*** persia has quit IRC | 01:48 | |
*** persia has joined #automotive | 01:50 | |
*** Sisco has quit IRC | 03:23 | |
*** Sisco has joined #automotive | 04:41 | |
*** Sisco has quit IRC | 05:14 | |
*** Sisco has joined #automotive | 07:14 | |
*** Sisco has quit IRC | 07:48 | |
*** mdp has quit IRC | 10:27 | |
*** FelixH has quit IRC | 10:27 | |
*** KJS76 has quit IRC | 10:28 | |
*** Tartarus has quit IRC | 10:29 | |
*** malditoD_ has quit IRC | 10:30 | |
*** malditoDev has joined #automotive | 10:30 | |
*** malditoDev has quit IRC | 10:33 | |
*** malditoDev has joined #automotive | 10:34 | |
*** malditoD_ has joined #automotive | 10:46 | |
*** FelixH has joined #automotive | 10:47 | |
*** malditoDev has quit IRC | 10:47 | |
*** KJS76 has joined #automotive | 10:50 | |
*** mdp has joined #automotive | 10:50 | |
*** Tartarus has joined #automotive | 10:50 | |
*** gunnarx has joined #automotive | 11:54 | |
*** gunnarx has joined #automotive | 11:54 | |
*** Sisco has joined #automotive | 13:09 | |
*** gunnarx has quit IRC | 14:10 | |
*** ppeetteerr has joined #automotive | 14:36 | |
*** ppeetteerr has quit IRC | 14:37 | |
*** egy has joined #automotive | 14:38 | |
*** RzR has quit IRC | 14:40 | |
*** gunnarx has joined #automotive | 14:40 | |
*** gunnarx has joined #automotive | 14:40 | |
*** RzR has joined #automotive | 14:52 | |
*** gunnarx has quit IRC | 14:54 | |
*** RzR has quit IRC | 14:59 | |
*** RzR has joined #automotive | 15:00 | |
*** RzR has quit IRC | 15:08 | |
*** RzR has joined #automotive | 15:11 | |
*** RzR has quit IRC | 15:17 | |
*** RzR has joined #automotive | 15:26 | |
*** RzR has quit IRC | 15:30 | |
*** RzR has joined #automotive | 15:36 | |
*** Sisco has quit IRC | 15:37 | |
*** gunnarx has joined #automotive | 15:43 | |
*** gunnarx has joined #automotive | 15:43 | |
*** RzR has quit IRC | 15:45 | |
*** RzR has joined #automotive | 15:49 | |
*** gunnarx has quit IRC | 15:59 | |
*** RzR has quit IRC | 16:00 | |
*** gunnarx has joined #automotive | 16:03 | |
*** gunnarx has joined #automotive | 16:03 | |
*** RzR has joined #automotive | 16:08 | |
*** Sisco has joined #automotive | 16:12 | |
*** RzR has quit IRC | 16:16 | |
*** RzR has joined #automotive | 16:20 | |
*** RzR has quit IRC | 16:31 | |
*** RzR has joined #automotive | 16:34 | |
*** Sisco has quit IRC | 16:37 | |
*** Sisco has joined #automotive | 16:38 | |
*** egy has quit IRC | 16:41 | |
*** RzR has quit IRC | 16:44 | |
*** RzR has joined #automotive | 16:52 | |
*** jlrmagnus has joined #automotive | 17:05 | |
*** myself_ is now known as myself | 17:11 | |
*** RzR has quit IRC | 17:12 | |
*** RzR has joined #automotive | 17:21 | |
*** RzR has joined #automotive | 17:22 | |
*** egy has joined #automotive | 17:25 | |
*** Sisco has quit IRC | 17:26 | |
*** RzR has quit IRC | 17:30 | |
*** Sisco has joined #automotive | 17:33 | |
*** RzR has joined #automotive | 17:36 | |
*** RzR has quit IRC | 17:45 | |
*** RzR has joined #automotive | 17:46 | |
*** RzR has quit IRC | 17:54 | |
*** malditoDev has joined #automotive | 18:01 | |
*** RzR has joined #automotive | 18:02 | |
*** malditoD_ has quit IRC | 18:04 | |
*** Sisco has quit IRC | 18:05 | |
*** egy has quit IRC | 18:08 | |
*** Tartarus_ has joined #automotive | 18:09 | |
*** dl9pf_ has joined #automotive | 18:10 | |
*** Tartarus has quit IRC | 18:13 | |
*** dzen has quit IRC | 18:13 | |
*** dl9pf has quit IRC | 18:13 | |
*** jlrmagnus has quit IRC | 18:13 | |
*** jlrmagnus has joined #automotive | 18:13 | |
*** Tartarus_ is now known as Tartarus | 18:13 | |
*** RzR has quit IRC | 18:15 | |
*** RzR has joined #automotive | 18:18 | |
*** FelixH has quit IRC | 18:21 | |
*** RzR has quit IRC | 18:22 | |
*** RzR has joined #automotive | 18:25 | |
*** dzen has joined #automotive | 18:25 | |
*** jlrmagnus has quit IRC | 18:26 | |
*** jlrmagnus has joined #automotive | 18:26 | |
*** RzR has quit IRC | 18:36 | |
*** RzR has joined #automotive | 18:36 | |
*** FelixH has joined #automotive | 18:38 | |
*** RzR has quit IRC | 18:42 | |
*** RzR has joined #automotive | 18:48 | |
*** Sisco has joined #automotive | 18:56 | |
*** RzR has quit IRC | 18:56 | |
*** RzR has joined #automotive | 18:57 | |
*** RzR has quit IRC | 19:13 | |
*** RzR has joined #automotive | 19:15 | |
*** jlrmagnus has quit IRC | 19:23 | |
*** RzR has quit IRC | 19:26 | |
*** RzR has joined #automotive | 19:29 | |
*** Sisco has quit IRC | 19:31 | |
*** Sisco has joined #automotive | 19:32 | |
*** AlisonChaiken has quit IRC | 19:33 | |
*** wto has quit IRC | 19:33 | |
*** jukansan has quit IRC | 19:33 | |
*** Figure has quit IRC | 19:33 | |
*** paulsherwood has quit IRC | 19:33 | |
*** dabukalam has quit IRC | 19:34 | |
*** AlisonChaiken has joined #automotive | 19:34 | |
*** wto has joined #automotive | 19:34 | |
*** jukansan has joined #automotive | 19:34 | |
*** Figure has joined #automotive | 19:34 | |
*** paulsherwood has joined #automotive | 19:34 | |
*** dabukalam has joined #automotive | 19:34 | |
*** Sisco has quit IRC | 19:36 | |
*** RzR has quit IRC | 19:37 | |
*** RzR has joined #automotive | 19:39 | |
*** RzR has quit IRC | 19:47 | |
*** malditoDev has quit IRC | 20:13 | |
*** Sisco has joined #automotive | 20:21 | |
*** Sisco has quit IRC | 20:55 | |
*** malditoDev has joined #automotive | 20:56 | |
*** malditoD_ has joined #automotive | 21:01 | |
*** waltminer has joined #automotive | 21:02 | |
*** malditoDev has quit IRC | 21:05 | |
*** Sisco has joined #automotive | 21:20 | |
*** jlrmagnus has joined #automotive | 21:31 | |
*** waltminer has quit IRC | 21:39 | |
*** malditoD_ is now known as malditoDev_ | 21:52 | |
*** jlrmagnus has quit IRC | 22:12 | |
*** jlrmagnus has joined #automotive | 22:15 | |
jlrmagnus | Weekend hacking. | 22:15 |
---|---|---|
myself | is best hacking | 22:19 |
jlrmagnus | No pesky interrupts. | 22:19 |
jlrmagnus | persia, Thanks for your input on the update boot sequence. It will be a part of the GENIVI Software Management specification. | 22:20 |
persia | Cool, I am glad it was useful. | 22:21 |
jlrmagnus | It was. | 22:21 |
jlrmagnus | Running everything in initrd was a "duh" insight. | 22:21 |
persia | Secret for avoiding pesky interrupts: work at home at set your phone to silent in another room. | 22:22 |
jlrmagnus | Yeah, I wish. My daily schedule looks like a point-blank hit from a meeting shotgun. | 22:23 |
myself | Where our parents' generation used "taking the phone off the hook" to signifiy private-time, today it's "putting the phones in airplane mode".. alarms still go off, but outside traffic doesn't come in. :) | 22:24 |
jlrmagnus | Lately I've started booking meetings with myself to block out time. That seems to help. | 22:24 |
myself | that explains why I have so many meetings with jlrmagnus... | 22:24 |
jlrmagnus | And now I wonder who 'myself' is.... | 22:24 |
myself | oh I was just here to stalk some coworkers, just happen to have a nickname that exploits a pronoun-dereferencing vuln in the english parser ;) | 22:25 |
jlrmagnus | Hmm. | 22:25 |
myself | (I work for p3, but not the same location as DThiriez.) | 22:27 |
jlrmagnus | Oki. IC. | 22:27 |
jlrmagnus | Germany? | 22:28 |
myself | Detroit. :) | 22:28 |
jlrmagnus | Ok. I have no idea if P3 mothership is engaged with Genivi at all. | 22:28 |
jlrmagnus | I don't think you are members. | 22:28 |
myself | I'm more of a hardware guy, but stuff like the canbus firewall is within my ability to grasp from a software perspective. :) Stuff about build process and all that, not so much, but I lurk here in hopes that some of it soaks in anyway. | 22:29 |
jlrmagnus | Cool. | 22:29 |
jlrmagnus | The firewall is in testing right now. | 22:29 |
jlrmagnus | We'll wrap it up and try to orphan it off to the tools team in Genivi. | 22:29 |
jlrmagnus | We will test it in one of our vehicles first to see that it fulfills its specs. | 22:29 |
jlrmagnus | Speaking off. | 22:30 |
jlrmagnus | paulsherwood, Are you there? | 22:30 |
myself | generating the firewall rules must be entertaining | 22:30 |
jlrmagnus | If by entertaining you mean bitbangingly boring, then yes. | 22:30 |
jlrmagnus | I think we managed to nail most use cases, though. | 22:31 |
myself | yeah, mostly I was thinking "fraught with complications" | 22:31 |
jlrmagnus | Well. Hopefully the rule writer knows what he/she is doing and has the CAN database close at hand. | 22:32 |
myself | it's a little bit weird to me that canbus architectures are getting complicated enough that a firewall would be useful, but I guess they are. Ford's approach with putting it right behind the connector is sort of amusing. | 22:32 |
jlrmagnus | Just like any firewall, if you blow the rule chain you are toast. | 22:32 |
jlrmagnus | As gunnarx said: The firewall is a backward-looking solution to apply to existing architectures. | 22:33 |
jlrmagnus | New architectures will be segmented differently. | 22:33 |
jlrmagnus | I think that the actual security gateway has to be in the TCU with a very well secured, small-surface interface. | 22:35 |
jlrmagnus | Every session has to provide authentication and authorization from both ends, and every command has to be deeply inspected before passed on to the IVI. | 22:36 |
jlrmagnus | If you have access to the diagnostic port, then you have already gained access to the vehicle itself. | 22:36 |
jlrmagnus | Those hacks worry me much less than the OTA attacks. | 22:37 |
jlrmagnus | </rant> | 22:37 |
myself | Yeah, agreed. Physical access equates to full compromise. the TCU approach (and even the network provider) is where the effort should go. | 22:39 |
myself | Having the TCU only associate to a dedicated APN that isn't even internet-reachable is a great step, but also not an excuse to leave everything else wide open | 22:40 |
jlrmagnus | It would say it is a pretty basic step. | 22:40 |
myself | Well, assuming you're big enough to have your provider give you a dedicated APN. It's a mindset that's not obvious to folks who come from a hobby background and assume their provider hates them. ;) | 22:42 |
jlrmagnus | One additional layer is to have the carrier detect attack patterns in their network, and block those attempts before they hit the fleet with force. | 22:42 |
*** Sisco has quit IRC | 22:42 | |
jlrmagnus | APNs are cheap to provision. Even if you don't have it, simple firewall rules either in the TCU or, better, at the carrier will help immensely. | 22:42 |
myself | You're giving the carrier a lot of credit! | 22:43 |
jlrmagnus | Depends on the carrier... | 22:43 |
jlrmagnus | But yes, carriers do manage to mess up their own networks on a regular basis. | 22:43 |
FelixH | The problem with private APNs and counting on the carrier for security is that you need to manage that with a new carrier in every country | 23:01 |
*** gunnarx has quit IRC | 23:02 | |
jlrmagnus | There are MVNOs that handle that for you. | 23:02 |
jlrmagnus | However, carrier-provided security services should be seen as add-ons, not replacement for a good built-in security design. | 23:04 |
myself | Yeah, you don't want to count on it, but it's a nice defense-in-depth step. | 23:05 |
jlrmagnus | Agree | 23:05 |
jlrmagnus | In-network detection and prevention would valuable to stop a fleet-wide DDOS attack, though. | 23:05 |
FelixH | Mhhh, I'm not in the the discussions with carriers so I don't have the details. We currently use private APNs for our fleets but we're developing a solution that don't need it for its security (neither VPNs) because we can't get the same deals we have in Europe with all carriers. | 23:12 |
jlrmagnus | IC | 23:13 |
persia | The ideal solution assumes the carrier has been hacked and is now hostile. | 23:18 |
jlrmagnus | Yes. | 23:18 |
jlrmagnus | Don't trust anything that hasn't been signed by your root cert. | 23:18 |
persia | I prefer public keys to hierarchies, but minimally, yes. | 23:19 |
jlrmagnus | Self signed root cert that validates all device certs. One step, no CA. | 23:20 |
jlrmagnus | That's what we are aiming at with RVI. | 23:20 |
jlrmagnus | We also, this week, think that we managed to crack the self-provisioning problem. We will mail out a suggestion probably this coming week. | 23:22 |
persia | Using a cert to sign trusted cetts is reliable, but I fear an arch that involves client authentication: some jurisdictions require some software under some licensed to be more open | 23:23 |
jlrmagnus | We can do full CA chains, but have pushed off that decision to deployment. | 23:23 |
jlrmagnus | We use standard OpenSSL tools to validate certs. | 23:23 |
persia | One of the interesting test cases is try he Sahara problem: you order a vehicle: you have 20 minutes with your smartphone before you encounter your vehicle in the middle of the Sahara. Your task: unlock the doors and start then engine. | 23:25 |
persia | Full CA does not solve the client restriction issue or the assumption of bandwidth issue. | 23:25 |
jlrmagnus | Solved. | 23:27 |
jlrmagnus | By RVI. That is our key case. | 23:27 |
jlrmagnus | Talk with David about the unlock demo we did with P3 and Ericsson. | 23:28 |
jlrmagnus | However, I gotta go. | 23:28 |
jlrmagnus | L8r | 23:28 |
persia | To me, the validation solution is S to provide a public key to the vehicle, and have it use that to validate SotA updates. For driver authentication, hierarchies make more sense, but it requires a CA in the vehicle for clean transfer of ownership in an OEM-tranparent manner. | 23:28 |
persia | What is David's nic | 23:28 |
persia | K? | 23:28 |
persia | Have a good night. | 23:29 |
*** jlrmagnus has quit IRC | 23:32 | |
myself | persia: I think it's actually just dthiriez but I haven't seen him in here in a while. | 23:50 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!