Motivation: Cyber attacks in the IT Infrastructure were recognized beginning round about in 1985. It starts by activities from increasing communication topics, over known vulnerable/academic attacks, viruses/trojans accidents and leads in the end to “complete disasters”. A parallel history delayed in time can be observed in the Telecommunication Industry, where up to now already viruses/trojans accidents happen. The next level will be reached by “complete disasters”. In the Automotive Industry a similar trend will be foreseen. Currently we have reached the stadium of known vulnerable/academic attacks, e.g. attacking BMW's Connected Drive in 2015. In Europe most of the new car models from 2017 on will have integrated internet access according the latest expectations. Therefore the possibility of attacking the car from outside without direct connection to the car is given, e.g. Jeep attack from C. Miller and C. Valasek in 2015. One important message is, that products and processes taking care for security needs to be developed BEFORE attacks will happen.
With this context Continental (Business Unit Vehicle Dynamics – Electronic Brake Systems) has started a comprehensive project to design and implement protective measures for safety relevant ECUs against cyber attack scenarios, aiming at achieving high levels of confidentiality, integrity and availability, while satisfying time, energy and quality requirements of Continental customers. While not being hit by cyber attacks itself, but yet fully aware of imminent threats, among with the demand of the industry (e.g. HAF – “HochAutomatisiertesFahren”) for higher protection of safety relevant technology, Continental has carefully observed and analyzed different threat/security use-case scenarios. Out of the analysis of threat scenarios/use cases work package clusters were precisely defined to develop a holistic security concept in the context of brake systems. A few of them are enumerated as follows. ·
· Secure Boot
· Chain Of Trust
· Secure Programming (variety of use cases customer/production/service)
· Over The Air (OTA) Software Update
· Secure On-Board Communication
·Key Management Concepts · Cryptographic Library
With this presentation following topics should be addressed:
1. Create the awareness in the brake system community of Cyber Security attacks in the
surrounding of safety related automotive systems.
2. Explain the difference between safety and security.
3. Show a motivation for Cyber Security in the automotive context.
4. Illuminate the derived security use cases and security concept.
Dr. Luh, Steffen* Continental Teves Ag & Co. Ohg, Germany