diff options
author | Stephane Desneux <stephane.desneux@iot.bzh> | 2018-10-16 13:10:46 +0200 |
---|---|---|
committer | Stephane Desneux <stephane.desneux@iot.bzh> | 2018-10-16 13:13:14 +0200 |
commit | 0eba225fb27ec0b87bfa80361314fec5ab901caa (patch) | |
tree | 02baf13e25b4d8989dc25051ff7ce3256ffb7bbd /docs/security-blueprint/part-7/1-BusAndConnectors.md | |
parent | 536b42be464af2f29fc5061489821c8903a6690a (diff) |
Import from docs-agl/docs
Change-Id: Id524561d87410e5463cddd123b30eb63d75b62bd
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'docs/security-blueprint/part-7/1-BusAndConnectors.md')
-rw-r--r-- | docs/security-blueprint/part-7/1-BusAndConnectors.md | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/docs/security-blueprint/part-7/1-BusAndConnectors.md b/docs/security-blueprint/part-7/1-BusAndConnectors.md new file mode 100644 index 0000000..5ab9ab8 --- /dev/null +++ b/docs/security-blueprint/part-7/1-BusAndConnectors.md @@ -0,0 +1,68 @@ +# Bus + +We only speak about the **CAN** bus to take an example, because the different +attacks on bus like _FlewRay_, _ByteFlight_, _Most_ and _Lin_ use retro +engineering and the main argument to improve their security is to encrypt data +packets. We just describe them a bit: + +- **CAN**: Controller Area Network, developed in the early 1980s, is an + event-triggered controller network for serial communication with data rates + up to one MBit/s. **CAN** messages are classified over their respective + identifier. **CAN** controller broadcast their messages to all connected nodes + and all receiving nodes decide independently if they process the message. +- **FlewRay**: Is a deterministic and error-tolerant high-speed bus. With a data + rate up to 10 MBit/s. +- **ByteFlight**: Is used for safety-critical applications in motor vehicles + like air-bags. Byteflight runs at 10Mbps over 2 or 3 wires plastic optical + fibers. +- **Most**: Media Oriented System Transport, is used for transmitting audio, + video, voice, and control data via fiber optic cables. The speed is, for the + synchronous way, up to 24 MBit/s and asynchronous way up to 14 MBit/s. + **MOST** messages include always a clear sender and receiver address. +- **LIN**: Local Interconnect Network, is a single-wire subnet work for + low-cost, serial communication between smart sensors and actuators with + typical data rates up to 20 kBit/s. It is intended to be used from the year + 2001 on everywhere in a car, where the bandwidth and versatility of a **CAN** + network is not required. + +On just about every vehicle, **ECU**s (**E**lectronic **C**ontrol **U**nits) +communicate over a CAN bus, which is a two-wire bus using hardware arbitration +for messages sent on the shared medium. This is essentially a *trusted* network +where all traffic is visible to all controllers and any controller can send any message. + +A malicious **ECU** on the CAN bus can easily inject messages destined for any +other device, including things like the instrument cluster and the head unit. +There are common ways for hardware to do USB to CAN and open source software to send +and receive messages. For example, there is a driver included in the Linux kernel +that can be used to send/receive CAN signals. A malicious device on the CAN bus can +cause a great number of harmful things to happen to the system, including: sending +bogus information to other devices, sending unintended commands to ECUs, +causing DOS (Denial Of Service) on the CAN bus, etc. + +<!-- section-config --> + +Domain | Tech name | Recommendations +---------------------------------- | --------- | -------------------------------------------------------------------------- +Connectivity-BusAndConnector-Bus-1 | CAN | Implement hardware solution in order to prohibit sending unwanted signals. + +<!-- end-section-config --> + +See [Security in Automotive Bus Systems](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.92.728&rep=rep1&type=pdf) for more information. + +# Connectors + +For the connectors, we supposed that they were disabled by default. For example, +the **USB** must be disabled to avoid attacks like BadUSB. If not, configure the +Kernel to only enable the minimum require **USB** devices. The connectors used +to diagnose the car like **OBD-II** must be disabled outside garages. + +<!-- section-config --> + +Domain | Tech name | Recommendations +----------------------------------------- | --------- | ---------------------------------------------------------------------- +Connectivity-BusAndConnector-Connectors-1 | USB | Must be disabled. If not, only enable the minimum require USB devices. +Connectivity-BusAndConnector-Connectors-2 | USB | Confidential data exchanged with the ECU over USB must be secure. +Connectivity-BusAndConnector-Connectors-3 | USB | USB Boot on a ECU must be disable. +Connectivity-BusAndConnector-Connectors-4 | OBD-II | Must be disabled outside garages. + +<!-- end-section-config --> |