Cover Image
市場調查報告書

連網汽車的網路安全:2016年

Cyber Security in the Connected Vehicle Report 2016

出版商 TU Automotive 商品編碼 351221
出版日期 內容資訊 英文 59 Pages; 8 Figures
訂單完成後即時交付
價格
Back to Top
連網汽車的網路安全:2016年 Cyber Security in the Connected Vehicle Report 2016
出版日期: 2016年02月01日 內容資訊: 英文 59 Pages; 8 Figures
簡介

本報告提供連網汽車的網路安全環境相關調查,提供您連網汽車的攻擊對象領域,彙整駭侵·攻擊的各種類型,現在可以利用的解決方案 (產品與服務),安全相關標準,其他的產業吸取的經驗等資料。

摘要整理

第1章 簡介

第2章 汽車的攻擊對象領域的製圖

  • 連接性的各種類型
  • 攻擊對象領域
    • 資訊娛樂
    • DAB無線
    • USB
    • OBD-II
    • Bluetooth
    • Wi-Fi
    • JTAG埠口
    • 專用智慧型手機介面
    • 輪胎壓力監測系統 (TPMS:Tire Pressure Monitoring System)
    • 防盜
    • 車載資通系統控制單元
    • 被動式免鑰進入
    • 遙控車鑰進入
    • eCall
    • DSRC (Digital Short-Range Communication)
    • GM的OnStar
  • 汽車產業的生態系統

第3章 駭侵·威脅的各種類型

  • 簡介
  • 汽車駭侵的理由和動機
    • 調諧器
    • 學術安全研究人員
    • 白帽hackers
    • Script kiddies
    • 黑帽駭客
    • 灰帽駭客
    • 汽車盜竊
    • 財政的損失
    • 個人的遠隔監視
  • 攻擊結構
    • 橋接的攻擊
    • 資訊娛樂
    • OBD-II
    • Bluetooth
    • Wi-Fi
    • CAN巴士
    • 專用智慧型手機介面
    • 輪胎壓力監測系統 (TPMS:Tire Pressure Monitoring System)
    • 防盜
    • 車載資通系統:製造商·售後市場
    • 被動式免鑰進入
    • 遙控車鑰進入&啟動
    • eCall
    • 先進駕駛輔助系統 (ADAS:Advanced Driver Assistance System)
    • DSRC (Digital Short-Range Communication)
    • 感測器網路
  • 攻擊樹
  • 駭客熱圖

第4章 可利用的解決方案

  • 技術方法
  • 普及試驗
  • 整體方法
  • 差距的填空
  • 市場倡議·主要企業
    • CCV (Cyber Security Consortium for Connected Vehicles)
    • 英國運輸部的inichiachibu
    • BT Assure
    • NCC Group:保障&測試服務
    • SBD:技術諮詢
    • SBD·NCC Group的策略性聯盟
    • ASDL (Automotive Secure Development Lifecycle)
    • I Am The Cavalry的Five Star Automotive Cyber Safety Framework
    • Plextek
    • Intel和ASRB (Automotive Security Review Board)
    • Markey Report和SPY Car Act
    • The Transport Research Laboratory
    • horibaMIRA公司
    • Scarecrow Consultants
    • Thatcham (英國)
    • TowerSec的汽車網路安全
    • Telefonica的M2M連接性產品
    • Elektrobit的內建式解決方案
    • Covisint的安全平台
    • HARMAN
    • Visteon的OASIS cockpit
    • NXP Semiconductors
    • Mocana
    • AIRMIKA的CYBLOK
    • Sierra Wireless的Legato platform
    • CAR 2 CAR Communication Consortium (C2C-CC)
    • Security Innovation的高速通訊安全

第5章 網路安全相關的標準規格·倡議

  • ISO 26262
  • SAE J2980
  • SAE J3061
  • 美國的倡議
  • 威脅的建模
  • 其他產業倡議

第6章 教訓·總論

用語

文獻

案例研究

  • TBC
目錄

Industry Overview

The cyber security of connected vehicles is one of the biggest issues facing manufacturers today. Three significant trends have led to this position:

Complexity

“Complexity is the worst enemy of security”, and yet the past few years have seen a rapid increase in the cyber complexity of vehicles, evidenced by: (i) a massive increase in lines of code in a vehicle - approximately 100 million currently, compared to around 8 million for an F-35 joint strike fighter; (ii) an increase in Electronic Computing Units to something around 100 currently in high-end vehicles, communicating on a multiplicity of networks; and (iii) a rise in heterogeneity of in-vehicle systems - these are now responsible for a massive range of critical and luxury features within vehicles.

Connectivity.

This complexity has been exposed to wireless networks through the development of wireless communication interfaces. These interfaces are a double-edged sword - by connecting the vehicle to the Internet of Things, they have led to dramatically extended functionality, but they have opened up the traditionally closed vehicular system, making vehicles a more accessible and more attractive target to adversaries.

Content.

Theft of personal information, leading to identity theft, is an attractive goal for cyber-criminals. Personal data is increasingly available in car networks as the cars themselves are more sophisticated, and smartphones and other devices are connected to them.

The report looks into the vital role of effective and robust cyber security practices and systems in connected vehicles and the future of the automotive industry. Through looking at the vast array of recent precedent, available market solutions and the attack surface in the vehicle, the report will provide automotive players with the most comprehensive analytical paper on cyber security in the connected vehicle available today. With interviews with experts from automakers, government, security service providers and lessons taken from other industries to provide new and critical analysis to the evolving problem of cyber security in the vehicle.

Key Areas Covered

  • Mapping the Attack surface in the Vehicle: Assessing vulnerabilities and precedent in connected vehicles today as well as tomorrows technologies
  • The Types of Hacks and the Threats They pose: Why hack a vehicle? What form do they take? How best to protect against them?
  • The Available Market solutions: What products and services are on the market and how best can they be used to protect specific areas of the vehicle
  • Standards: What standards exist? What standards are being worked on? How might the auto industry evolve best with the introduction of certain standards?
  • Lessons from Other Industries: What lessons and practiced can be applied to the automotive sectors? What can the aviation, defence and financial industries teach the automotive industry

Your Key Questions Answered On:

  • What does the cyber security landscape look like today?
  • How rapidly is this landscape changing and in what ways?
  • How are current vehicles at risk and how are vulnerabilities being exploited?
  • Why hack a vehicle? What are a hacker's motivations?
  • What are the real risks and potential consequences? How does this differ from the ‘media hype'?
  • How do you build holistic security strategies and systems and implement them successfully?
  • What are the available market solutions and who are the key players?
  • How can these solutions be effectively implemented to guarantee maximum security and ensure consumer trust?

Key Reasons To Buy The Report

  • A vital resources in assessing the global cyber threat in order to develop holistic security approaches
  • Analyse the real risks and threats in the auto industry
  • Assess the current solutions on offer and the experts providing them
  • Develop and implement robust security architectures

Table of Contents

Executive Summary

1. Introduction

  • 1.1. Terms and definitions
  • 1.2. Summary of report

2. Mapping the attack surface within the vehicle

  • 2.1. Types of connectivity
  • 2.2. The Attack surface
    • 2.2.1. Infotainment
    • 2.2.2. DAB radio
    • 2.2.3. USB
    • 2.2.4. OBD-II
    • 2.2.5. Bluetooth
    • 2.2.6. Wi-Fi
    • 2.2.7. JTAG ports
    • 2.2.8. Dedicated smartphone interfaces
    • 2.2.9. Tire Pressure Monitoring System (TPMS)
    • 2.2.10. Immobilizer
    • 2.2.11. Telematics control units
    • 2.2.12. Passive Keyless Entry
    • 2.2.13. Remote Key Entry
    • 2.2.14. eCall
    • 2.2.15. DSRC (Digital Short-Range Communication)
    • 2.2.16. GM's OnStar
  • 2.3. The automotive ecosystem

3. Types of hacks and threats they pose

  • 3.1. Introduction
  • 3.2. Why hack a vehicle? Hackers and their motivations
    • 3.2.1. Tuners
    • 3.2.2. Academic security researchers
    • 3.2.3. White hat hackers
    • 3.2.4. Script kiddies
    • 3.2.5. Black hat hackers
    • 3.2.6. Gray Hat Hackers
    • 3.2.7. Vehicle theft
    • 3.2.8. Financial theft and damage
    • 3.2.9. Remote surveillance of individuals
  • 3.3. Attack anatomy
    • 3.3.1. Bridging attacks
    • 3.3.2. Infotainment
    • 3.3.3. OBD-II
    • 3.3.4. Bluetooth
    • 3.3.5. Wi-Fi
    • 3.3.6. CAN bus
    • 3.3.7. Dedicated smartphone interfaces
    • 3.3.8. Tire Pressure Monitoring System (TPMS)
    • 3.3.9. Immobilizer
    • 3.3.10. Telematics: manufacturer and after-market telematics
    • 3.3.11. Passive Keyless Entry and Start
    • 3.3.12. eCall
    • 3.3.13. Advanced Driver Assistance System (ADAS) features
    • 3.3.14. Digital Short-Range Communication (DSRC)
    • 3.3.15. Sensor networks
  • 3.4. Attack trees
  • 3.5. Hacker heat map

4. Available market solutions

  • 4.1. Technical approaches
    • 4.1.1. Identifying dependencies
    • 4.1.2. Testing for unanticipated user input
    • 4.1.3. Techniques that expose vulnerabilities
  • 4.2. Penetration testing
  • 4.3. The holistic approach
  • 4.4. Plugging the gaps
  • 4.5. Market initiatives and key players
    • 4.5.1. Cyber Security Consortium for Connected Vehicles (CCV)
    • 4.5.2. UK Department for Transport initiatives
    • 4.5.3. BT Assure
    • 4.5.4. NCC Group assurance and testing services
    • 4.5.5. SBD technical consultancy
    • 4.5.6. SBD and NCC Group strategic partnership
    • 4.5.7. Automotive Secure Development Lifecycle (ASDL)
    • 4.5.8. I Am The Cavalry's Five Star Automotive Cyber Safety Framework
    • 4.5.9. Plextek
    • 4.5.10. Intel and the Automotive Security Review Board
    • 4.5.11. The Markey Report and the SPY Car Act
    • 4.5.12. The Transport Research Laboratory
    • 4.5.13. HORIBA-MIRA
    • 4.5.14. Scarecrow Consultants
    • 4.5.15. Thatcham, UK
    • 4.5.16. TowerSec automotive cyber security
    • 4.5.17. Telefónica's M2M connectivity offering
    • 4.5.18. Elektrobit embedded solutions
    • 4.5.19. Covisint's secure platform
    • 4.5.20. HARMAN
    • 4.5.21. Visteon's OASIS cockpit
    • 4.5.22. NXP Semiconductors
    • 4.5.23. Mocana
    • 4.5.24. AIRMIKA's CYBLOK
    • 4.5.25. Sierra Wireless's Legato platform
    • 4.5.26. CAR 2 CAR Communication Consortium (C2C-CC)
    • 4.5.27. Security Innovation's high speed communications security

5. Cyber security-related standards and initiatives

  • 5.1. ISO 26262
    • 5.1.1. Limitations and extensions
  • 5.2. SAE J2980
  • 5.3. SAE J3061
  • 5.4. US initiatives
    • 5.4.1. SPY Car Act
    • 5.4.2. NHTSA work
    • 5.4.3. NIST
  • 5.5. Threat modeling
    • 5.5.1. Checkoway's threat modeling framework
    • 5.5.2. IBM Global's security model
  • 5.6. Other industry initiatives
    • 5.6.1. E-safety Vehicle Intrusion Protected Applications (EVITA)
    • 5.6.2. Trusted Platform Module (TPM)
    • 5.6.3. Secure Hardware Extensions (SHE)

6. Lessons and conclusions

  • 6.1. Lessons from aviation
  • 6.2. Conclusions

Abbreviations

References

Case Studies

  • TBC
Back to Top