Intel's "bumper-to-bumper" vehicle security approach

  • 19-Apr-2016 04:55 EDT

Intel’s vision of bumper-to-bumper vehicle security encompasses all the areas shown, plus cloud-based traffic monitoring and "virtual patching," an interim method to prevent exploitation of newly-discovered weaknesses, until more durable fixes can be implemented.

As vehicle connectivity becomes ubiquitous, the threat of being hacked rises. The longer a car is on the road, the more its access points become exposed. Thus the industry's feverish race to find a robust and ongoing cyber defense at every level. At the 2016 SAE World Congress, an expert at microprocessor supplier Intel gave her assessment of what the industry must do to ensure that defense.

According to Lorie Wigle, General Manager of Intel's Internet of Things (IoT) Security, while encryption (particularly of the CAN bus) has been highly-touted, "the reality is encryption is going to address just part of the threat."

There is no "silver bullet" solution, Wigle said. Security must be a continuing operation, not a single preparatory event. And it extends beyond the vehicle.

Biggest bang in cloud

"Clouds and infrastructure also must be secured," she explained, noting that the "biggest bang for the buck" for a high-threat attacker is in "the cloud," not the car parc.

Although many consider today's threat level high, the automotive fleet actually represents relatively low complexity, despite the fact that a typical car has 25 to 200 microprocessors and up to 65 million lines of codes, about half of which are for the multimedia systems, she said. A current luxury model has 144 ECU connections—73 are on CAN busses, 61 are on LIN (Local Interconnect Networks) and 10 on FlexRay. Further, a fully-optioned vehicle may have up to 100 electric motors for interior controls.

The cloud may be the highest value target, but the vehicle itself is the object of many groups of potential attackers. Wigle pointed out six primary threat models. The most common is the car thief, whose access into the vehicle is typically physical entry but also via wireless. More technically astute is the hacker seeking his minutes of fame and working the purely wireless approach.

The highest threats, however, come from the criminal who may have medium to very high technical knowledge and can combine wireless with physical access to pose a danger to passengers. There's also the workshop tuner with total physical access to modify a vehicle's control settings. Perhaps the highest hacker-threat comes from counterfeiters and competitors, who have physical access and are looking to understand the vehicle architecture.

According to Wigle, the present level of telematics is largely in the entertainment area, whereas the future is a fully connected environment—V2V, V2I and V2X (vehicle to vehicle and infrastructure, and real-time integration with on-board drive/brake systems). Vehicle automated operation is on a handful of cars, and limited in most cases to advanced forms of adaptive cruise and related semi-autonomous systems.

Data analytics on-board is currently focused on performance and such navigation-related items as vehicle location, whereas the future will go well beyond, into vehicle-driver personal data.

Bumper-to-bumper defense

The term "bumper to bumper" used to only describe a vehicle's warranty. Recently it has also come to describe the adaptive security perimeter around the vehicle and extending into the cloud, Wigle said. Best practices will require moving "attack surfaces" to the cloud where possible. She pointed to Intel McAfee's cloud-based IPS (Intrusion Prevention System) as an example.

However, Intel also is promoting its vehicle enhanced head unit including a "Hardware Security Module" intended to provide broad-based operating and security hardware coverage. The system includes a Wind River hypervisor, which can run multiple operating systems on a single central processing unit, and Intel's PC-established "Trusted Execution Engine." This hardware technology is designed to attest to the authenticity of a platform and its operating system and establish levels of trust to provide security.

OTA (over the air) software updates, Wigle said, will not be between individual devices, but from and to certified groups.

There are two sides of providing vehicle electrical system security, she noted. One is a secure, flexible development process as described in the guidebook for SAE J3061. This requires identifying and numbering all attack surfaces and conducting threat analyses, reducing attack surfaces and hardening the hardware and software. It is accompanied by SAE J3101, which defines a common set of requirements for hardware protection which exceeds the capability of the software alone.

Wigle also pointed to Intel's formation of the Automotive Security Review Board, to be composed of researchers from industry vendors, to develop solutions using Intel-based platforms. ASRB is working with three "white hat" security research operations—IOActive, and—to recruit cybersecurity professionals to contribute.

HTML for Linking to Page
Page URL
Rate It
4.33 Avg. Rating

Read More Articles On

If there’s any doubt that connectivity is the next wave for advanced features and functions, it should dissipate after CES 2017. A multitude of advances in over the air updates and security will be shown in Las Vegas in January, setting the stage for much of the auto industry’s technology rollouts throughout the year.
Emerging markets and technologies are both creating openings for Taiwanese suppliers. China’s burgeoning automotive market is a primary target for companies that focus on OEM sales, while emerging technologies like LEDs and head-up displays (HUD) are also providing opportunities.
Delphi rolls out its next-gen automated-driving technology platform, called CSLP, due for production by 2019.
Euro NCAP will establish a separate category for autonomous vehicles, but there is not likely to be one for cars that are claimed to protect all occupants from serious injury or death.

Related Items

Training / Education