Car Cyber Threats and Digital Forensics Training

Car Cyber Threats and Digital Forensics Training

Autonomous vehicle manufacturers promise to deliver a safe, enjoyable and fast experience, freeing the drivers of the stress of driving, while allowing them to fulfill other tasks.

Yet, studies show that almost three in four Americans are afraid of self-driving cars. According to similar research, only 19% would trust self-driving cars to transport their loved ones.

The anxiety over increased cyberattacks does not help. The problem is that compromised vehicles are unlike compromised data. Collisions caused by compromised vehicles present physical danger to the vehicle’s occupants, and these disturbances would potentially have broad implications for overall traffic flow.

In fact, one report shows that even if cybercriminals were to hack even a small number of internet-connected self-driving cars on the roads of the United States, the flow of traffic would be completely frozen. And emergency vehicles would not even be able to pass through.

Needless to say, engineers, car manufacturers and car industry stake holders of all types are frantically looking for solutions with the prospect of autonomous cars appearing over the next few years.

Automated technology is still in its infancy. Therefore, there is not enough data to understand the impact of large-scale hacks. What is clear is that the potential for vehicular breaches could slow the growth of the AV market and fuel further skepticism that is already present in over 70% of consumers, according to polls.

One thing for certain, the advancement of electrical and electronic architecture and digitalization of the car ecosystem increases attack surface and leads to increasing cyber risks. These include:

• Takeover — When a cybercriminal gains control of safety-critical control units such as engine control or brakes.
• Espionage – The listening to voices in cars by taking control of voice-recognition modules.
• Denial of service – the ability to stop cars that rely on back-end servers to provide data.
• Data theft – This is accessing a car owner’s private information through an unsecure third party.
• Telematics – Remotely unlocking cargo doors through vulnerability in external connectivity modules.
• Sensor spoofing – Through vulnerabilities in sensors, the ability to access autonomous-drive functions, engine and brakes.

Although relatively new, the in-car cybersecurity threat will remain an ongoing concern. Experts in this area insist that automakers must now consider cybersecurity an integral part of their core business functions and development efforts.

Ideas being tossed around to fix this issue include:

• Adding authentication or encryption to the bus
• Artificial intelligence (AI) to identify “normal” CAN bus behavior and then perform anomaly detection
• Ensuring that the external Wi-Fi connections to the vehicle are secure

Also, the industry can no longer view cybersecurity as purely an IT topic. Instead, automakers need to assign ownership and responsibility for it along core value-chain activities and embrace a security culture among core teams.

Car Cyber threats and Digital Forensics Training course by Tonex

Car Cyber threats and Digital Forensics Training is a 3-day specialized program that focuses on vulnerabilities in autonomous and semi-autonomous systems, embedded systems, tools, techniques, strategies and procedures to analyze and design. This training also explores how manufacturers, suppliers and authorities can detect and respond to cyberattacks, unauthorized intrusions and false and spurious messages or vehicle control demands.

Case studies and workshops teach techniques and methodologies for assessing risk, reverse engineering, analyzing and integrating defensive tools for mitigating risk throughout the acquisition and product life cycle.

Also, participants are introduced to modern automotive in-vehicle communication networks, the CAN communications protocol and the OBD-II interface threat models, hacking into the OBD-II diagnostics interface, ECU cracking and vehicle network cyber penetration testing. The course also covers existing in-vehicle communication protocols and associated vulnerabilities as well as the limitations of existing digital forensics.

Additionally, a hands-on lab is used to provide learning principles and experience of ECU hacking techniques and understanding penetration testing for automotive CAN communications systems.

Learning Objectives

By attending this seminar, participants will be able to:

• Understand the basics of cybersecurity
• Recognize the cybersecurity applied to autonomous and semi-autonomous systems
• Identify basics of threat models for embedded autonomous and semi-autonomous systems
• Determine industry standards related to autonomous and semi-autonomous systems and automotive cybersecurity
• Describe basic functions of sensors, ECUs and CAN bus applied to autonomous and semi-autonomous systems
• Acquire and analyze in-vehicle communication data
• Hack autonomous and semi-autonomous systems, ECUs, sensors and communication buses such as CAN
• Use tools for autonomous and semi-autonomous systems anomaly detection

Prerequisites

Basics of electronics in vehicle systems, autonomous and semi-autonomous systems is recommended.

Who Should Attend?

• Law Enforcement Professionals
• Motor Manufacturers
• Systems and Part Manufacturers
• Software Developers

Topics and Agenda

Cybersecurity Applied to Embedded Systems

• Embedded systems 101
• Cybersecurity and embedded systems
• Vulnerabilities in products with embedded systems
• Cybersecurity in automotive embedded systems (actuators, sensor, powertrain modules)
• Proprioceptive and exteroceptive sensors
• Threats and strategies for mitigating risks when designing embedded systems
• Exploitation and exploring tools
• Role of wired and wireless networks
• Vehicle network attacks
• Hacking the Controller Area Network (CAN)
• Basic Manipulation of a Modern Automobile Through CAN Bus
• CAN bus as a modern vehicle’s central nervous system
• CAN Bus Reverse Engineering
• Reserves engineering of embedded software, hardware and firmware
• Best practices
• Defensive technologies
• Case studies and hands-on labs

Cybersecurity in Autonomous and Semi-Autonomous Systems

• Self-Driving Cars
• Internal and external unauthorized access to autonomous and semi-autonomous systems
• Availability and integrity of subsystems and components
• Cybersecurity and threats of systems and components, data transfer between systems and networks
• Susceptibility for security threats, protection against manipulation and interference during product development and integration
• Detect risks and threats arising from components
• The Vehicle telematics
• Computer Vision, Deep Learning, and Sensor Fusion
• Localization, Path Planning, Control, and System Integration
• Proportional-integral-derivative (PID) controller to actuate the vehicle
• Machine Learning and cybersecurity for autonomous systems
• High-tech sensors and innovative algorithms to detect and respond
• Radar, laser light/LIDAR, GPS, odometry, drive-by-wire control systems, and computer vision
• Complex systems and self-driving cars data collection
• Intellect to make autonomous decisions
• Algorithmic techniques to secure self-driving cars: machine learning
• Deep Learning for Self-Driving Cars
• Algorithms have been developed in order to detect network anomalies, including Intrusion Detection Systems (IDS), malware protection, and behavior analysis.

Autonomous and Semi-autonomous Systems Network Security Evaluation

• Networks applied to autonomous driving
• Robustness and vulnerability scans
• Assessment and qualification of quality management systems
• Product testing and certification
• Functional safety and security standards

Functional Safety Testing for Automotive Components

• Overview of Functional Safety Testing Directives and Standards
• ISO 26262: Road vehicles – Functional safety
• IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related system
• Manufacturing of safety-related electrical/electronic systems in automotive standard ISO 26262
• Functional safety of a system with electrical/electronic components
• Requirements or applicable methods and processes for development
• System design according to ISO 26262 and safety levels
• Product testing and certification
• Voluntary assessments of the functional safety of electronic components based on ISO 26262, and IEC 61508
• Assessments and supervision of system approvals in the homologation process for electronic components
• Qualification of software tools for system development
• Certification of functional safety management systems of automotive manufacturers or component suppliers.
• Standards for Functional Safety Testing
• IEC 61508 and determination of the safety integrity level (SIL)
• The ISO 26262 and new automotive safety integrity levels (ASIL) from A to D
• Autonomous and Semi-autonomous systems development: system level
• Autonomous and Semi-autonomous systems development: hardware level
• Autonomous and Semi-autonomous systems software level
• Autonomous and Semi-autonomous systems Production, operation and decommissioning
• Autonomous and Semi-autonomous systems Supporting processes
• Autonomous and Semi-autonomous systems ASIL- and safety-oriented analysis
• MIPI Auto, Autonomous Driving, ADAS and MIPI Camera and Sensor Interfaces
• SAE J3061
• Secured bootloader
• PKI
• HSM in a microcontroller
• vulnerabilities in SW design
• Secure communications (CAN, LIN)
• Mitigation practices
• Hands-on workshop

Cyber Security Threats and Strategies for in Autonomous and Semi-Autonomous Systems

• Tools for exploitation and exploring
• Tools and techniques to mitigate risk
• Embedded systems vulnerability analysis methodology
• Wireless and wireline networking, vulnerability, exploitation, hacking and attacks
• Embedded hardware, firmware and software analysis, design and architecture vulnerabilities
• Embedded hardware, firmware, and software reverse engineering
• Embedded systems defensive technologies
• Exploiting Real-Time Operating Systems (RTOS)
• Embedded Systems and cybersecurity attacks and mitigation
• Embedded systems hacking, exploitation techniques, tools and procedures
• Case Study and Workshop

The Challenges of Connected Cars, Trucks and Commercial Vehicle

• Heavy duty trucks and commercial vehicles
• Transfer of vast amounts of telematics data over the Internet through telematics gateways
• Connectivity Protection
• Defends the infotainment or telematics units by preventing malware installation, detecting operating system (OS) anomalies, isolating suspicious applications and stopping attacks spreading to the in-vehicle network.
• Connectivity Protection operates cross platform (Linux/QNX/Android & more) to protect the car’s most vulnerable attack surfaces.

Automotive Cybersecurity Best Practices and Automotive End-to-End Security Solutions

• Advanced Vehicle Topics: CAFE, V2X, Automation, and Cybersecurity
• The Automotive Industry as a Digital Business
• Best Driving Privacy and Cybersecurity: Regulation of Smart Cars
• Protecting Cars, Trucks and Commercial Vehicles from Hacking
• Adventures in Automotive Networks and Control Units
• Approach for Vehicle Cyber Security with Functional Safety Concept
• Automotive Embedded Systems Security
• Developments in Car Hacking
• Car Hacking with CAN bus
• CAN bus for anomalies, and for communication between individual control units
• Encrypted in-vehicle network protection & monitoring
• Defense-in-Depth paradigm
• Mitigation for threats to the safety and privacy of motorists, passengers, bystanders and private
• Tools to prevent access the vehicle’s delicate Controller Area Network (CAN) bus
• White hat hacks of both private cars and commercial vehicles
• Best practices guideline for cyber security on wheels
• In-vehicle network-wide security by detecting attacks, suspicious activity and changes in standard in-vehicle network behavior
• In-Vehicle Network Protection for network communication
• Best practices to protect network protocols – CAN and CAN-FD, FlexRay, Ethernet (with SOME/IP, DoIP etc.)
• Reinforces select electronic control units (ECUs): brakes, advanced driver assistance systems (ADAS), door control units or any other units deemed critical, from attacks originating inside and outside of the ECU

Applied Cybersecurity Best Practices to Autonomous and Semi-Autonomous Systems

• Introduction to threat models for automotive systems
• Relevant SAE and ISO technical standards: SAE J2534, J2284, J1939, J3061, J3005, J3138, ISO 15765, ISO 14229, and ISO 27145
• Cyber security stages in automotive industry
• Individual electronic components
• Vehicle communication between these individual components
• Interfaces between the vehicle and the outside world
• Data transfer and processing outside the vehicle
• Connection to cloud and the back end
• Hacking Tools
• Biometric information used to lock and unlock vehicles through facial recognition software
• Hacking other applications, such as logging into bank systems or even unlocking the front door to your house
• In-vehicle communication networks and protocols
• CAN bus vehicle communication hacking tools
• OBD-II and CAN bus diagnostics
• Reverse engineering CAN bus
• ECU hacking
• Tools of the hacking trade

Autonomous and Semi-Autonomous Systems Cybersecurity by Design

• The cyber security of surrounding environments – smart poles, sensors, roads and other infrastructure
• The Dangers of Hacking
• Potential problems that hacking poses to connected vehicles
• Cyber security weaknesses
• Cyber security beyond the vehicle
• Cyber resilience in the design phase of the technology
• Security risks
• Conducting an information security risk assessment
• Mitigate those vulnerabilities through technology design
• Well-known examples
• Hack into the systems of connected cars,
• Seize control of vital functions such as braking and steering
• Hacking into the multimedia system via the car’s WiFi connection
• Tracking the car via its GPS navigation system
• Hacking the car’s CAN Bus – the internal network
• Reprogramming CAN bus controller with a firmware update over the car’s WiFi connection
• Hacking Through WiFi and cellular connections using malware
• Using web browser in a series of circuitous computer exploits

Autonomous and Semi-Autonomous Systems Anti-Hacking Measures

• Organizational security
• Security risks
• Attack Vectors
• How would hackers target autonomous vehicles?
• Malicious commands could arise from several different sources
• ODB-II port
• V2V communication (vehicle-to-vehicle)
• Car to communicate with others on the road to share data on traffic flow, accidents ahead, or poor weather
• communication channels are an invaluable source of data to the guidance and control systems of autonomous vehicles
• Applications of machine learning
• Step to deploying artificial intelligence to combat security risks in autonomous vehicles
• Collecting and storing the right data.
• Detect malicious activity and prevent attacks
• Autonomous vehicle configured to collect and store user logs
• Machine learning to detect any anomalies
• Detect malware activities
• Communication behavior
• Unusual commands like activating parking mode while the car is on a highway
• Cyber-Security for the Controller Area Network (CAN) Communication Protocol
• Cyber Physical Systems
• ECUs (for Electronic Control Units) and the CAN protocol
• CAN message and CAN ID
• The threat trigger for the “park assist” function of a car
• CAN message reverse-engineering

Blockchain Solutions for Cybersecurity

• Autonomous vehicles and the C of hacking
• Vehicle Hacking: The New Data Security Threat
• Cyberattacks by hackers
• Hacking connected vehicles and smart roads/cities
• Cyber security blockchain
• Autonomous cars hack-proof and blockchain security
• Supply chain and the vehicle itself, and in terms of public trust of driverless cars

CASE STUDY AND LABS: MACHINE LEARNING CAN DETECT AND PREVENT ATTACKS

• An example of a “learn and prevent” device that works in a vehicular context is the anti-hacking solution developed
• Intrusion-detection system for vehicles with certain automated features.
• Devices plugged into the OBD-II port
• Observation mode
• Detection mode to monitor the system for anomalies, such as an unusual flood signal or command. If it spots a “bad” signal, it puts the car into limp mode, essentially shutting down its network and disabling some functions like power steering and lane assist until the vehicle restarts
• Autonomous cars exploited by malicious code
• The transition to 5G data networks
• Flexibility of cloud orchestration
• Foundation for leveraging machine learning to secure self-driving cars
• Network Segmentation or Topology Alteration
• Create various CAN sub-buses
• Change the network topology from a bus to a star, to prevent free circulation of CAN frames to all devices.
• CAN bus hacking vulnerability
• The Denial of Service (DoS) attack
• Rapid, malicious changing of a specific CAN frame bit from “1” to “0”
• Hacked ECU
• ECU operated from externally injected malware
• Bus-Off applied to airbag or braking system
• Error determination
• Malicious errors repeat and will present themselves as identical to each other
• Regulated OBD-II Diagnostic Port Access
• Special hardware key to open the case
• OBD II port and a software-level authentication of traffic from and to the port
• Change in government regulations
• Encrypted CAN frame ID fields
• Shared RSA keys, RSA-based PKI, ECC-based PKI, and mixed systems
• Automotive trusted platform modules (TPMs), HSMs, and other methods.
• On vehicle-to-vehicle and vehicle-to-infrastructure (collectively V2X)

Car Cyber Threats and Digital Forensics Training