Embedded Files
Hello everybody and welcome with you as you choose to learn with me the Security Concepts in general and How we use it in Automotive domain, I promise you I will put all knowledge you need to start your journey with Automotive Cyber Security , and I need from you to focused with me and any weakness in the provided information you can take some notes then ping me first so we improve this for your next colleague so you also help his to get the most improved martials then you can use any GPTs to help you to learn what you need to become expert in Security and Automotive Cyber Security so without any further ado lets start.
In this section let's answer the question not what but why Cyber Security and main job in any SW ?
In this section let's answer the question not what but why Cyber Security and main job in any SW ?
Introduction to Automotive Cyber Security:
Introduction to Automotive Cyber Security:
We are currently relying on SW and connectivity in vehicles and so we need to protect ourselves from attackers that may try to introduce a vulnerability to our stable system so we need our Security to proactive not reactive as these days.
First what is the difference between Safety and Security:
First what is the difference between Safety and Security:
Safety : Safe From Accident environment, causes harm ISO 26262.
Security : intentional incident malfunctioning System, causes harm to environment ISO 21434.
but to get the security in action we need a safety as we will see later in the HW components that used to achieve Cybersecurity
Automotive Cyber Security:
Automotive Cyber Security:
As the vehicle connectivity increased ⬆️ the need to Cyber Security increased ⬆️ so Here we use the Cyber Security to protect vehicle electronic systems such as network from digital attacks and unauthorized access
Foundational Cybersecurity Concepts: CIA Triad and STRIDE
Foundational Cybersecurity Concepts: CIA Triad and STRIDE
The CIA Triad
The CIA Triad
The basic principle and that is what we need to achieve through using Cyber Security
Confidentiality: "Ensures that the information is accessible only by the authorized user." In automotive, this applies to sensitive information like "driver profile, location , OTA updates "
Integrity: "Ensures message is unchanged so preventing unauthorized modification of CAN bus messages that control braking. Validation often uses "hash or map concepts." Mechanisms include "hashing digital signatures" and "continuous monitoring."
Availability: Ensures that the information and systems are accessible to authorized users whenever needed, which should be always available. This is the common issue is Automotive as the Can bus working with priority mechanism
STRIDE Threat Modeling
STRIDE Threat Modeling
Developed by Microsoft, STRIDE is a methodology used to identify potential threats, widely adopted in automotive. It categorizes threats as the following, associating them with cybersecurity properties:
Spoofing (Authentication): "Pretending to be someone or something that you are not."
Tampering (Integrity): "Altering the data or code or whatever."
Repudiation (Non-Repudiation): "Denying the actions or transactions."
Information Disclosure (Confidentiality): "Exposing the information to unauthorized individuals."
Denial of Service (Availability): "Disrupting the normal functioning of a system."
Elevation of Privilege (Authorization): "Gaining unauthorized access to the higher level process." Example: A hacker gaining control over critical systems like braking or steering.
Both principles are focusing on the same ideas (Confidentiality - Integrity - Availability) and by achieving these principles we will have environment protect form cyberattacks
Before success more about the Cyber Security methods and algorithms
Plain test ( is what we need to encrypt/protect )
Cipher text ( is unreadable text that is converted with one of the Cyber Security Cryptograph Algorithms .
Also the cryptography algorithms is open source but the Keys That used in encryption and description that we need to keep them secure as from its name they are the keys that open the safe)
Hashing(for data integrity)
Hashing(for data integrity)
So hash here is to insure data integrity which means that data that I received is unmodified so changing one bit will change the overall hash output so in git using the rebase feature will change the commit hash. Why ?
Ok let’s talk brief about this
When we request from git to commit a message we now ask from him to save our message through efficient way in size but also Git will maintain the message integrity, robust and immutable history so first
You can get this hash through the following command git hash-object hello.txt.
so the one example is rebasing in Git change the message Hash because we changed the content so it is the same commit but with different hash.
Hash is one-way fixed size encryption algorithm
So we chose the hash algorithm then run it in any data message length and the out will be fixed size whatever this message length is
Hash algorithms (MD5/SHA256) we will see a use case in automotive for creating a SW digest (Signing the Software)
But why does hash not implement confidentiality ?
But why does hash not implement confidentiality ?
Because it is one way encryption so I can use it to check if the message is changed not retrieve the original message back also Hash is fixed size in length so we can not get the original message back on the other hand the encryption is block or stream base so the input size will be the same output size but the value will be different .
So we need a method to get the original message back from the encrypted message. So encryption use 3 inputs
message + key + algorithm = cipher text
If we done this steps in reverse order we will get the original message
Cypher message + Key + algorithm = original message
So without the key we can not retrieve the original message again.
So the cyberattacks can get the message but is never known the original message what is
And this maintain the confidentiality
But the method we share this key is the major problem for us as we said before if the attackers get the way to have the encryption key this will make our system in unsafe and attacker can option sensitive data.
So we have two methods of encryption : symmetric and asymmetric encryption
Both methods are used and each one has it own pros and cons we will discuss about them in details later.
as you see here the thief have two different target change the message or get the plan protected massage
The last topic in CIA is the Availability:
The last topic in CIA is the Availability:
Which mean when ever the user requested the service it must be available
here we can face this problem in two ways the hacker can get the access to our vehicle communications physical access or wireless.
wireless the hackers may target the backend server will a flood of unintended messages so it will not responsiveness with our vehicle.
the second way is physical access to the Can bus in the vehicle it self where target the can bus as it work with the message priorities then the message with priority Zero will arbitrate all the other messages on the bus the the network members or nodes will not can communicate with each other.
Countermeasures: The Security System
Countermeasures: The Security System
Countermeasures are simply the steps you take to protect your car. They fall into three categories.
Preventive Controls: These are designed to stop an attack before it happens.
Example: Locking your car doors, using a steering wheel lock, or installing a car alarm. These measures prevent or deter the thief in the first place.
Detective Controls: These are used to spot an attack while it's in progress.
Example: Your car alarm blaring when a window is broken, or a security camera that sends an alert to your phone when it detects motion near your car. They don't stop the break-in, but they let you know it's happening.
Corrective Controls: These are the actions you take to fix the damage after an attack.
Example: After a break-in, you would repair the broken window (system recovery) and report the theft to the police. You might also add a better alarm system (patching the vulnerability) to prevent future incidents.
Key Concepts in Threat Modeling
Key Concepts in Threat Modeling
Threat modeling is the process of thinking like a hacker to find and fix security weaknesses before they can be exploited.
Threat Model: This is a structured plan or blueprint of your security. It's where you identify what's important (like the car itself or the valuables inside), what the potential threats are (thieves), how they might attack (the attack vectors), and what you'll do to stop them (the countermeasures).
Attack Tree: This is a visual map that breaks down an attack into smaller steps. It helps you understand exactly how a hacker could achieve their goal.
STRIDE Model: This is a popular framework used in threat modeling. It's a checklist of common types of threats, helping you brainstorm what could go wrong.
Spoofing: Pretending to be someone else.
Tampering: Modifying data without permission.
Repudiation: Denying that you did something.
Information Disclosure: Leaking secret information.
Denial of Service (DoS): Preventing the system from working.
Elevation of Privilege: Gaining more access than you should have.
Attack Vector vs. Attack Surface
Attack Vector vs. Attack Surface
Attack Vector: This is the specific method / Path a thief uses to get in. For example, using a slim jim to unlock the door, breaking a window, or hacking the keyless entry signal. Each one is a distinct attack vector.
Attack Surface: This is all the possible entry points combined. It includes all the doors, windows, the trunk, the sunroof, the keyless entry system, the onboard computer's Wi-Fi, and the Bluetooth connection. The entire collection of potential vulnerabilities is the attack surface.
In short, the attack surface is the "what" can be attacked (the doors, windows, etc.), and the attack vector is the "how" it's attacked (breaking the window, hacking the signal).
attack vector in modern Vehicles :
Remote attacks - Physical attacks - Supply Chain attacks
let's discuss the following definitions
let's discuss the following definitions
1. Threat (The "What Could Happen")
A threat is a potential cause of an unwanted incident that could harm a system or component. It's a possible danger that might be realized.
Nature: Potential, abstract.
Example: The possibility of a malicious actor remotely disabling a car's brakes.
2. Attack (The "How It Happens")
An attack is the intentional act of attempting to exploit a vulnerability. It is the realization of a threat. An attack is an action, not a potential.
Nature: Action, concrete.
Example: A hacker executing a "man-in-the-middle" attack on the vehicle's Wi-Fi to send a malicious command to the braking ECU.
3. Risk (The "So What?")
A risk is the potential for loss or damage when a threat is realized against a vulnerability. It combines the likelihood of an attack being successful with the impact (damage) it would cause.
Nature: Probability and Impact.
Formula: Risk = Likelihood × Impact
Example: The high risk associated with a successful brake-disabling attack, which has a catastrophic safety impact (e.g., injury or death) even if the likelihood is low.
The Relationship: A Simple Flow
The Relationship: A Simple Flow
A Threat Actor (e.g., a hacker) uses an Attack Method to exploit a Vulnerability (a weakness), which realizes a Threat. The resulting combination of likelihood and impact is the Risk.
Threat + Vulnerability → Attack → Impact = Risk
Attack Vs Threat
attack is the action ; threat is the possibilities
Threat Vs Risk
threat is the source of potential harm ; risk is the measure of the harm happiness
Event :
a specific security log not identified as an incident yet
Incident :
a security event that compromise the CIA or STRIE security model
Security Breach or ( Data breach ) :
it is the unauthorized access to the data in a system resulting in the compromise of the confidentiality information
Vulnerabilities
Vulnerabilities
defined as weakness in the system that can be exploited by the attackers
Vulnerabilities types:
SW : this can be a bug in SW as a buffer overflow - improper input that lead to this vulnerabilities
HW : in the HW itself as an example the Locking the flash at the production phase the controlling bit value changed at a specific temp or an condition
Human : here ignoring / miss configurations that may create a security gap as this miss configuration to firewall in the router that may lead to lets some ports open
Page updated
Google Sites
Report abuse