天天射天天干天天透综合网,国产精品VA在线观看无码,夜夜嗨老熟女av一区,亚洲乱亚洲中文字幕,国产精品资源在线免费观看,91亚洲精品视频在线,欧美 在线 免费 不卡,193在线免费观看黄页网,欧美成人精品色午夜免费观看

汽車網(wǎng)絡(luò)安全已經(jīng)成為讓整個(gè)行業(yè)擔(dān)憂的問題之一。在2015年洛杉磯車展(Los Angeles Auto Show)中的互聯(lián)汽車展(Connected Car Expo)上，專家們針對這一問題列出了數(shù)項(xiàng)汽車行業(yè)應(yīng)當(dāng)采取的措施。密歇根大學(xué)(University of Michigan)交通運(yùn)輸研究所(Transportation Research Institute)研究科學(xué)家Andre Weimerskirch所舉的兩個(gè)例子，為汽車行業(yè)敲響了警鐘。

首先，最值得引起注意的汽車網(wǎng)絡(luò)攻擊事件，是吉普切諾基(Jeep Cherokee)被“黑”事件。2014年，兩名網(wǎng)絡(luò)安全專家Chris Valasek和Charlie Miller通過Sprint的網(wǎng)絡(luò)入侵了一輛吉普切諾基的UConnect信息娛樂系統(tǒng)，并最終導(dǎo)致菲亞特克萊斯勒（Fiat Chrysler Automobiles，簡稱FCA）對多款車型進(jìn)行了安全召回。在本次事件中，這兩名“黑客”與車輛之間并無物理連接。目前，這兩人都就職于優(yōu)步(Uber)的高級(jí)技術(shù)中心(Advanced Technology Center)，能夠利用該中心的技術(shù)手段遠(yuǎn)程啟用或停用剎車，甚至關(guān)閉車輛發(fā)動(dòng)機(jī)和改變行駛方向。

第二個(gè)例子是美國前進(jìn)保險(xiǎn)(Progressive Insurance)公司的加密狗(dongle)被“黑”事件。Digital Bond Labs實(shí)驗(yàn)室安全研究員Corey Thuen聲稱，已通過逆向工程(Reverse-engineering)入侵了美國前進(jìn)保險(xiǎn)(Progressive Insurance)公司的加密狗（dongle），并可限制其部分功能，這一事件暴露了該加密設(shè)備的脆弱性。據(jù)了解，這款加密狗（dongle）設(shè)備來自Xirgo Technologies公司，可以監(jiān)測駕駛員的駕駛習(xí)慣并通過網(wǎng)絡(luò)進(jìn)行上報(bào)，保險(xiǎn)公司會(huì)評估該裝置收集的信息，并據(jù)此調(diào)整車主的保費(fèi)。

“一切都能被黑” 

Weimerskirch表示，這還僅僅只是兩個(gè)例子，“我們幾乎可以入侵任何設(shè)備。”他向大家陳述了一個(gè)可怕的事實(shí)：熟悉IT技術(shù)的攻擊者僅需了解一丁點(diǎn)車輛知識(shí)，就可以開始攻擊汽車。

凱迪拉克(Cadillac)已經(jīng)宣布，公司將為旗下2017年款CTS配備V2V車間通信功能。此時(shí)，對整個(gè)行業(yè)而言，應(yīng)對汽車網(wǎng)絡(luò)安全問題已經(jīng)刻不容緩，因?yàn)槠渌a(chǎn)商也有與凱迪拉克類似的計(jì)劃。但Weimerskirch指出，對汽車網(wǎng)絡(luò)安全的擔(dān)憂，不應(yīng)僅限于車輛與智能手機(jī)和電腦間的電子通訊范圍內(nèi)。他指出：“汽車安全非常難以保證，這是因?yàn)檐囕v是一件非常復(fù)雜的產(chǎn)品，擁有成千上萬個(gè)零部件，而且這些零部件還來自成百上千個(gè)不同的供應(yīng)商。”

Weimerskirch表示，當(dāng)然汽車行業(yè)也在不斷從其他行業(yè)吸取經(jīng)驗(yàn)，但目前還沒有可以直接拿來使用的網(wǎng)絡(luò)安全解決方案。企業(yè)級(jí)的IT解決方案采用的是大型運(yùn)營商所提供的硬件和控制軟件，因而網(wǎng)絡(luò)安全是可以保證的，但接入網(wǎng)絡(luò)后的汽車安全性尚未得到保障，也還未能滿足移動(dòng)應(yīng)用的需要。監(jiān)控與數(shù)據(jù)采集系統(tǒng)（Supervisory Control and Data Acquisition，簡稱SCADA）可以進(jìn)行工業(yè)控制，接入網(wǎng)絡(luò)后的設(shè)備安全性已有保障，但也尚未進(jìn)入移動(dòng)應(yīng)用階段。他說，智能手機(jī)，特別是iPhone已經(jīng)開發(fā)了一些相關(guān)解決方案，但這些解決方案并不是專門針對提高安全性的。 “盡管如此，iPhone的確有很多措施是非常合理的。” Weimerskirch說。

據(jù)Weimerskirch介紹，大約15年前，研究人員就發(fā)現(xiàn)，經(jīng)過正規(guī)驗(yàn)證過的源代碼和接口，可以構(gòu)成更加穩(wěn)健的電子架構(gòu)。他們那時(shí)就看到了其中的價(jià)值，但時(shí)至今日，缺仍然無法使用這些電子架構(gòu)。

通過融合技術(shù)提升可信度

Weimerskirch說，自動(dòng)駕駛技術(shù)可將各種各樣的雷達(dá)傳感器、攝像頭和無線連接技術(shù)帶上汽車行業(yè)的舞臺(tái)。他在論壇上表示，所有這些裝置都可能被“黑”，區(qū)別是無線連接最容易，而攝像頭最困難。雖然攝像頭可以被遮住，但其圖像卻無法被偽造。而激光雷達(dá)和雷達(dá)傳感器被“黑”的難度處于兩者之間。  

Weimerskirch還說，因此我們必須采取措施，提升無線連接、傳感器和攝像頭的安全性，并將這些裝置融合到一個(gè)系統(tǒng)中，保證其可信度處于可以接受的范圍內(nèi)。這可能意味著車輛的部分功能將被暫時(shí)限制，直到系統(tǒng)的安全級(jí)別達(dá)到一定水平后，才能繼續(xù)發(fā)展。

需要開設(shè)汽車網(wǎng)絡(luò)安全專業(yè)

就職于AutoImmune咨詢公司的Karl Heimer是密歇根州的網(wǎng)絡(luò)安全顧問之一，他認(rèn)為，保證車輛的網(wǎng)絡(luò)安全離不開對人才的培養(yǎng)。目前，汽車業(yè)內(nèi)還沒有汽車網(wǎng)絡(luò)安全工程方面的專業(yè)人員，因?yàn)楦揪蜎]有這個(gè)專業(yè)。Heimer說，我們必須開設(shè)相關(guān)專業(yè)，并且，這個(gè)專業(yè)的畢業(yè)生應(yīng)當(dāng)擁有硬件和電子工程的背景、具備計(jì)算機(jī)科學(xué)方面的知識(shí)，并且了解汽車的運(yùn)作方式。

他還補(bǔ)充說，這個(gè)專業(yè)的學(xué)生還應(yīng)在整車廠、供應(yīng)商或網(wǎng)絡(luò)安全公司進(jìn)行實(shí)習(xí)。“天天與生產(chǎn)商、開發(fā)商呆在一起，根本無法了解黑客是如何進(jìn)行攻擊的。”因此，學(xué)生們必須多了解真正發(fā)起攻擊的那些人。設(shè)置這個(gè)專業(yè)的最終目的，是為整車廠輸送能夠進(jìn)行研發(fā)工作，或能夠勝任評估/質(zhì)保工作的網(wǎng)絡(luò)安全人員。

Heimer指出，每家整車廠和供應(yīng)商都有不同需求，因此也應(yīng)采取不同的措施，但密歇根州經(jīng)濟(jì)發(fā)展公司(Michigan Economic Development Corp.)正在嘗試開發(fā)一套所有大學(xué)都能采用的通用基礎(chǔ)培訓(xùn)課程。

新提議、新政策

在SAE年度Battelle Cyberauto Challenge研討會(huì)上，專家們一致認(rèn)為，網(wǎng)絡(luò)安全教育領(lǐng)域的機(jī)會(huì)正在不斷增加。這一研討會(huì)為期5天，與會(huì)人員在這一平臺(tái)上探討了汽車領(lǐng)域的最新趨勢。下一屆會(huì)議將在2016年7月25日到29日舉行。

David Strickland是一位律師，曾擔(dān)任美國國家高速公路安全局（NHTSA）局長。他指出，目前立法者已經(jīng)開始就2015年的SPY Car Act法案展開討論。據(jù)了解，該法案要求車輛必須“合理”采取包括入侵檢測在內(nèi)的多項(xiàng)措施，保護(hù)自身不受網(wǎng)絡(luò)攻擊侵害。當(dāng)然，國會(huì)并不知道具體該怎么辦，因此，這項(xiàng)工作自然落到了NHTSA和聯(lián)邦貿(mào)易委員會(huì)(Federal Trade Commission)肩上。

David Strickland還同時(shí)提到了剛剛成立的Auto ISAC，即汽車信息共享分析中心（Information Sharing and Analysis Center）。Strickland稱，該中心的成立是汽車行業(yè)成員為互通網(wǎng)絡(luò)威脅信息而邁出的第一步，這里說的行業(yè)成員既包括汽車制造商，也包括供應(yīng)商。

目前，整車廠使用的是獨(dú)立的測試方法和設(shè)備，與會(huì)專家對此提出了擔(dān)憂，因?yàn)檫@些裝置可能通過車輛的CAN總線或信息娛樂系統(tǒng)的無線網(wǎng)絡(luò)接入汽車，給黑客提供攻擊的機(jī)會(huì)。

安全對功能的影響

Weimerskirch表示，我們必須依靠設(shè)計(jì)手段來保證安全，而不能直接封鎖接入信息娛樂系統(tǒng)的信息入口，其他與會(huì)專家也同意這一點(diǎn)，“我們知道該怎么做。”Heimer補(bǔ)充說，我們不能靠隱藏診斷所需數(shù)據(jù)包的內(nèi)容來抵御網(wǎng)絡(luò)攻擊，而是應(yīng)當(dāng)通過設(shè)計(jì)手段，保證數(shù)據(jù)包的內(nèi)容不被篡改、所含的指令不被攔截。

與會(huì)專家均認(rèn)為，由于網(wǎng)絡(luò)安全方面仍存在隱患，車輛的部分功能目前還無法發(fā)揮最佳效果。Weimerskirch舉例說，如果無線網(wǎng)絡(luò)被“黑”，馬路上行駛的汽車之間就必須保持更大的車距，因?yàn)榇藭r(shí)系統(tǒng)必須重新從雷達(dá)和攝像頭讀取數(shù)據(jù)，并且需要進(jìn)行道路上的實(shí)時(shí)調(diào)整。Heimer補(bǔ)充說，車主能夠下載的內(nèi)容也會(huì)受到限制，“不能指望整車廠”為車主下載行為所帶來的全部風(fēng)險(xiǎn)買單。

發(fā)言人承認(rèn)，為了提升車輛抵御網(wǎng)絡(luò)威脅的能力，通過“無線傳輸(over-the-air)”進(jìn)行的軟件升級(jí)必不可少。他們指出特斯拉(Tesla)的“空中升級(jí)”做法，比向車主郵寄閃存盤來進(jìn)行軟件更新要好得多。目前已有其他生產(chǎn)商表達(dá)了轉(zhuǎn)向“空中升級(jí)”的意向。

作者：Paul Weissler
來源：SAE《汽車工程雜志》
翻譯：SAE上海辦公室

Cyber security issues, need for college curriculum raised at Connected Car Expo

Automotive cyber security is moving to the front of the line of industry concerns, and panelists at the recent 2015 Los Angeles Auto Show's Connected Car Expo outlined approaches that the industry should take. A pair of loud wake-up calls were cited by Andre Weimerskirch, a research scientist at the University of Michigan's Transportation Research Institute.

The most noteworthy auto cyber hack was a project by Chris Valasek and Charlie Miller, now researchers at Uber Advanced Technology Center, in which they remotely could apply or disable the brakes, even kill the engine and affect steering. Their work, applied to a 2014 Jeep Cherokee, through the UConnect infotainment system with Sprint cellular, led to a Fiat Chrysler Automobiles safety recall on a wide range of models. The control was exercised without physical access to the vehicle itself.

Still another security researcher, Corey Thuen of Digital Bond Labs, claimed he had reverse-engineered the Progressive Insurance dongle, and performed limited functions that indicated it was vulnerable. The dongle, supplied by Xirgo Technologies, monitors driving patterns, reports via cellular, and the information is used to adjust policy rates.

"Hack into everything" 

Those were just examples, Weimerskirch said, adding, "we can hack into pretty much everything that's out there." A fearsome issue he cited: an attacker just needs a tiny bit of automotive background because, assuming familiarity with enterprise IT, he/she can hit the car.

Cadillac's announcement that it will introduce V2V (vehicle-to-vehicle) communication on the 2017 CTS gives a sense of urgency within the industry, as the rest of the industry is preparing to do the same. But, he pointed out, the car raises concerns beyond electronic communication via smartphones and computers. Weimserskirch noted three primary issues: "safety, a super complex supply chain with hundreds of suppliers, and a complex product—the car with thousands of components."

The auto industry, of course, is looking at what other industries are doing, Weimerskirch said, but there is no other application in which the auto industry could just adapt its cyber security solutions. Enterprise IT, which deals with the hardware and control software systems used by large operations, must be cyber-secure, but it doesn't involve the same level of safety or mobile use. SCADA (Supervisory Control and Data Acquisition) deals with industrial controls, so safety is involved, but not mobile use. Smartphones, he said, particularly the iPhone, has developed relevant solutions, but not in the area of safety.  "However, [the] iPhone does a lot of stuff right," he added.

Some 15 years ago, Weimerskirch continued, researchers saw the value of more resilient electronic architectures with formally verified source code and interfaces, and today we're still not using them."So let's start," he urged.

Fusing to raise confidence level 

The move to autonomous driving, he said, will bring in use of various types of radar sensors, cameras, and wireless. Each can be hacked, with wireless the easiest and cameras the hardest. Although cameras can be blinded, their images can't be forged. Lidar and radar sensors are somewhere in between, he told the forum.  

So the approach, Weimerskirch continued, must be to take the security levels of wireless, sensors, and cameras, and fuse them into a system that raises the total confidence level to an acceptable perch. That is likely to mean that some features will have to be limited until the security level can be made high enough.

Cybersecurity curriculum 

This work will require trained talent, observed Karl Heimer of AutoImmune, a cyber security consultant to the State of Michigan. There are no cybersecurity engineering degree graduates, because there is no degree program in the subject. A curriculum is needed, he said, including a good background in hardware/electrical engineering, education in computer science, and how automobiles work.

The degree program, he added, also should include internships at either an OE manufacturer or supplier and a hacking company. "You don't get to understand how break-ins occur by being with a maker or developer," he said.  So the interns have to live with the people who actually do the hacking. The objective is for the OE to end up with cyber security people who can work in development or assessment/quality assurance.

He noted that each OE maker and supplier has different needs and therefore likely different approaches, but the Michigan Economic Development Corp., working in curriculum development, is trying to establish a common base that colleges can adopt.

New initiatives, legislation 

Cyber security education opportunities are proliferating, the panelists agreed, pointing to the annual SAE Battelle Cyberauto Challenge, a five-day workshop to identify trends in the field (the next is July 25-29, 2016)

David Strickland, an attorney who once headed NHTSA, noted that legislators already are in the fray, with the SPY Car Act of 2015 requiring vehicles to be "reasonably" equipped to protect against hacking, including intrusion detection systems. Naturally, Congress doesn't know how to do this, so it assigns the job to NHTSA and the Federal Trade Commission.

He also pointed to Auto ISAC (Auto Information Sharing and Analysis Center), a consortium which has just gone live. Strickland described it as a foundational step to share information about cyber threats among industry members, who include carmakers and suppliers.

Forum attendees expressed concern about the possible effect of OE cyber security measures on the access of independent mechanics and their test equipment to the vehicle's CAN (Controller Area Network) buses, which also are entry points, via infotainment systems' wireless, for hackers.

Security effect on features 

Weimerskirch said security, therefore, must be by design, not by obscurity (denying access to the information); "we know how to do that." The other panelists agreed.Heimer added that it should not be necessary to hide the contents of a packet needed for diagnosis, and secure design would prevent it from being changed or the command it contains not going through.

Cyber security is likely to affect the maximum performance of some features, the panelists agreed. Weimerskirch said, for example, that the distance maintained between a roadway line of cars might have to be increased because if the wireless were hacked, the system would have to fall back on readings from radar and camera with on-board adjustments.  Heimer added that car owners might have to be limited in what they can download; "you can't burden an OE" with the threats of any download choice the driver makes.

To improve vehicle protection against cyber threats, "over-the-air" software updates are essential, the speakers conceded, pointing to Tesla's success in that area as a superior approach to sending out flash drives for owners to use. Other makes have indicated their future intentions to do the same.