The connected car design must begin with an intelligent security architecture in order to eliminate potential vulnerabilities, protecting the in-car network from would-be hackers.
Cars aren’t built the way they used to be—not on the outside nor on the inside. Car manufacturers have semi-seamlessly transitioned some mass produced car exteriors from steel to aluminum—a lighter yet more costly alternative, and even, in some cases to plastic—a more modern, easy-to-work, recyclable material.
But what’s really changing, even more so than the outside of vehicles, are the insides, or the “brains” of the vehicle. Car manufacturers have been making major technological advancements, pushing the definition of the “connected car” to a whole new level.
Ever-Increasing Connectivity
According to Harlan Parrott, Director, Consulting Services for Cisco Security Solutions, “Consumers are demanding ever-increasing features and connectivity, including things like remote start, 4G connectivity, constant access to media and entertainment, and other such functions.”
And he’s pretty much spot on. Consumers, as a whole, are more demanding than ever when it comes to advanced technology—and they’re not stopping at the smartphone. They (we), want everything connected—our smartphones, computers, homes, cars, you name it.
However, as we know with every new advancement, there are design and security issues that must be addressed. “In-car networks are being designed in and deployed to connect multiple systems, often on shared high-bandwidth infrastructures. These networks, and the growing number of devices that connect to them, also require diagnostics and service through external interfaces. This creates a potential vulnerability to attack that has many concerned, and is driving automakers to seek new ways to ensure the security of the connected car,” says Ali Abaye, Senior Director of Automotive at Broadcom Corporation.
And the potential security issues are pretty transparent now, thanks to a couple of recent bumps in the road. From professional hackers demonstrating the vulnerabilities of unsecured connected vehicles to other high profile attacks, it has become very apparent to automakers, OEMs, IoT developers, as well as consumers, that securing hi-tech vehicles is a concern that must be addressed sooner than later.
To give you a little feel for the vulnerabilities—imagine driving down the road and, without touching a thing, the radio volume begins to blare, your windshield wipers hit full speed, and—the most alarming—your steering wheel is being controlled by someone or something else. Now imagine if the car brakes begin to pump, or worse, the car begins to accelerate at speeds beyond the limit, and it’s all out of your control. This is the cold, scary reality of driving an unsecured connected car.
Now, of course, consumers still want the technological advancements, the so-called “network on wheels,” that will make things much quicker and easier, offering drivers and passengers a seamless electronics experience that connects them to their personal devices and data while on the road. What they don’t want are the scary attacks. We need to abolish the potential vulnerabilities, protecting the in-car network from would-be hackers. That’s where car manufacturers, in collaboration with organizations, including hardware and software companies, are focusing the majority of their time—in an effort to fully secure our future connected vehicles.
Weighing the Security Options
Developers need to know and understand all of the potential security vulnerabilities, in order to make intelligent security integration decisions. This can be accomplished by an early-on comprehensive risk evaluation. After this is established, the developer can begin to weigh the options.
One security option that may come as a surprise to some is the use of Ethernet. “Ethernet is increasingly being deployed in in-car networks, driven by its high bandwidth, price-performance, and ubiquity, with specific variants now widely available for automotive use,” says Abaye.
Typically, Ethernet has been used in IT networks for security protection. Plus, it is supported by a broad set of standards, which could be beneficial and successful if deployed in automobiles. “With automotive Ethernet already on the road today, it is well on its way to proving to automakers that is has what it takes to fully secure the connected car,” says Abaye.
Because vehicle in-car networks are generally static and predictable, Ethernet would allow for careful network design and configuration to further secure the network. Ethernet gives designers the ability to tightly configure and constrain the design of the in-car network. It uses a standard packet format, which includes a source and destination address, a Virtual LAN (VLAN) tag, and a Frame Check, which provides a basic level of authentication, isolation, and data integrity.
“There are ways to filter or limit the scope of traffic in Ethernet switches and thereby, protect it from attack; namely VLANs and Access Control Lists (ACLs). VLANs isolate different traffic types on the shared physical network so that devices are only allowed to talk to other devices within their domain. ACLs define precisely configured match-action rules for packet forwarding that specify which stations can transmit, and where their traffic is allowed to go,” says Abaye.
In addition, Ethernets rich set of statistics standards enable anomaly monitoring in software. Standards can help strengthen in-car network security via authentication. For Ethernet in particular, 802.1x is a standard that defines a standardized means of passing Extensible Authentication Protocol (EAP) frames over a LAN.
“This makes it possible to robustly authenticate a device’s security credentials as valid prior to its being allowing entry on to the vehicle network. This can guard against spoofing attacks, whereby packet properties (such as Source MAC address) can otherwise be corrupted by a rogue device,” says Abaye.
Ethernet isn’t the only security solution being addressed in the market. “Hardware security modules (secure chips) installed in critical electronic control units (ECUs) allow the secure storage of cryptographic keys and enable ECUs to strongly (cryptography-wise) carry secure operations, such as message authentication and integrity checks,” says Parrott.
Additional security options include, “hardware isolation between open and critical ECUs in the car with the deployment of a central gateway ECU; standards, guidelines, and secure coding and hardening, minimizing the attack surface of open systems (such as the infotainment system); software segregation between safety-critical and “open” process within the infotainment/telematics system, using hypervisor technology; intrusion and anomaly detection/prevention systems both for IVI and the internal traffic; moving into advanced vehicle architecture and network (e.g. using CAN-FD that can carry MACs); SOC at the headend/IT allowing further investigation and response to security threats; and securely carrying over-the-air updates as a means to fix vulnerabilities within vehicles on the road,” says Parrott.
No matter what option automakers decide to integrate, security must be addressed at the start of the development phase. It is imperative to provide consumers with successful, trustworthy connected cars. And this trust must be integrated in the hardware and software layers from the beginning of the design. Doing so will ensure that, down the road, control of the wheel always remains entirely in your hands.