Chapter 1: Introduction

Automotive Security
Summer Term 2019
Dr. Rahamatullah Khondoker
Contents

• Introduction
• IT security for vehicles
• Immobilizer and Remote Keyless System
• E/E and ECU Security
• Interfaces
• V2X Communication
• Infotainment
• Addressing the challenges

Automotive Security, Summer 19, R. Khondoker 2

Introduction

Automotive Security, Summer 19, R. Khondoker 3

Motivation
ƒ Modern vehicles are more and more connected
ƒ Connection to other vehicles and infrastructure components
ƒ Connection to the Internet
ƒ Connection to smartphones, laptops etc.
ƒ Modern vehicles increasingly use Information Technology (IT)
IT)
ƒ Advanced driver-assistance systems (ADAS) and other systemss
for autonomous driving require high processing power
ƒ Infotainment systems
ƒ Complexity of modern vehicles increases
ƒ State of the art E/E architectures comprise more than 100 Electronic Control Units
(ECUs)
ƒ Very complex ECUs with high software complexity
ƒ Errors and vulnerabilities in software are increasing
ƒ Increasing interaction and communication between embedded systems
ƒ Trend to re-use and integrate common-of-the-shelf (COTS) technologies

Automotive Security, Summer 19, R. Khondoker 4

 IT enables new applications and business models
ƒ Increased traffic safety ƒ Online services
ƒ Increased traffic efficiency ƒ Product improvement for OEMs
ƒ Automated emergency call (eCall) ƒ Optimized maintenance processes
ƒ Infotainment applications ƒ Accident documentation
ƒ Insurance tariffs („Pay as you drive“) ƒ etc.

Fraunhofer SIT: Carsharing Demo (video) eCall Vehicle2X (V2X)

Automotive Security, Summer 19, R. Khondoker 5

IT and connectivity introduce new threats
ƒ Threats to live and limb of passengers
ƒ Influence brakes, engine, ADAS etc.

ƒ Monetary threats
ƒ Turn back odometer
ƒ Illegal function activation or chip tuning
ƒ Vehicle theft

ƒ Privacy threats
ƒ Movement profiles
ƒ Driver identification
ƒ Driving behavior profiles

Automotive Security, Summer 19, R. Khondoker 6

Many possible “adversaries”
ƒ Manufacturer (e.g., access to data for liability, product improvement)
ƒ Private vehicle owner (e.g., chip tuning, function activation)
ƒ Companies or car rentals as vehicle owner (e.g., tracking fleet
vehicles)
ƒ Vehicle driver and passengers (e.g., access to infotainment data)
ƒ Repair shops (e.g., chip tuning, data access for maintenance)
ƒ Service provider (e.g., for personalized services)
ƒ Insurance companies (e.g., for Pay-as-you-
drive, Pay-how-you-drive tariffs)
ƒ Government, police (e.g., for lawful
interception)
ƒ Terrorists
ƒ Other third parties

Automotive Security, Summer 19, R. Khondoker 7

IT Security for Vehicles

Automotive Security, Summer 19, R. Khondoker 8

 Technologies and interfaces relevant to IT security

Cellular,
Infotainment Acronyms:
V2X Communication: Wi-Fi, Bluetooth
USB DAB: Digital Audio
IEEE 802.11p Broadcasting
Cellular V2X Lightning GPS,DAB,
GPS: Global
TMC,RDS
Positioning System
TMC: Traffic
Message Channel
E/E, ECU Security:
RDS: Radio Data
Odometer,
Service
Chip tuning,
E/E: Electrical and
Function activation
Electronic
Interfaces: V2X: Vehicle to
On-board diagnostics (OBD) Anything
Tire pressure monitoring Immobilizer USB: Universal Serial
Electrical vehicle (EV) charging Remote Keyless System Bus

Automotive Security, Summer 19, R. Khondoker 9

 Immobilizer and
Remote Keyless System

Automotive Security, Summer 19, R. Khondoker 10

Overview
ƒ Prevent car theft by validating whether
the vehicle key is authentic
ƒ Remote Keyless System (RKS)
ƒ Electronic lock controlling vehicle
access without traditional key
ƒ Remote Keyless Entry (RKE)
ƒ Remote Keyless Ignition (RKI)
ƒ First introduced in 1982 by Renault
ƒ Broadcasting radio waves on
315 MHz or 433.92 MHz
ƒ From a distance of up to ~20 meter
ƒ Typically battery-powered
ƒ Immobilizer
ƒ Prevents the engine from running unless Uni-directional,
Single message
the correct vehicle key is present
ƒ Mostly based on electromagnetic
coupling (RFID)
ƒ After key is inside the vehicle
ƒ Bi-directional, multiple messages Bi-directional,
multiple messages
Source: VW

Automotive Security, Summer 19, R. Khondoker 11

RKS / Immobilizer systems
ƒ Immobilizer Module
ƒ Static or rolling code of the key fob is
verified by engine control unit
ƒ Uses electromagnetic coupling (RFID)
ƒ RKE and Immobilizer
ƒ Radio communication for door
unlocking
ƒ Electromagnetic coupling for
immobilizer
ƒ Smart Key
ƒ Proximity system triggered when key
fob is in a certain distance of the car
ƒ Automatically unlocks the doors
ƒ Engine is started by pressing ignition
button of the car

Automotive Security, Summer 19, R. Khondoker 12

Characteristics and Requirements
ƒ Devices must be cheap
ƒ Area-optimized (low gate count or computed in microprocessor)
ƒ Devices must be energy-efficient
ƒ Battery must last as long as possible (RKE)
ƒ Energy constraints due to RF field (Immobilizer)
ƒ Authentication and verification must be fast
ƒ Transmission of responses takes time
ƒ Sending information is very expensive (as few bits as possible)
ƒ Verification and signature computation as fast as possible
Î Lightweight Cryptography
ƒ Convenience functions, e.g., Smart Key enables new attacks

Automotive Security, Summer 19, R. Khondoker 13

Examples
ƒ DST 40 Immobilizer
ƒ Introduced by Texas Instruments in 1999
ƒ Vehicles: Ford, Lincoln, Mercury, Nissan, Toyota etc.
ƒ Passive transponder with proprietary block cipher
ƒ Each DST tag stores a 40-bit key Æ Key-length too short Æ broken in 2005
ƒ Hitag-2 immobilizer
ƒ Introduced by Philips/NXP in 1997
ƒ Vehicles: Audi, BMW, Chrysler, Mercedes, Porsche, Saab, VW etc.
ƒ One of the most widely used algorithm around the world
ƒ Proprietary stream cipher 48-bit keys Æ completely broken
ƒ KeeLoq RKE
ƒ Developed in the mid-1980s and sold by Microchip Technology Inc since 1995
ƒ Vehicles: Chrysler, Fiat, GM, Honda, Toyota, VW etc.
ƒ Proprietary 64 bit block cypher for generating rolling codes
ƒ Vulnerable to replay attacks “code grabber” (inexpensive prototype in 2015)
ƒ Cryptoanalytical attacks in 2008
ƒ Differential Power Analysis in 2008 Æ completely broken
ƒ Access to single manufacturer master key enables cloning of devices
Eisenbarth, Thomas, et al. On the power of power analysis in the real world: A
complete break of the KeeLoq code hopping scheme. Advances in Cryptology–
ƒ Attacker can clone any legitimately encoder by intercepting only CRYPTO 2008. Springer Berlin Heidelberg, 2008. 203-220.
Verdult, Roel, Flavio D. Garcia, and Josep Balasch. Gone in 360 seconds: Hijacking
two messages from this encoder with Hitag2. Proceedings of the 21st USENIX conference on Security symposium.
ƒ Attacker can reset the internal counter of the receiver (car door) USENIX Association, 2012.
preventing the legitimate user to open the door Æ DoS Kamkar, Samy (2015-08-07). Drive It Like You Hacked It: New Attacks and Tools to
Wirelessly Steal Cars. DEF CON 23, 2015
Eli Biham, Orr Dunkelman, Sebastiaan Indesteege, Nathan Keller, Bart Preneel. How
To Steal Cars - A Practical Attack on KeeLoq, Eurocrypt 2008

Automotive Security, Summer 19, R. Khondoker 14

 Example: Relay attack on modern systems

Source: ADAC

Automotive Security, Summer 19, R. Khondoker 15

RKS / Immobilizer: Challenges
ƒ Challenges
ƒ Legacy / Broken systems still used in new vehicles
ƒ Example: DST 40 was broken 2005, but phased out 2011
ƒ Proprietary and weak cryptography (short key lengths)
ƒ All systems based on proprietary cryptography have been broken
ƒ Implementation faults
ƒ Broken systems still used in old vehicles due to the long lifetime
ƒ Modern RKE and immobilizer solutions use AES
ƒ However, car hacking still possible due to the symmetric nature
ƒ Current development: use of asymmetric cryptography
ƒ Current challenge: Relay attacks

Automotive Security, Summer 19, R. Khondoker 16

E/E and ECU Security

Automotive Security, Summer 19, R. Khondoker 17

Overview
ƒ E/E architectures of modern vehicles consist of
ƒ Sometimes more than 100 ECUs
ƒ Connected via different communication technologies
ƒ e.g., LIN, CAN, MOST, FlexRay, Automotive Ethernet
ƒ Typical attacks
ƒ Odometer fraud
ƒ Rolling back odometers
ƒ Chip tuning to achieve more power,
better fuel efficiency etc. by e.g.,
ƒ Firmware manipulation of the
engine control unit
ƒ Installing tuning box
ƒ Illegal function activation

Automotive Security, Summer 19, R. Khondoker 18

In-Vehicle Bus Systems
ƒ Controller Area Network (CAN)
ƒ Reliable communication between control units
ƒ Up to 1 Mbit/s
ƒ Local Interconnect Network (LIN) No Security
ƒ Cheaper alternative for certain CAN communication mechanisms
ƒ Up to 20 kbit/s • Message injection
ƒ Media Oriented System Transport (MOST) • Message manipulation
ƒ In-vehicle multimedia services
ƒ 25, 50, or 150 Mbit/s • Replay Attacks
ƒ FlexRay • Man-in-the-Middle
ƒ Safety-critical high speed communications
ƒ Up to 10 Mbit/s
ƒ BroadR-Reach
ƒ Automotive Ethernet
ƒ Up to 100 Mbit/s

Automotive Security, Summer 19, R. Khondoker 19

Hardware Security Modules
ƒ Embedding of Hardware Security Modules (HSM)
ƒ Ensures authenticity of vehicle (e.g., for Car2X)
ƒ Ensures authenticity of components (e.g., sensors)
ƒ Basis for secure communication
ƒ HSM is attached to different ECUs
ƒ Provides protection capabilities (safe to execute sensitive operations)
ƒ Secure storage (cryptographic keys)
ƒ Cryptographic operations
ƒ Security protocols,
e.g., Remote Attestation
ƒ Different types of HSMs

Source: EVITA project

Automotive Security, Summer 19, R. Khondoker 20

Hardware Security Modules – Use Cases
ƒ Secure Debug
ƒ Provide protection against unauthorized access to the microcontroller
ƒ Achieved by: HSM in control of debug access
ƒ Secure Boot
ƒ Provide protection against booting manipulated code on the host core
ƒ Achieved by: Verifying integrity of code before it is processed
ƒ Secure Flashing
ƒ Provide protection against flashing of malicious code or data
ƒ Achieved by: Signature verification of new flashing data
ƒ Sensor/Actuator Protection
ƒ Provide protection against sensor/actuator exchange and data manipulation
ƒ Achieved by: Sensor/actuator authentication by challenge-response protocol

Automotive Security, Summer 19, R. Khondoker 21

E/E, ECU Security: Challenges
ƒ Secure communication between ECUs
ƒ Standard bus systems provide no security
ƒ Bandwidth of old protocols prevents complex cryptography
ƒ Often separate bus systems for different groups of ECUs, but…
ƒ Some ECUs (e.g., the Telematics or Body Control Module) are usually on all buses
ƒ Attacker can compromise “intermediate” ECU to attack an arbitrary ECU (hop-by-hop)
ƒ Security of ECUs itself
ƒ Physical access to ECUs possible
ƒ Compromising ECUs possible, enables attacking other ECUs

Automotive Security, Summer 19, R. Khondoker 22

 Interfaces

Automotive Security, Summer 19, R. Khondoker 23

OBD Overview
ƒ Standardized diagnosis interface: On-Board Diagnostic (OBD)
ƒ OBD enables access to the electrical system of the vehicle
ƒ Access to status information, programing of ECUs
ƒ No (strong cryptographic) security mechanisms
ƒ Eavesdropping, replay of messages
ƒ Access to ECUs, triggering of functions
ƒ Example: Brakes, Engine, Radio, Instrument
Cluster (cf. Koscher et al., Miller and Valasek)
ƒ Additional attacks, e.g., chip tuning,
circumvent immobilizer
ƒ OBD adapter for Pay-as-you-drive insurances
ƒ Privacy implications: movement patterns,
driving behavior

Source: sijox
Koscher et al.: Experimental Security Analysis of a Modern Automobile IEEE Symposium
on Security and Privacy, 2010

Automotive Security, Summer 19, R. Khondoker 24

Controlling a vehicle via OBD
ƒ Controlling a vehicle via OBD and a connected laptop
ƒ Steering
ƒ Accelerating
ƒ Braking
ƒ Door locking
ƒ Door unlocking
ƒ Lights
ƒ Start engine
ƒ Etc.

Chris Valasek, Charlie Miller: Adventures in Automotive

Networks and Control Units, 2014

Automotive Security, Summer 19, R. Khondoker 25

Generation of movement and driving
behavior profiles using OBD data
ƒ Motivation
ƒ Driving style-based insurance tariffs
ƒ Car-Smartphone Connection Kits
ƒ Approach
ƒ Generation of movement patterns without
GPS using only velocity data and map
ƒ Driver identification using velocity and rpm

Automotive Security, Summer 19, R. Khondoker 26

Manipulating CAN messages via OBD
ƒ Analysis of OBD adapters enabled us to
ƒ Read out code, manipulate firmware,
execute own commands
ƒ Perform Reverse Engineering:
ƒ Mapping: ID to ECU
ƒ Identification of system data
(RPM, Speed, etc.)
ƒ Identification of system flags
(”door open” usw.)
ƒ Perform Attacks:
ƒ Fuzzing / Bruteforce
ƒ Overwrite original CAN messages
ƒ Set / Reset flags

Automotive Security, Summer 19, R. Khondoker 27

Attacks on TPMS
ƒ Tire pressure monitoring systems (TPMS) wirelessly control tire
pressure
ƒ Eavesdropping at ~40m distance possible
ƒ 32-bit identifier in each message
ƒ Triggering messages possible
ƒ Lack of security
ƒ No cryptography
ƒ No input validation
ƒ Spoofing of sensor messages possible
ƒ Fake tire pressure warnings
ƒ Attacks on ECUs

Rouf et al.: Security and Privacy Vulnerabilities of In-Car Wireless Networks:

A Tire Pressure Monitoring System Case Study, USENIX Security Symposium, 2010

Automotive Security, Summer 19, R. Khondoker 28

(Additional) Interfaces: Challenges
ƒ OBD provides no security mechanisms
ƒ Enables access to entire electrical system
ƒ OBD to cellular / smartphone adapter introduces large risks
ƒ “Insignificant” interfaces such as TPMS might also introduce attack
possibilities and require protection
ƒ EV charging interface
ƒ Security mechanisms between vehicle and charging station specified in ISO / IEC
15118
ƒ No security standards for communication with backend
ƒ Privacy issues not addressed

Automotive Security, Summer 19, R. Khondoker 29

V2X Communication

Automotive Security, Summer 19, R. Khondoker 30

V2X Overview
ƒ Vehicles are equipped with wireless
communication devices
ƒ Common technologies

Source: Car2Car Communication Consortium

ƒ IEEE 802.11p Wi-Fi
ƒ 3GPP Cellular V2X (C-V2X)
ƒ V2X comprises
ƒ Vehicle to Vehicle (V2V) and
ƒ Vehicle to infrastructure (V2I)
ƒ Vehicles are able to exchange information
ƒ Warnings on entering intersections
ƒ Obstacle discovery
ƒ Sudden halts warnings
ƒ Reporting accidents
ƒ and many more
ƒ V2X communication promises
ƒ safer roads
ƒ more efficient driving
ƒ easier maintenance

Automotive Security, Summer 19, R. Khondoker 31

V2X: Challenges
ƒ Security
ƒ Injected safety messages based on false events
ƒ Malware infects the vehicle‘s software configuration
ÎCan result in serious accidents
ƒ Privacy
ƒ Position beacon of vehicles
ƒ Allows location tracking which undermines the privacy of owners
ƒ Trust
ƒ How to trust a safety message?
ƒ Verification of the authenticity
ticity must be autonomous and fast
ƒ Technical and standardization
zation challenges
ƒ Verification of many digital
al signature (1000 signatures / second)
ƒ Wi-Fi vs. cellular
ƒ …

Automotive Security, Summer 19, R. Khondoker 32

Infotainment

Automotive Security, Summer 19, R. Khondoker 33

Attacks on infotainment systems
ƒ Attack on infotainment system [Checkoway et al.]
ƒ Media player plays WMA and MP3 music files from standard compact discs
ƒ Two serious vulnerabilities in a typical American car found
ƒ Update capability can be misused to reflash the ECU with malicious firmware
ƒ Malicious WMA audio file can send arbitrary CAN packets to other ECUs
ƒ Attacking important car functions [Koscher et al.]
ƒ Brake, Engine, Radio, Body Controller, HVAC
ƒ Example: Show arbitrary messages on
Instrument Panel Cluster

Checkoway et al.: Comprehensive Experimental Analyses of Automotive Attack Surfaces USENIX

Security Symposium, 2011
Koscher et al.: Experimental Security Analysis of a Modern Automobile IEEE Symposium on
Security and Privacy, 2010
Miller et al.: A Survey of Remote Automotive Attack Surfaces, Blackhat 2014

Automotive Security, Summer 19, R. Khondoker 34

Remote attack surfaces
ƒ Investigation of remote attack surface for E/E architectures [Miller und
Valasek]
ƒ Approach
ƒ Compromise of telematics unit via wireless interface
ƒ Example: Vulnerability (strcpy() bug) in Bluetooth stack [Checkoway et al.]
ƒ Injection of messages to safety-critical ECUs
ƒ Results

Hardest to attack: Easiest to attack:

1. Dodge Viper 2014 1. Jeep Cherokee 2014
2. Audi A8 2014 2. Cadillac Escalade 2015
3. Honda Accord 2014 3. Infiniti Q50 2014

Checkoway et al.: Comprehensive Experimental Analyses of Automotive Attack Surfaces USENIX Security Symposium, 2011
Miller and Valasek: A Survey of Remote Automotive Attack Surfaces, Blackhat 2014

Automotive Security, Summer 19, R. Khondoker 35

Attack via telematics unit I
ƒ ADAC “BMW Connected Drive hack”
ƒ Mobile communication with BMW backend had vulnerabilities
ƒ Unauthorized access to
ƒ Remote Services: triggering of remote services, e.g., door opening
ƒ Last State Call: Identification of vehicle location and lock status
ƒ Real Time Traffic Informations (RTTI): Live
tracking of current location, speed etc.
ƒ Intelligent emergency call: modification of
configured telephone numbers, e.g.,
for emergency call
ƒ BMW Online: Access to private E-Mails

ADAC: Sicherheitslücken bei BMW Connected Drive, veröffentlicht am 30.01.2015,

http://www.adac.de/infotestrat/technik-und-
zubehoer/fahrerassistenzsysteme/sicherheitsluecken.aspx?ComponentId=224182&SourcePageId=8749&quer=sicherheitsluecken

Automotive Security, Summer 19, R. Khondoker 36

Attack via telematics unit II
ƒ BMW Connected Drive: original unpatched protocol

Cellular Phone Backend Mobile Network (LTE/UMTS/GSM) Vehicle

Open Car
SMS:
DES(Open,key1)=m, DES-CBC-HMAC(m,key2)

HTTP-GET Request

HTTP-GET Response:
AES(Open,key3)=n, SHA256-HMAC(n,key4)

Automotive Security, Summer 19, R. Khondoker 37

Attack via telematics unit III
ƒ BMW Connected Drive: Attack

Cellular Phone Backend False BTS Mobile Network (LTE/UMTS/GSM) Vehicle

SMS:
DES(Open,key1)=m, DES-CBC-HMAC(m,key2)

HTTP-GET Request

HTTP-GET Response:
AES(Open,key3)=n, SHA256-HMAC(n,key4)

Automotive Security, Summer 19, R. Khondoker 38

Attack via Smartphone App
ƒ Nissan provides App for electric
vehicle Leaf to control
ƒ Charging
ƒ Climate control
ƒ Estimation of range
ƒ Communication encrypted using TLS
ƒ But weak authentication in request message
ƒ Authentication via VIN (Vehicle Identification Number)
and region
https://____.com/orchestration_1111/gdc/RemoteACRecordsRequest.php
?RegionCode=NE&lg=no-NO&DCMID=& VIN=SJNFAAZE0U60XXXXX
ƒ Possible to drain battery

Source: http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html

Automotive Security, Summer 19, R. Khondoker 39

Attack via infotainment / telematics unit
ƒ Remote exploitation of an unaltered
2014 Jeep Cherokee
ƒ Attack on UConnect infotainment system
ƒ Uconnect includes Wi-Fi, navigation,
apps, and cellular communication
ƒ Attack
ƒ Exploit vulnerability in over-the-air
Internet

update to control head unit

ƒ Update CAN-Gateway enables
Sierra Wireless

sending of arbitrary CAN messagesages OMAP-

DM3730
AirPrime
AR5550
(Qualcomm

ƒ Manipulate CAN messages of (MAIN CPU)

Uconnect 8.4AN/RA4 radio

3G)

park assist for steering the car V850

(CAN
Connection)
CAN BUS
Park
Einparkhilfe
Assi
st
http://illmatics.com/Remote%20Car%20Hacking.pdf
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Automotive Security, Summer 19, R. Khondoker 40

Infotainment: Challenges
ƒ “Standard” software used, e.g., video player
ƒ Many vulnerabilities
ƒ Regular remote updates required
ƒ Telematics unit critical attack point for remote attacks
ƒ Requires comprehensive security testing to identify vulnerabilities
ƒ Requires secure remote update mechanisms to cope with newly identified
vulnerabilities
ƒ Hardware-Security-Modules should be considered to protect individual! keys
ƒ Separation of Infotainment domain and other domains such as
powertrain difficult
ƒ Many new applications require interaction between domains

Automotive Security, Summer 19, R. Khondoker 41

Addressing the challenges

Automotive Security, Summer 19, R. Khondoker 42

Overview
ƒ Security by Design
ƒ Secure communication
ƒ Trustworthy system components and entities
ƒ Secured system software and hardware
ƒ …
ƒ Privacy by design
ƒ Restricted access to personal-related data
ƒ Anonymization and pseudonymization of data
ƒ …

Î Definition of security standards for development and testing

Automotive Security, Summer 19, R. Khondoker 43