This document presents the different attacks that can be envisaged on a recent car in order to be able to create a set of tests verifying the security of Automotive Grade Linux (AGL). The more general utility behind this document is to protect the manufacturers, customers and third party from potential financial and information loss. This document is firstly based on an existing AGL security-blueprint.
For security to be effective, the concepts must be simple. And by default, anything that is not allowed is forbidden.
We will cover topics starting from the lowest level (Hardware) up to the highest levels (Connectivity and Application). We will move quickly on Hardware and Connectivity because this is not supported at our level. Solutions of connectivity problems concern updates and secured settings while hardware securing is related to the manufacturers.
The document is filled with tags to easily identify important points:
- The config tag quickly identifies the configurations and the recommendations to take.
- The note tag allows you to notify some additional details.
- The todo tag shows the possible improvements.
In annexes of this document, you can find all the config and todo notes.
The term Hardening refers to the tools, techniques and processes required in order to reduce the attack surface on an embedded system, such as an embedded control unit (ECU) or other managed devices. The target for all hardening activities is to prevent the execution of invalid binaries on the device, and to prevent copying of security related data from the device.
AGL security overview
AGL roots are based on security concepts. Those concepts are implemented by the security framework as shown in this picture:
Acronyms and Abbreviations
The following table lists the strongest terms utilized within all this document.
|Acronyms or Abbreviations||Description|
|AGL||Automotive Grade Linux|
|ECU||Electronic Control Unit|
- http:// docs.automotivelinux.org/docs/architecture/en/dev/reference/security/01-overview.html
-  - kernel security.
- https:// www.kernel.org/doc/Documentation/security/
-  - Systemd integration and user management.
- http:// iot.bzh/download/public/2017/AMM-Dresden/AGL-systemd.pdf
-  - AGL - Application Framework Documentation.
- http:// iot.bzh/download/public/2017/SDK/AppFw-Documentation-v3.1.pdf
-  - Improving Vehicle Cybersecurity.
- https:// access.atis.org/apps/group_public/download.php/35648/ATIS-I-0000059.pdf
-  - AGL framework overview.
- http:// docs.automotivelinux.org/docs/apis_services/en/dev/reference/af-main/0-introduction.html
-  - SecureBoot-SecureSoftwareUpdates.
- http:// iot.bzh/download/public/2016/publications/SecureBoot-SecureSoftwareUpdates.pdf
-  - Linux Automotive Security.
- http:// iot.bzh/download/public/2016/security/Linux-Automotive-Security-v10.pdf
-  - Automotive Security Best Practices.
- https:// www.mcafee.com/it/resources/white-papers/wp-automotive-security.pdf
-  - Gattacking Bluetooth Smart Devices.
- http:// gattack.io/whitepaper.pdf
-  - Comprehensive Experimental Analysis of Automotive Attack Surfaces.
- http:// www.cs.wayne.edu/fengwei/15fa-csc6991/slides/8-CarHackingUsenixSecurity.pdf
-  - Security in Automotive Bus Systems.
- http:// citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.92.728&rep=rep1&type=pdf
-  - IOActive Remote Attack Surface.
- https:// www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf
-  - A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications.
- https:// media.blackhat.com/bh-dc-11/Perez-Pico/BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-wp.pdf
-  - Comprehensive Experimental Analyses of Automotive Attack Surfaces.
- http:// www.autosec.org/pubs/cars-usenixsec2011.pdf
-  - Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars.
- https:// eprint.iacr.org/2010/332.pdf
-  - Wifi attacks wep wpa.
- https:// matthieu.io/dl/wifi-attacks-wep-wpa.pdf
-  - SMACK.
- http:// schaufler-ca.com/yahoo_site_admin/assets/docs/SmackWhitePaper.257153003.pdf