Automated vehicles sensors security
Let’s Move the Security Needle: Think Offensively! Dr. Jonathan Petit [email protected]
Low level vulnerabilities that led All your AV sensors are belong to us. to high level exploits
ONBOARD SECURITY
7/17/2017
2
•
“I’m busy getting it work. I’ll deal with that later.” Anonymous AV Engineer
So… how come we haven’t seen IMU Engineer much changes since?
•
“I’m just a tiny piece of the puzzle. Who cares?” Anonymous
•
“These attacks don’t scale so it isn’t priority 1.” Anonymous Tier 1 Security Researcher
•
“We are working on it but don’t publish about it.” Anonymous OEM Security Researcher
ONBOARD SECURITY
7/17/2017
3
How do we move the needle?!
ONBOARD SECURITY
7/17/2017
4
ONBOARD SECURITY
7/17/2017
5
http://www.automatedvehiclessymposium.org/program/ 2017-speakers/jpetit
ONBOARD SECURITY
7/17/2017
6
25 breakout sessions = 25 good reasons to think offensively ▪ (#2+25) Human Factors – What is the impact of attack (e.g. billboard hacked) on user reaction? – How to re-engage user to mitigate ongoing attack?
▪ (#4) An AV Crashes: What Happens Next? – How to ensure chain of custody or detect tampering? – What data is needed to detect that crash was due to the car being hacked?
▪ (#6) Trucking Automation: Key Deployment Scenarios – What attacks are possible on automated trucks? – Should we consider vulnerabilities to automated trucks only or across the supply chain (higher scalability)?
ONBOARD SECURITY
7/17/2017
7
25 breakout sessions = 25 good reasons to think offensively ▪ (#9) Effects of Vehicle Automation on Energy-Usage and Emissions – How can an attacker affect energy-usage and emissions (e.g. forcing vehicles to drive longer, energy depletion attack)? – Will AV expose (more) the smart grid to potential attack?
▪ (#10) Data Sharing Models and Policy – Where/How to securely store the data? – Can we ”watermark” the data to prevent unauthorized sharing?
▪ (#11) Artificial Intelligence – How Machine Learning technique (e.g. DNN) can be fooled? – How to address unintended consequences of emergent behavior and embed resilience?
ONBOARD SECURITY
7/17/2017
8
25 breakout sessions = 25 good reasons to think offensively ▪ More online! http://www.automatedvehiclessymposium.org/program/2017-speakers/jpetit
ONBOARD SECURITY
7/17/2017
9
Thank you and please give us your input! [email protected] You have a PhD in Computer Security? OnBoard Security is hiring!
Low level vulnerabilities that led All your AV sensors are belong to us. to high level exploits
ONBOARD SECURITY
7/17/2017
2
•
“I’m busy getting it work. I’ll deal with that later.” Anonymous AV Engineer
So… how come we haven’t seen IMU Engineer much changes since?
•
“I’m just a tiny piece of the puzzle. Who cares?” Anonymous
•
“These attacks don’t scale so it isn’t priority 1.” Anonymous Tier 1 Security Researcher
•
“We are working on it but don’t publish about it.” Anonymous OEM Security Researcher
ONBOARD SECURITY
7/17/2017
3
How do we move the needle?!
ONBOARD SECURITY
7/17/2017
4
ONBOARD SECURITY
7/17/2017
5
http://www.automatedvehiclessymposium.org/program/ 2017-speakers/jpetit
ONBOARD SECURITY
7/17/2017
6
25 breakout sessions = 25 good reasons to think offensively ▪ (#2+25) Human Factors – What is the impact of attack (e.g. billboard hacked) on user reaction? – How to re-engage user to mitigate ongoing attack?
▪ (#4) An AV Crashes: What Happens Next? – How to ensure chain of custody or detect tampering? – What data is needed to detect that crash was due to the car being hacked?
▪ (#6) Trucking Automation: Key Deployment Scenarios – What attacks are possible on automated trucks? – Should we consider vulnerabilities to automated trucks only or across the supply chain (higher scalability)?
ONBOARD SECURITY
7/17/2017
7
25 breakout sessions = 25 good reasons to think offensively ▪ (#9) Effects of Vehicle Automation on Energy-Usage and Emissions – How can an attacker affect energy-usage and emissions (e.g. forcing vehicles to drive longer, energy depletion attack)? – Will AV expose (more) the smart grid to potential attack?
▪ (#10) Data Sharing Models and Policy – Where/How to securely store the data? – Can we ”watermark” the data to prevent unauthorized sharing?
▪ (#11) Artificial Intelligence – How Machine Learning technique (e.g. DNN) can be fooled? – How to address unintended consequences of emergent behavior and embed resilience?
ONBOARD SECURITY
7/17/2017
8
25 breakout sessions = 25 good reasons to think offensively ▪ More online! http://www.automatedvehiclessymposium.org/program/2017-speakers/jpetit
ONBOARD SECURITY
7/17/2017
9
Thank you and please give us your input! [email protected] You have a PhD in Computer Security? OnBoard Security is hiring!
