Automotive Security Primer
- 21 -22 Sep, 2022
- 2 days
- Grand Hyatt, Kochi, India
Trainer
Kartheek Lade
Associate IoT Security Researcher , Payatu Security Consulting Pvt. Ltd , India
Who should attend
- → Security researchers interested in Automotive security.
- → Anyone into car hacking.
Pre-Requisite
- → Basic knowledge of Linux OS.
- → Basic knowledge of python scripting is a plus.
OBJECTIVE
Nowadays Automotive Security is more than just physically hacking a vehicle. CAN hacking is only a part of the puzzle. Automotive security comprises of assessing the whole ecosystem of the connected vehicle. The in-vehicle network and V2X communications together open up a complex attack surface where multiple vulnerabilities are chained to compromise different functionalities of the ecosystem. In this course we will focus on understanding the ecosystem and making attendees develop a mindset geared towards identifying threats and vulnerabilities with guided hands-on labs and exercises to pentest vehicles in the context of automotive security
COURSE CONTENT (ToC)
DAY 1
- → Intro to Automotive Security
- Definitions CV, AV, CAV.
- Terminology OEM, ECU, TCU, Backend.
- Types of vehicles - V2X, V2I, V2V.
- Where are we heading in the future ?.
- → CIA in Automotive
- Physical : UDS + OBD-II
- Short range : Bluetooth, Radio (Key Fob)
- Long range : GSM
- How to define Automotive attack surface ?
- → Introduction of Automotive Protocols
- CAN
- Introduction
- Packet structure
- Commumication
- CAN-FD
- Introduction
- Packet structure
- LIN
- Introduction
- Packet structure
- Communication
- → Open-source tools
- EXPLIoT framework - CAN modules
- Advanced can-utils explanation
- → Hands on CAN Bus labs
- Sniffing CAN packets
- Injecting CAN packets
- CAN Bus overriding attack
- Replay attack on CAN Bus
DAY 2
- → Advnced Protocol attacks demonstration on CANpico network.
- Janus attack demonstration
- Double Receive attack
- Bus-off attack
- → Threat Analysis and Risk Assessment (TARA) According to ISO/SAE 21434.
- Cybersecurity goals.
- Cybersecurity Requirements.
- Cybersecurity Architecture.
- → Attack Path Analysis (discussion based exercise).
- Attack vector identification
- Developing attack paths
- Defining defensive countermeasures
PRE-REQUISITE
- Basic knowledge of Linux OS.
- Basic knowledge of python scripting is a plus.
PARTICIPANTS REQUIREMENTS
- Laptop with at least 50 GB of free space.
- 8+ GB minimum RAM (4+GB for the VM).
- External USB access to host as well as VM.
- Administrative privileges on the system.
- Latest VirtualBox (6.X) (including VirtualBox extension pack).
DURATION:
WHO SHOULD ATTEND:
- Security researchers interested in Automotive security.
- Anyone into car hacking.
WHAT TO EXPECT:
- Kickstart your automotive security journey.
- Getting familiarised with car hacking.
- Hands on labs.
WHAT NOT TO EXPECT:
- Becoming an automotive security expert overnight.
- Becoming a car hacker overnight.
Trainer
Kartheek Lade
Associate IoT Security Researcher
Payatu Security Consulting Pvt. Ltd
India
Kartheek Lade is an IoT Security Researcher, who works in the Automotive & Hardware verticals of IoT security at Payatu. He is constantly learning about wireless security & ISO/SAE 21434. He loves contributing and being a part of security communities and helping people get started in Cyber Security. He is a regular speaker/trainer various international security conferences like Defcon Car Hacking Village, BlackHat Arsenal USA & Asia, Seasides, BSides Delhi, C0c0n, etc. He also created blogs and an open-source tool CANalyse (https://github.com/canalyse/CANalyse) which helps like-minded people to learn more about automotive security.