skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2011-2012 · 
 

Colloquium - Kohno

 
10/27/2011
3:30pm-4:30pm
ECCR 265

Experimental Security Analysis of a Modern Automobile
University of Washington

Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this talk I will discuss our experimental evaluation of the security properties of a real, modern automobile.

Tadayoshi Kohno photo

We find that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) in a car can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input -- including disabling the brakes, selectively braking individual wheels, and stopping the engine. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after performing a malicious action. We also systematically analyze the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, I will discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

This is joint work with Karl Koscher, Alexei Czeskis, Franziska Roesner and Shwetak Patel (University of Washington) and Stephen Checkoway, Damon McCoy, Danny Anderson, Brian Kantor, Hovav Shacham and Stefan Savage (University of California San Diego).

is an Associate Professor in the University of Washington's Department of Computer Science and Engineering and an Adjunct Associate Professor in the UW Information School. His research focuses on helping protect the security, privacy, and safety of users of current and future generation technologies. Kohno is the recipient of an Alfred P. Sloan Research Fellowship, a U.S. National Science Foundation CAREER Award, and a Technology Review TR-35 Young Innovator Award. Kohno has authored more than a dozen award papers, has presented his research to the U.S. House of Representatives, and is chairing the 2012 USENIX Security Symposium. Kohno received his PhD from the University of California at San Diego and his BS from the University of Colorado.

Hosted by James Martin.


The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

 
See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Questions/Comments?
Send email to

Engineering Center Office Tower
ECOT 717
+1-303-492-7514
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)
 
.