• ABOUT US
    • PRIVACY POLICY
  • BLOG
  • ADVERTISING & SPONSORSHIP
  • SUBSCRIBE
  • Follow
  • HOME
  • VIDEO
  • WEBINARS
  • V2X LIVE EVENTS
  • V2X VIRTUAL DEMO DAYS
  • The V2X E-Book
  • V2X NEWS
    • V2X TEST & PILOT PROGRAMS
    • V2X INSIGHT & OPINION
  • WHITE PAPERS & REPORTS
    • What is V2X?
    • ACRONYMS

Three Major Dimensions in Connected Car Security

Feb 7, 2019 | V2X Recent News

by Majeed Ahmad, contributing writer
Original Article Posted Here

Smart cars can reduce traffic congestion, and more importantly, prevent fatal accidents. At the same time, however, more connectivity and internet-enabled services open further attack vectors in modern vehicles. So, while the integration of connected systems with vehicle controls has fundamentally changed the notion of vehicle safety and security, car OEMs and Tier 1 firms are still catching up with the relentless pace of innovations in the connected car realm.

In hindsight, the car hacking saga that forced Chrysler to recall 1.4 million vehicles served as a wake-up call for the automobile industry. In 2015, computer security researchers Charlie Miller and Chris Valasek were able to stop a Jeep Cherokee on Interstate 64 in Missouri, by hacking its internet-connected infotainment system.

Miller and Valasek were able to send commands to the engine and wheels through the CAN bus that carries information between the vehicle’s various electronic control units (ECUs) handling adaptive cruise control, electronic brakes, and control of the steering. The incident became a turning point for the automobile industry, which so far, had been reluctant to invest in security simply because consumers were not willing to pay for the security electronics.

Carmakers are now significantly more sensitive to a host of new security threats that are intertwined with data connections inside and outside of vehicles. That inevitably calls for a multi-pronged security approach to protect multiple networks both inside and outside of the car.

Let’s begin with securing a car’s communications with the outside world that is largely manifested in the vehicle-to-everything (V2X) technology that encompasses vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-pedestrians (V2P) communications.

1. Vulnerabilities Outside of the Vehicle

All V2X stations—on-board unit (OBU) in vehicles as well as roadside units (RSU)—rely on public key infrastructure (PKI) defined in the IEEE 1609.2 protocol based on dedicated short-range communications (DSRC) technology. The security architecture in the DSRC standard assigns and distributes certificates to authorize data exchange and safeguard data privacy.

But V2X communications is a work in progress, and we won’t see many V2X-equipped vehicles before 2020. So, while automotive designers are building security into V2X systems, there are two fundamental approaches currently used to incorporate security into the networked vehicle systems.

First, chipmakers like NXP and Infineon are adding security engines to their automotive MCUs to check the authenticity of over-the-air (OTA) software updates and prevent malware from infiltrating the vehicle. Second, MCU suppliers like Microchip are offering low-cost co-processors that assign certified and trusted identities to automotive subsystems for protection against threats such as spoofing and distributed denial-of-service (DDoS) attacks.

The specialize chips, like ATECC506A, offload security features from the main processor, and don’t require the hardware security module (HSM)-related authentication keys, distribution infrastructure, and logistics.

Then, at the junction of external communications and in-car networking, automotive MCUs are providing the gateway functionality for vehicle ECUs, while securing the OTA updates. Take, for instance, STMicro’s new Chorus microcontroller, SPC58NH92x, which incorporates HSM functionality to secure remote updates as well as in-vehicle networking. It features two Ethernet ports as well as 16 CAN-FD and 24 LINFlex interfaces.

And that brings us to the next frontier in the quest to secure connected cars: in-vehicle networking.

2. CAN Overhaul Inside the Vehicle

The Miller and Valasek hacking saga, which woke up the automobile industry from its security slumber, was more about CAN bus vulnerabilities than anything else. The truth is that the CAN bus, developed during the early 1990s, was never meant to provide security.

Later, CAN bus architects developed mechanisms like message authentication code (MAC), which employs encryption and complex key authentication process. However, it also increases compute load on the CAN bus, leading to message latency and delays, as well as more power draw. In short, The MAC-centric approach significantly raises the processing load on CAN controllers, and makes the CAN bus communications rather inefficient.

NXP Semiconductor claims to have found a solution around this design conundrum, without modifying the software in CAN controller for adding the MAC functionality. The Dutch chipmaker has unveiled a CAN transceiver that facilitates logging and reporting of security incidents on the bus, invalidating the message with an active error flag, while temporarily disconnecting the local node from the CAN bus.

If an ECU attempts to send a message which is not assigned to it, the secure CAN transceiver declines to transmit it on the bus. Likewise, on the receiver side, if a rogue ECU manages to send a message, the TJA115x CAN transceiver (Figure 3) can invalidate the message after comparing it with the CAN message ID originally assigned for transmission. Moreover, if no cyber incident is detected, it behaves like a standard CAN transceiver.

TJA115x employs a crypto engine that circumvents the processing load, bandwidth overhead, and communication delays. The transceiver chip also provides tamper protection and defense against efforts to flood the CAN bus by regulating the number of messages sent from an ECU at a given time.

3. Securing a Car’s Software Labyrinth

Today, a high-end car comprises more than 100 million lines of code, which surpasses the aggregate amount of software code in the space shuttle, Boeing 787 Dreamliner, and Microsoft Office. Software complexity will skyrocket with the automobile industry’s move toward self-driving cars.

The rise in the number of OTA software patches and updates is the first major challenge. Software solutions like secure bootloaders facilitate the authentication of updates via the air interface and the corresponding real-time diagnostics.

Then, there are embedded operating system (OS) solutions that partition safety-critical applications like collision warning from non-safety-critical services, such as real-time traffic updates. Hypervisors create virtual software containers that act as a traffic cop, for instance, making sure that infotainment and instrument cluster systems don’t interfere with each other.

Beyond the domain separation that secures the execution of sensitive code, automotive engineers are also carrying out the hardening of safety-critical applications running on OS and other embedded software platforms. Add to this the secure coding practices and solutions like firewalls that can thoroughly examine the software code.

BlackBerry, the supplier of QNX OS-based platforms for automotive designs, has recently launched a cloud-based tool that scans software in connected cars and identifies security flaws within minutes. Software tools, like Jarvis, allow automotive engineers to ensure that their code complies with the connected car’s security requirements.

Multi-Pronged Vehicle Security

Connected car security isn’t a single-track horse. It demands a multi-layered security approach encompassing both hardware and software components. The good news is that there are pre-configured design options that simplify the otherwise complex security implementations. For example, there are design kits that bypass the need for in-house security expertise.

Time is also on the automotive industry’s side. So far, most car hacking events have been demonstrated by IT security experts, not actual hackers with malicious intentions. So, it’s about time that automotive OEMs and Tier 1s get their act together in securing connected cars.

V2XFollow

V2X
Retweet on TwitterV2X Retweeted
Nand & Nor@NandnNor·
24 Feb

The Digitalization of transport is expected to impact the mobility of the future. The communication needed can be summed under the umbrella term of Vehicle-to-Everything.

@WevolverApp http://bit.ly/2N4rOSH rt @antgrasso #V2X #AutonomousVehicles #IoT

Reply on Twitter 1364435679111880704Retweet on Twitter 13644356791118807041Like on Twitter 13644356791118807041Twitter 1364435679111880704
Retweet on TwitterV2X Retweeted
ITS America@ITS_America·
26 Feb

While driving is down, fatalities aren’t seeing a parallel drop – yet another reason to deploy #V2X technologies, which significantly reduce crashes. https://cms8.fhwa.dot.gov/newsroom/us-driving-last-year-was-lowest-two-decades-new-data-show

Reply on Twitter 1365376357828550657Retweet on Twitter 13653763578285506572Like on Twitter 1365376357828550657Twitter 1365376357828550657
Retweet on TwitterV2X Retweeted
5G Automotive Association (5GAA)@5GAA_official·
2 Mar

5GAA aims to put #V2X in the list of technologies contributing to the @EU_Commission #GreenDeal, said @maximeflament.

"We believe more connected mobility through #CV2X can lower CO2 emissions. The use of C-V2X could enhance the sustainability of our roads." #FutureTransportEU

Reply on Twitter 1366716759894556678Retweet on Twitter 13667167598945566784Like on Twitter 13667167598945566788Twitter 1366716759894556678
Retweet on TwitterV2X Retweeted
Andreas Schaller@AndreasSchaller·
21 Feb

What was hot in #connected car last week ? #automated #electrified #connected http://www.andreas-schaller.de/ #iot #connectedcar #mobility Special Thanks to @V2XAmericas @timwieland @IoTNowTransport #connected #automotive

Reply on Twitter 1363521027343589377Retweet on Twitter 13635210273435893771Like on Twitter 1363521027343589377Twitter 1363521027343589377
V2X@V2XAmericas·
17 Feb

ATSC 3.0 shows potential for car connectivity | what this means for #V2X #ConnectedCar #SmartMobility #5G https://www.lightreading.com/opticalip/atsc-30-shows-potential-for-car-connectivity-/d/d-id/767373#.YC2C26BwcCQ.twitter

Reply on Twitter 1362144081002913792Retweet on Twitter 1362144081002913792Like on Twitter 1362144081002913792Twitter 1362144081002913792
Load More...

Contact Us:

General Inquiries:
Tim Downs
tdowns@smartgigmedia.com
949-235-8985

Key Words

3GPP 5.9 Ghz 5G Auto-Talks Automation C-V2X Connected Vehicle connected vehicles DSRC Ericsson FCC Intelligent Transportation ITS KOTSA panasonic Samsung spectrum Telematics Toyota V2X Volvo

V2X on Social

V2XFollow

V2X
Retweet on TwitterV2X Retweeted
Nand & Nor@NandnNor·
24 Feb

The Digitalization of transport is expected to impact the mobility of the future. The communication needed can be summed under the umbrella term of Vehicle-to-Everything.

@WevolverApp http://bit.ly/2N4rOSH rt @antgrasso #V2X #AutonomousVehicles #IoT

Reply on Twitter 1364435679111880704Retweet on Twitter 13644356791118807041Like on Twitter 13644356791118807041Twitter 1364435679111880704
Retweet on TwitterV2X Retweeted
ITS America@ITS_America·
26 Feb

While driving is down, fatalities aren’t seeing a parallel drop – yet another reason to deploy #V2X technologies, which significantly reduce crashes. https://cms8.fhwa.dot.gov/newsroom/us-driving-last-year-was-lowest-two-decades-new-data-show

Reply on Twitter 1365376357828550657Retweet on Twitter 13653763578285506572Like on Twitter 1365376357828550657Twitter 1365376357828550657
Retweet on TwitterV2X Retweeted
5G Automotive Association (5GAA)@5GAA_official·
2 Mar

5GAA aims to put #V2X in the list of technologies contributing to the @EU_Commission #GreenDeal, said @maximeflament.

"We believe more connected mobility through #CV2X can lower CO2 emissions. The use of C-V2X could enhance the sustainability of our roads." #FutureTransportEU

Reply on Twitter 1366716759894556678Retweet on Twitter 13667167598945566784Like on Twitter 13667167598945566788Twitter 1366716759894556678
Retweet on TwitterV2X Retweeted
Andreas Schaller@AndreasSchaller·
21 Feb

What was hot in #connected car last week ? #automated #electrified #connected http://www.andreas-schaller.de/ #iot #connectedcar #mobility Special Thanks to @V2XAmericas @timwieland @IoTNowTransport #connected #automotive

Reply on Twitter 1363521027343589377Retweet on Twitter 13635210273435893771Like on Twitter 1363521027343589377Twitter 1363521027343589377
V2X@V2XAmericas·
17 Feb

ATSC 3.0 shows potential for car connectivity | what this means for #V2X #ConnectedCar #SmartMobility #5G https://www.lightreading.com/opticalip/atsc-30-shows-potential-for-car-connectivity-/d/d-id/767373#.YC2C26BwcCQ.twitter

Reply on Twitter 1362144081002913792Retweet on Twitter 1362144081002913792Like on Twitter 1362144081002913792Twitter 1362144081002913792
Load More...

Join the V2X Community

  • Twitter

Designed by Elegant Themes | Powered by WordPress