240 likes | 502 Views
Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs). Thomas Gaska Lockheed Martin MST Owego and Binghamton University thomas.gaska@lmco.com. Introduction.
E N D
Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs) Thomas Gaska Lockheed Martin MST Owego and Binghamton University thomas.gaska@lmco.com
Introduction There is a future opportunity to leverage COTS security technology being developed for the driverless car into future UAS Integrated Modular Architectures (IMAs) Infrastructure and Information Security are critical issues in networked UAS team configurations with increasing degrees of autonomy and collaboration The security hierarchy includes off-board connectivity level gateways, application level software security mechanisms, platform and subsystem network security gateways, processing infrastructure elements, and security primitives and protocols
Agenda 1.) Common Security Challenges – UAS and Driverless Cars 2.) Dual Use Security Taxonomy 3.) Automotive Industry Security Initiatives Mapped to Potential UAS Relevance 4.) Future Embedded Security Product Directions 5.) Conclusions
Common Security Challenges – UAS and Driverless Cars Next generation avionics architectures need to provide enhanced IA and TP solutions to protect new capabilities • Increased cooperative platform autonomy => Mixed capability management and levels of autonomy • Need to cooperate with less and more capable manned systems with goal of optionally piloted capability • Connectivity to the Cloud and GIG => Every platform will interact as a sensor for situation awareness • Need to offload system-of-system management to an adhoc, trusted in-frastructure • Connectivity within the platform for storage and onboard/offboard services at multiple trust levels => Multiple Levels of Security • Need Multiple security domains within and across the platforms • Protection of critical program information and tamper resistance => Trusted Computing Elements • Need to balance open architecture and enforce trust • Increase standardization to support collapsing into a common component infrastructure => Next Generation Integrated Modular Avionics (IMA) • Need to leverage Moore’s Law multicore explosion while maintaining safety and security • Increase cross platform reuse => Domain standardization initiatives • Need hardware agnostic software components and uniform software interfaces • Affordability consistent with the threat, policy, and customer => Early demonstration of advanced solution capability for acceptance/validation • Need for incremental technology insertion across a wide range of affordability targets
Automotive Autonomy Applications Architecture REF 1 Automotive components, standards, and topologies will need to be incrementally developed in a reference architecture
IMA Architecture – Driverless Cars SENSOR NET UAS NET Planning/.Control VMS NET Cloud Services CLOUD NET Cloud Future autonomous architectures will drive distributed security into a new generation of modular component based SW/HW
Information Assurance and Trusted Processing Definitions Infrastructure security is the security to prevent tampering in the computer and networking hardware and software infrastructure Infrastructure security is typically associated with Tamper Resistant Computing and Information Security associated with Information Assurance (IA) Both of these security infrastructures need to be properly addressed and incremental extended in to enable future levels of autonomy
Generic Security Hierarchy Cloud (public, private, hybrid) to Platform Exchanges Platform to Platform Exchanges Off-board Communication Security Platform Storage Security Platform Network Security Embedded Processing Node SW/HW Security Platform Application/Infrastructure Software
Avionics Security Taxonomy Mapped to University Research and Automotive Domains
Securing AdhocVehiculAr Inter-NETworking (VANET) Secure Vehicle Communications (SEVECOM) In car architecture components including Information Assurance Network Security – Car to Car Network Security Module Car to Car Coms Information Assurance Infrastructure - In car Network Security Module GateWay/Firewall Intrusion Detection/Attestation Trusted Processor - Tamper-Evident Security Module Key/Certificate Storage Secure Crypto Processing Secure Execution REF 2
Information Assurance Mechanisms In Network Connected Topologies REF 2 • Identification • Typically use trusted third parties to validate credentials • Authentication of Data Origin • With no real-time connection to Certifying authority and in one way broadcast environment • Attribute Identification • Traffic density information data authentication • Integrity Protection • Signatures • Confidentiality Protection • Encryption • Attestation of Sensor Data • Location Obfuscation/Verification • Tamper Resistant-Communication • Replay Protection • Access Control • Authentication and Authorization • Jamming/DoS Protection • Firewall • Sandbox • Filtering Based on Rules
Experimental Security Analysis of a Modern Automobile Intel CTO Justin Rattner predicts that driverless cars will be available within 10 years and that buyers by then will increasingly be more interested in a vehicle's internal technology than the quality of its engine God help us when one of them runs into somebody or runs over somebody Most New Functionality in an Automobile is Electronics and Software – There are many vulnerabilities in current bridged networks REF 3
E-Safety Vehicle Intrusion Protected Applications (EVITA) Defines 3 classes of Hardware Security Modules (HSMs) Full Medium Lite OVERSEE ads virtualization and firewalls at each node REF 5
AUTomotiveOpen System Architecture (AUTOSAR) AUTOSAR codesign methodology uses a Component Software Design Model and a virtual function bus 1) Develop requirements and constraints 2) Describe SW-Component independently of HW 3) Describe HW independently of Application SW 4) Describe System – network topology, communication Generate software executable based on configuration information for each ECU using formal methods REF 6
Parallel Domain Security Extensions Reuseable SW Components: HW Agnostic and Uniform API Layering Unified Security Services: Crypto Servcies, Secure Boot, CommunicationGateway with Firewalls/ Intrusion Protection Enforced IMA Partitioning: Isolated Execution Environments via Virtualization AUTOSAR UAS Standards Initiatives EURO-MILS SAE ESCAR Extensions for Systems-of-Systems Security Interoperability AUTOMOTIVE UAS Reusable Units of Portability in Layered Architectures (Drivers, Transport Services) Multicore Hypervisors That Support mixed GP, Safe and Secure Embedded Controllers with Trust Services Addressing General Purpose, Safe, and Secure Multicore: Incremental Path to Unified Hypervisor Infrastructure Trusted Computing: HW Root-of-Trust(HSM), Secure Boot, Dynamic Monitoring
Representative Derived Embedded Computing Products • Cloud Based Security Infrastructure • Secure Network Gateway • Intrusion Detection • Firewalls • Multiple Levels of Security • Secure Microcontroller • Multiple Levels of Tamper Resistant vs Cost • Secure Boot Support • Secure Software APIs • Network Services • Crypto Services • Virtualization
Future Avionics Reference Architecture FACE and GIG SW MODERNIZATION => Modular Interoperable Interfaces, Formal Methods MIL Mission & Wpn Subsystems SUBSYS1 SUBSYSN SUBSYS1 SUBSYSM MIL/COM Flt Subsystems Application SW Components Application SW Components Open SW Stds MULTICORE AND VIRTUALIZATION, PROCESSOR POOLING, HIGHER DENSITY PACKAGING => Embedded Secure Processing on Multicore with MILS Mission Infrastructure SW Partitioned by SBC with Middleware and POSIX OS Flight Infrastructure SW Partitioned by SBC or ARINC 653 Partition Msn Sensors AC Sensors Mission Avionics Processing HW Components IMA & Non IMA WRAs Flight Avionics Processing HW Components IMA & Non IMA WRAs Open HW Stds Datalinks Radios Mission Avionics Networks Ethernet, 1553, FC Flight Avionics Networks AFDX, Firewire, 1553, ARINC 429 Topology UNIFIED NETWORK ARCHITECTURE = Multiple Levels of Security MOBILE AND INTERNET CONNECTIVITY TO THE CLOUD => with Adhoc Network Security, IDS, Cross Domain Solutions GIG MSG INTEROPERABILITY AND INCREASED PT-PT BW => Unified Security Protocols Other Platforms and the GIG
Conclusions Embedded university research and automotive security consortiums can provide access to significant dual use solutions for avionics and other embedded industries There are many parallels with regard to Information Assurance and Trusted Processing challenges for next generation avionics and automotive architectures Automotive related University Research and Automotive Consortiums have significantly increased focus on development of security for embedded systems Next generation UASarchitectures require an affordable, balanced, reference security architecture while exploiting third party software and 10 billion transistor hardware chips by 2020
References • REF 1 - Kumar, S., S. Gollakota, D. Katabi, 2012, A Cloud-Assisted Design for Autonomous Driving, MIT • REF 2 - Groll, André, Jan Holle, Marko Wolf, Thomas Wollinger, 2010, Next Generation of Automotive Security: Secure Hardware and Secure Open Platforms, ITS World 2010 • REF 3 - Koscher, Carl, Alexei Czeskis, FranziskaRoesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, HovavShacham, and Stefan Savage, 2010, Experimental Security Analysis of a Modern Automobile, Oakland 2010 • REF 4 - Hwang, D., Patrick Schaumont, Shenglin Yang, Ingrid Verbauwhede, 2006, Multi-level Design Validation in a Secure Embedded System, IEEE Transctions on Computers, Vol. 55, No. 11, November 2006 • REF 5 - Wolfe, M., 2009, Designing Secure Automotive Hardware for Enhancing Traffic Safety – The EVITA Project, CAST Workshop Mobile Security for Intelligent Cars • REF 6 - AUTOSAR Web Site • http://www.autosar.com • REF 7 - Syssec Web Site, syssec Deliverable D6.2: Intermediate Report on the Security of the Connected Car • http://www.syssec-project.eu/m/page-media/3/syssec-d6.2-SecurityOfTheConnectedCar.pdf • REF 8 - Tverdyshev, Sergey, EURO-MILS, Secure European Virtualisation for Trustworthy Applications in Critical Domains, SYSGO, Presentation for EURO-MILS Project • REF 9 - Gaska, Thomas, 2013, Assessing Dual Use Embedded Security For IMA, Digital Avionics Systems Conference 2013 • REF 10 - Gaska, Thomas, 2014, Exploring Security Synergies in Driverless Car and UAS Integrated Modular Architectures (IMAs), AUVSI 2014 • This paper includes the web sites for all research programs mentioned in the taxonomy table for future study