considerations No considerable difference for IDS compared to normal switch operation IPS use-case adds considerable overhead Packet Loss and Jitter are also affected CPU processing power becomes relevant for IDS/IPS performance More throughput for bigger packets Network configuration is a key factor One step sync vs Two step sync Time Synchronization and Path Delay Calculation intervals Number of devices on the network Switch configuration (Number and size of RX buffers) need to fit network characteristics23Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

Design and Implementation of IDS for AVB/TSN NetworksFuture work: IEEE 802.1CB Distributed IDS on multiple devices?S1 Other protocols MACsec, YANG Performance comparison between different devices Take safety considerations into concern123 E.g. Rate limiting and drop malicious packets Performance improvements Take more advantages on HW features Required processing power for higher bandwidth networks: 2.5Gb/s, 5Gb/s, 10Gb/s Interfacing with other Anomaly Detector components, e.g. CAN24Automotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.S24

Thank you for your attentionPlease visit us at our boothfor further discussion!M. Sc.Rodrigo AlvesAutomotive ElectronicsProduct Security .bosch.comInternal AutomotiveElectronics AE-BE/EKE1 2019-05-09AutomotiveElectronics AE-BE/ESW9-St- RodrigoAlves 2019-07-2274Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.Tel.: 49-711-811-10875

26BACKUP

Design and implementation of IDS for AVB/TSN networksFirewall vs IDSConnected FleetIDS monitors and analysis offleet data to prevent attacksConnected VehicleVehicle firewall and securitystandards for external interfacesEE ArchitectureProtected and separated domainsby E/E architectures and gatewaysIn-Vehicle NetworkingIntegrity protection of criticalin-vehicle signals and messagesIndividual ECUECU software and dataintegrity ion Detection System1Individual PacketsNo loggingIndividual ComponentsAutomotive Electronics AE-BE/ESW9-St - Rodrigo Alves 2019-07-22 Robert Bosch GmbH 2019. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.Deeper InspectionTraffic HistoryLoggingPart of bigger System

Design and Implementation of IDS for AVB/TSN Networks. 8. End node 1. Eth PHY. Ethernet Stack Rev2. End node 2. Eth PHY. Ethernet Stack Rev1. End node 3. Eth PHY. Ethernet Stack. Vendor A. Vendor B. Vendor C. Vendor D. Vendor E. Switch. Legend: What you think What you have "If. you want to protect your network, know your network"

Related Documents:

Evading IDS, Firewalls,and Honeypots IDS, IPS, Firewall, and Honeypot Concepts IDS, IPS, Firewall, and Honeypot Solutions Evading IDS Evading Firewalls IDS/Firewall Evading Tools Detecting Honeypots IDS/Firewall Evasion Countermeasures 5. Web Application Hacking Hacking Web Servers Web Server Concepts Web Server Attacks .

Cover photographs IDS students and graduates Photographers Gary Edwards/Robin Coleman/Institute of Development Studies Citation: IDS (ed.) (2018) Ideas from IDS: Graduate Papers from 2016/17, Brighton: IDS Published: July 2018 Disclaimer: The Institute of Development Studies and Authors cannot be held responsible for errors or any consequences arising from the use of information contained in .

Stateless IDS vs. Stateful IDS Stateless IDS Treats each event independently of the others Simple system design High processing speed Stateful IDS Maintains information about past events The effect of a certain event depends on its position in the events stream More complex system design More effective in detecting distributed attacks

addressed as a part of this research work of IDS using machine learning techniques and HDFS. The TP-IDS is designed in two phases for increasing accuracy. In phase I of TP-IDS, Support Vector Machine (SVM) and k Nearest Neighbor (kNN) are used. In phase II of TP-IDS, Decision Tree (DT) and Naïve Bayes (NB) are used, where phase II is the .

Intrusion Detection System (IDS). Please see [1] for an overview of the IDS elements. The PRS IDS contributes to the IDS by providing the protocol for the transmission of qualified security events (QSEv) from an Intrusion Detection System Manager (IdsM) instance to an Intrusion Detection System Reporter (IdsR) instance. 1.1Protocol purpose and .

Tripwire Manager Tripwire Enterprise IDS/IPS—network-based Broadweb NetKeeper Bro IDS Bro IDS NG File Cisco IPS Sensor Cisco Secure IDS . Lieberman Software Enterprise Random Password Manager (ERPM) Microsoft Active Directory Microsoft Forefront Microsoft Forefront DB

Subsequently, we will conclude this part with some points where IDS still needs to be questioned and show up desirable requirements for "the perfect" intrusion detection system. This "perf ect" adjective can of course be discussed variously. The second part of the thesis approaches the implementation of the most used open source IDS: Snort.

The Interior Design Society requires that its members be of good character, seek high standards, maintain business and professional integrity, and display imagination and creative ability. The IDS member properly serves the interest of . Posts on IDS National Facebook page 2 3 Featured Facebook cover