Connected vehicles bring many of the benefits gained with Internet access, but they also bring security issues including the threat of cyber attacks. That’s forcing design teams throughout the automotive supply chain to focus on a broad range of security technologies that create a holistic defense strategy.
Defense in depth is the watchword in information technology, where security experts typically establish layers of protection so threats that slip past one security barrier are stopped by another. Combining the strengths of different solutions requires attention to detail at every level of design and development.
“It starts with how the hardware for each electronic control unit (ECU) is designed and how the software on those ECUs is protected, and then extends to the communication between ECUs, to the design and segmentation of the vehicle network,” said Walter Sullivan, Head of Elektrobit’s Silicon Valley Innovation Lab. “The protections then have to extend to those external inputs into the vehicle, be that Bluetooth, USB, OBD, the carmaker’s proprietary diagnostic port, and out through the cellular connectivity.”
Security protection in a vehicle starts with the microcontrollers that manage communications and other tasks. Every layer of software must also be developed with security in mind. Hypervisors are one technique for securing critical vehicle functions from errant or malicious software. They separate vehicle critical functions from user functions like infotainment, ensuring that problems that occur in radio head units don’t spread.
“The hypervisor can provide a secure isolation between an automotive domain and the user-facing operating system, minimizing the risk of intrusions spreading to other systems in the vehicle,” said Sachin Lawande, President of Infotainment at Harman. “Communication between the OSs can be done through secured, defined ports that only pass prescribed data between the two environments.”
The challenge of linking multiple vehicle systems together becomes even more daunting as security concerns grow. Design teams must not only consider how braking, steering, and sensors work together, for example. They must also ensure that these interactions occur without creating any breaches that could be exploited. To make this happen, OEMs, Tier 1s, and other vendors will probably have to share more information.
“The most important thing that manufacturers can do is to promote clear and open communication and understanding of how their security mechanisms work and how they manage interactions,” said Mike Weber, Vice President of Coalfire Labs. “Currently, the most prevalent way for one manufacturer to find out how to interoperate with another component is through reverse engineering. This yields systems that may not implement the expected communications parameters correctly—they may even be leveraging a bug in the component—which can have cascading impacts to security due to complex dependencies between components.”
Reverse engineering is also an important tool for hackers. Without adequate safeguards, it can be used to get information out of microcontrollers. That’s prompted chipmakers to design protected memory sections that prevent attackers from using chemicals and other techniques to dig inside the chip and steal data.
“The cryptographic keys must be stored securely,” said Timo van Roermund, Security Architect at NXP Semiconductors. “If someone extracts them, they could be used to send falsified information. Chips have sensors—light, temperature, and others—that can see when someone tries an attack. The chips have protection methods for destroying information when something really out of the ordinary happens.”
Vendors who make design tools are helping ensure that teams at all levels can better understand how their development steps. These programs also address different levels throughout the design cycle. Lifecycle tools are among those that help developers ensure that their products work well by themselves and when they’re linked to other components in the vehicle.
“By incorporating application lifecycle management (ALM) tools for data sharing and reusing test components from one stage of development to another, teams can work together more closely and identify problems earlier in development,” said Nicholas Keel, Group Manager of Real-Time Test Marketing at National Instruments. “With ALM tools, the different stages of test are now more tightly incorporated with design and development teams to ensure proper collaboration, more efficient testing, and a tighter closed-loop of feedback.”