15
Sentryo HQ66 Bd Niels Bohr CS 52132 69603 Lyon-Villeurbanne - France +33 970 469 694[email protected]www.sentryo.net Cyber Security for the Industrial Internet Laurent Hausermann - Founder [email protected] +33 (0) 617 108 433 Nicolas Justin [email protected] +33 (0) 608 248 978 L’importance de la détection des cyberattaques dans les véhicules connectés et autonomes

Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

  • Upload
    others

  • View
    7

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo HQ│66 Bd Niels Bohr CS 52132 69603 Lyon-Villeurbanne - France+33 970 469 694│[email protected]│www.sentryo.net

Cyber Security for the Industrial Internet

Laurent Hausermann - Founder

[email protected]+33 (0) 617 108 433

Nicolas Justin

[email protected]+33 (0) 608 248 978

L’importance de la détection des cyberattaques dans les véhicules connectés et autonomes

Page 2: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

BMW TechDate Winner - June 2016

CISCO Acceleration Prize - June 2016

Lauréat Concours Mondial de l’Innovation CMI - June 2016

Winner Innovation Prize Monaco Cybersecurity Show October 2015

IIOT Cybersecurity startup of the year McRock Capital Symposium - May 2017

Awards

■ Incorporated: June 2014

■ Headquarters: Lyon - France

■ Venture capital backed by UK/FR funds

■ Target Industrial corporations: Energy, Process Industries, Manufacturing, Transportation

■ Offices: France/Germany/USA

■ Partners: USA, LATAM, South Asia, Middle East

Company Overview

Page 3: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Sentryo Automotive Detection Project

Extend our existing technology stack for Industrial Networks (ie Production, ICS) to

embedded IoT, M2M & Automotive networks

#Monitoring

#AnomalyDetection

#MachineLearning

#CANBus

#AutomotiveEthernet

Page 4: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

IT & OT & IIoT - A fast changing converging environment

New challenges for industrial corporations

IoT & Fog Computing - A new digital paradigm for automotive

ecosystem

Page 5: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

New ServicesDriving assistance,

Internet, Entertainment…

New BusinessesEnergy savings, Car sharing, Automated

parking...

Bluetooth

Wifi

5G/LTE802.11p

ECU

FlexRay

Automotive Ethernet

V2IV2C

Customer Trust ?

Business Challenges

Page 6: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

REAL LIFE CYBERATTACKS

2013 - Toyota Prius & Ford Escape: steer, brake and honk

2014 - Chrysler Jeep: steer, brake, and accelerate

2015 - BMW Connected Drive: remote door unlocking

2016 - Tesla Model S: brake, activate whippers, signals and others

2016 - Mitsubishi Outlander: locate, disable alarm and drain the battery

Page 7: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Hackers

■ Lot of time available ■ Undetectable vulnerability research■ Large attack surface■ High damage potential■ Ease of replication without large resources

Automakers

■ Overall safety is a bigger subject■ Long development cycle■ Need full control over source code■ Low resources for cybersecurity■ CAPEX >> OPEX

Hackers vs Automakers

Page 8: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Critical network is the attacker’s

main target

Attackers Steps

1. Access vehicle through Cellular network

2. Compromise infotainment system

3. Take control of vehicle CAN bus:

Able to steer, brake, accelerate...

sentryoDetection Agent

Critical network

Page 9: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Attacks

■ Discover vehicle components: scanning

■ Disturb vehicle: Denial of Service, ransomware...

■ Search security holes and potential bugs: fuzzing

■ Get access to firmware, modify critical parameters (ABS…)

Anomalies

■ Industrial or M2M protocol are really basics, legit orders are similar to attackers orders

■ Can be subtle to slowly damage critical components

■ Can be a system anomaly or due to a cyberattack

On critical networksAttacks and Anomalies

must be detected

Attacks vs Anomalies

Page 10: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Detection Approach

Attacker’s steps

1. Gain access to Infotainment

2. Scan all vehicles ECUs

3. Silence collision prevention

4. Send false values to Autocruise

Detection Methods

Attack:- Scanning- Denial of Service

Anomaly:- Deviation of vehicle’s Speed

despite the distance with a front obstacle

Page 11: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Advanced anomaly detection

■ Lot of in-car sensors values can be correlated

■ One sensor value can be reconstructed using a set of other sensors values

■ Each sensors can be reconstructed using others

Strong interactions

Page 12: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

Neural Networks

■ Neural Networks are perfectly adapted to find and learn correlations in complex systems

■ Neural Networks can make good prediction

■ High prediction error means anomaly

Page 13: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

MPH anomaly detection

Page 14: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

MPH anomaly detection■ In case of attacks the prediction error ratio will be high■ Attacker injected a 0 MPH speed value on the bus to trick the Park

Assist for example

Page 15: Cyber Security for the Industrial Internetinscription.firstconnection.fr/images/files/... · 2015 - BMW Connected Drive: remote door unlocking 2016 - Tesla Model S: brake, activate

Sentryo

More information on Sentryo’s blog:

https://www.sentryo.net/blog/