Challenges in Building IoT Systems for Automotive Systems

Transcript

1. J P M C I n n o v a

   t i o n W e e k Business and Technology Innovating Together

2. JPMC Innovation Week CHALLENGES IN BUILDING IOT SYSTEMS FOR AUTOMOTIVE

   SYSTEMS VINAYAK HEGDE CTO, ZOOMCAR Business and Technology Innovating Together Speaker Series | Ideation Events | Hackathon

3. Cars Cycles eScooters JPMC Innovation Week | 2019

4. CHALLENGES IN BUILDING IOT SYSTEMS • Different standards and different

   versions • Bluetooth, Zigbee, IPWave • Variety of platforms (in our case, cars, Escooters) • CAN / OBD protocols provide some standards but there are divergences • Many times have to integrate proprietary protocols • Battery Battery Battery • Lossy and constrained networks (rides over GPRS/2G networks) JPMC Innovation Week | 2019

5. IT GETS TOUGHER • Security is a topmost constraint •

   And hence key management has to be stronger • Devices are in hostile territory • Customers have physical access to device • Devices have to work in wind, rain, sun, dust and exposed to elements • And they are moving as well (non-static IoT or IoMT) JPMC Innovation Week | 2019

6. CONSTRAINTS IT IMPOSES ON PROTOCOL DESIGN • Security and key-management

   is important • Software can be reverse engineered (especially on phones) • Store and forward (spooling is critical) • Retry mechanisms • Publish and subscribe • Message ids and acks are critical • Compression is critical because of bandwidth • Criticality of messages and priority (say immobilisation) • Reverse Engineering (and working with Manufacturers) JPMC Innovation Week | 2019

7. CONSTRAINTS IT IMPOSES ON PROTOCOL DESIGN • OTA updates (cryptographically

   signed) • PATCH command • SUIT WG documents • Keys management is paramount as keys might need to be revoked • Logic and command and control on webservice and mobile app as proxy • One-time use keys need to be generated using TOTP (RFC 6238) and HOTP (RFC 4226) • Timing and management of update / Forced update • Fallback in case of failures / Acknowledgement JPMC Innovation Week | 2019

8. CARS • OBD Data • Battery levels • Fuel Levels

   • Gear information • Vehicle / Engine speed • Braking behaviour • GPS Coordinates • Immobilisation • KLE (Keyless Entry) JPMC Innovation Week | 2019

9. CARS JPMC Innovation Week | 2019

10. CARS - How the data flows JPMC Innovation Week |

    2019

11. CYCLES • Lock / Unlock status • GPS Coordinates •

    Battery levels JPMC Innovation Week | 2019

12. CYCLES JPMC Innovation Week | 2019

13. CYCLES - How the data flows JPMC Innovation Week |

    2019

14. CYCLES - Data Packets JPMC Innovation Week | 2019 sign-in

    heartbeat location

15. EScooters JPMC Innovation Week | 2019

16. EScooters - How the data flows JPMC Innovation Week |

    2019 Bluetooth AMP Service RabbitMQ TCP/IP Device Zoomcar Apps TCP/IP Device Service

17. APPLICATIONS • Damage attestation / detection • Driver Behavior /

    Score • Asset Usage / Breakdown prediction • Charging Cycles • Range Prediction JPMC Innovation Week | 2019

18. Data Usage • Driver Score • Helps in reducing Insurance

    exposure • Challenges • Different terrains (elevations) • Traffic conditions (by time of day) • Road conditions • Geolocations • Predictive maintenance • Clutch usage • Battery levels JPMC Innovation Week | 2019

19. IETF Working Groups • IPWAVE (IP Wireless Access in Vehicular

    Environments) • SUIT (Software Updates for Internet of Things) JPMC Innovation Week | 2019

20. IPWAVE • Vehicular networking draft https://datatracker.ietf.org/doc/draft-ietf-ipwave-vehicular-networking/?include_text=1 • V2I, I2V and

    V2V communications and different between them • The use cases of V2I networking include navigation service, fuel-efficient speed recommendation service, and accident notification service. • The use cases of V2V networking include context-aware navigation for driving safety, cooperative adaptive cruise control in an urban roadway, and platooning in a highway. These three techniques will be important elements for self-driving vehicles. • The use cases for I2V networking are OTA updates, immobilization or global fleet route optimization JPMC Innovation Week | 2019

21. SUIT • Information Model for IoT devices • List different

    attacks possible and what should be contained in the metadata https://datatracker.ietf.org/doc/draft-ietf-suit-information-model/?include_text=1 • Types of Updates • For different types of update strategies https://datatracker.ietf.org/doc/draft-zhu-suit-automatic-fu-arch/?include_text=1 • Reference Update Architecture https://datatracker.ietf.org/doc/draft-ietf-suit-architecture/?include_text=1 JPMC Innovation Week | 2019

22. TYPES OF UPDATE • Client Initiated update (Poll Model) •

    Span of control with client • Negotiated Update • Co-ordinated between client and server • Server Initiated update (Push Model) • Useful for dump/non-critical devices • Forced Updates JPMC Innovation Week | 2019

23. THREAT MODEL FOR UPDATES • S.T.R.I.D.E • Spoofing Identity •

    Tampering Data • Repudiation • Information Disclosure • Denial of Service • Elevation of Privilege JPMC Innovation Week | 2019

24. FURTHER READING • IPWave - https://datatracker.ietf.org/wg/ipwave/about/ • SUIT WG -

    https://datatracker.ietf.org/wg/suit/about/ • DNS Rebinding attack - https://medium.com/@brannondorsey/attacking-private- networks-from-the-internet-with-dns-rebinding-ea7098a2d325 • Mirai Botnet - https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a- retrospective-analysis/ • Stride - https://docs.microsoft.com/en-us/previous-versions/commerce- server/ee823878(v=cs.20) JPMC Innovation Week | 2019

25. Q & A • [email protected] / [email protected] • Twitter @vinayakh

    • CREDITS • IoT Team @ Zoomcar – Vishal Ram, Nikhil B, Arushi Jain JPMC Innovation Week | 2019