# EVCS - Meeting 21 Feb ###### tags: `Telkomsel` [toc] :::info **Tasks** - [x] Explore more about QKD (Mechanism, deployment, etc.) - [x] Find out how cars in Indonesia is connected to internet. - [x] Assess vunerability in EV while in charge ::: ## Background  The automobile world is evolving towards vehicles that are more intensively connected to the internet. This poses cybersecurity concern that a threat actor could get unauthorized access to someone's car. This is a serious threat because this unauthorized access can pose a serious safety issues to the driver. ## What Makes EVs more Susceptible to Cyberattacks In electric car, the driving system is mostly controlled electronically using computers, meaning less mechanical involvement. Although this could make the energy efficiency better, computer involvement means there are possibility a threat actor can mess up with the driving system. This type control is generally known as **Drive by Wire** ## Possible Entry Points for Threat Actor ### **Physical Port in the Vehicle (Debug port)** This may differ from vehicle-to-vehicle, but if a vehicle has an easily accessible debug port, this port may be used to get an unauthorized access to the vehicle and alter the control scheme, thus poses a security and safety threat ### **Charging Port in the Vehicle** <img src="https://hackmd.io/_uploads/HyRxuG72T.jpg" width="500"/> Different port has different way on how they negotiate with the vehicle. This negotiation is used by the charger to determine how much power need to be delivered. This negotiation can be a vunerability point used by the threat actor if in the future manufacturers decide to improve the data exchange capability between the charger and the socket. Unauthorized access via charging is common in mobile phone, where a special device can inject malicious code while the phone is charging using that device. <img src="https://hackmd.io/_uploads/BkYi9fXnT.png" width="500"/> >Still need to know about how actually charger and car exchange data, can be done by finding the charger standard specification. Also need to know if the charge socket can access the car control unit, can be done by asking some car manufacturers. ### **Internet connection in the vehicle** <img src="https://hackmd.io/_uploads/H1fEfNX3a.png" width="500"/> Internet integration inside a car is quite common for this past serveral years, but it is only limited to the infotainment. Nowadays, internet and cloud integration has started to be used in the car control. When an electric vehicle is connected to a charger, it usually being set to automatically update the software so it needs to be connected to the internet. Because of this, there is a possibility a threat actor can get access from this entry point. In the future, when cars are autonomous and every car is connected to the internet, this possible security gap could posses a serious security threat to these cars. ## Quantum Key Distribution Mechanism Quantum key distribution utilizes the unique properties of quantum mechanical systems to generate and distribute cryptographic keying material using special purpose technology. ### BB84 Algorithm The core idea behind BB84 is to enable two parties, traditionally named Alice and Bob, to produce a shared, secret random key, which can then be used to encrypt and decrypt messages. The security of the key distribution is guaranteed by the laws of quantum mechanics, specifically the no-cloning theorem and the principle of quantum uncertainty. BB84 uses polarization of photon as a representation of binary digits, this polarization has two sets of types, rectilinear and diagonal each set containing two orthogonal polarization states that represent the binary digits 0 and 1. The sender (Alice) randomly chooses a base (rectilinear or diagonal) for each photon and encodes the bit value (0 or 1) according to that base. The receiver (Bob) also randomly chooses a base for each incoming photon to measure it. The security of the protocol relies on the Heisenberg uncertainty principle and the quantum no-cloning theorem, making it impossible for an eavesdropper to intercept and copy the information without introducing errors detectable by the sender and receiver. This allows them to establish a shared secret key that can then be used for secure communication. :::info **Limitations: (From [NSA](https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/#:~:text=Technical%20limitations&text=QKD%20does%20not%20provide%20a,keys%20to%20provide%20that%20authentication.))** **Cost and Deployment:** * QKD requires dedicated hardware and infrastructure, increasing costs and limiting integration with existing networks. * Trusted relays add further costs and potential insider threat risks. **Other Concerns:** * Denying service is a potential risk due to QKD's dependence on eavesdropper detection. ::: ### [Press Relase by SK Telecom](https://www.sktelecom.com/en/press/press_detail.do?idx=1579) <img src="https://hackmd.io/_uploads/HJ4OBKPn6.jpg" width="500"/> In this deployment diagram by proposed by SK Telecom, hybrid system is used where QKD is used in fixed line networks, this is due to QKD needs a fiber connection to operate, which is only applicable in fixed line networking. ### Implementation in the vehicle itself <img src="https://hackmd.io/_uploads/ByGOadY2a.png" width="500"/> ## References - [Quantum Key Distribution (QKD) and Quantum Cryptography (QC), by NSA](https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/) -