Planet-9 Porsche Forum banner

1 - 1 of 1 Posts

23,161 Posts
Discussion Starter #1
Security was high on the minds of automotive analysts and journalists at the 2015 Consumer Electronics Show (CES), especially as software- and firmware-over-the-air (SOTA, and FOTA) updates appear to be on the verge of wide scale commercialization in the car. Just about every large scale system integrator, semiconductor provider and OEM had some type of mention of automotive security.
In general, the security methods that permeated the PC and smartphone industry seem to be making their way into the car, particularly in regards to infotainment. However, there were some players pitching a higher level of hardware-level security, particularly for ADAS systems, which is more akin to the security measures found in avionics and military grade embedded systems. A combination of both solutions is likely to make its way into the car, especially as the infotainment system or telematics control-unit (TCU) become the gateway for software updates to ECUs and microcontrollers.
OTA updates are a new vector for malicious/adversarial attack in the car. While connecting the car to the cloud poses a new level of risk, cars on the road today are already vulnerable to attack through embedded DVD players, ODB-II ports, TCUs, or even through the tire pressure monitoring sensors. This is not a new phenomenon, but the connected car will bring a level of scale to the potential vulnerability that was not there before. The potential of large scale standardization of software systems in future connected cars could make these systems a more valuable target for potential hackers to invest the time and resources to exploit.
There were several different security measures on display at CES. Likely a combination of these systems will be offered in the future as automakers start to invest more resources in security on future vehicles.
Intel demonstrated “TrustLite,” a lightweight system architecture designed to protect ECUs and microcontrollers by isolating basic software modules, which Intel calls Execution Aware Memory Protection Units (EA-MPU) from more complex real-time operating system (RTOS), and rich OS software modules. The overall philosophy of Intel’s approach is not uncommon in PCs or smartphones, but TrustLite does not require virtualization, trusted execution, secure firmware runtime or a secure co-processor to run its architecture. At an event held at GENIVI, an Intel researcher demonstrated how TrustLite would prevent a virus entering through the TCU from affecting a critical ECU that controls the throttle actuator. Intel also offers different security features at different cost points.
Overall, Intel’s approach could be particularly advantageous for ADAS level security, as ADAS suppliers strive in particular to reduce the overall cost of their systems while providing stronger security measures.
Green Hills Software, a long leader in RTOS embedded solutions, sees opportunity in porting its trusted INTEGRITY OS to the car. INTEGRITY is one of the most secure RTOS solutions available, achieving an Evaluation Assurance Level (EAL) of 6 from the National Security Agency (NSA), making it one of the most secure pieces of software available today. INTEGRITY is currently implemented on the US Air Force B-2, F-16, F-22 and F-35 weapon systems. Green Hill’s solutions are scalable; the company provides a “deeply embedded” microkernel for ECUs, which is upwards compatible to its Integrity RTOS. For IVI systems, instrument clusters, and ADAS systems, Green Hills points towards its INTEGRITY Multivisor solution which is the company’s type1 hypervisor architecture which offers up to full virtualization for guest operating systems, such as GENIVI’s Linux, Android or QNX, to securely operate in. These operating systems function completely on top of the INTEGRITY RTOS, while a completely separate INTEGRITY RTOS could operate the CAN-bus and other INTEGRITY kernels could operate each individual ECU and microcontrollers, offering multilayered security.
Red Bend demonstrated similar virtualization features as Green Hill; the company says its vLogix Mobile system originally designed for smartphones is a type-1 hypervisor that allows multiple virtual machines to run in parallel while utilizing the same hardware. Unlike Green Hills and Intel, however, Red Bend does not seem to offer the same level of bare metal protection.
On a completely different spectrum is Argus which tries to prevent hacks on vehicles in the first place through cloud level security. Argus Cyber Security is a cyber security company founded by former Israel 8200 unit intelligence officers. The company’s patent-pending “Deep packet Inspection” algorithm prevents critical vehicle components from being hacked in real-time. The company also provides a fleet level security manager for enterprise customers such as OEMs or major fleet operators to assess cyber-attack vectors and assess irregularities, allowing OEMs to identify unauthorized attempts to tune or change ECU behavior, according to the company. The company is positioning its secure cloud servers and secure OTA solutions as a software solution similar somewhat to Red Bend’s.
There were many other firms pitching automotive security, including OpenSynergy, Symphony Teleca, Continental, OK-Labs, Arynga, ARM, QNX, Visteon, and Renesas. Likely, a combination of higher level cloud-based security, as well as virtualization and basic forms of memory protection of the bare metal will be used in tandem to give connected automotive fleets, replete with high levels of ADAS functionality, the level of redundant security needed in order to operate.
CES showed that the companies investing in connected car products are finally taking cyber-security seriously. This is a good first step, but is a long way from what will be needed to detect and repel such attacks. The products shown at CES are essentially add-on products that will make it more expensive to execute cyber-attacks.
The long term solutions to defend the connected car will require built-in security a part of the car’s system architecture. This will include a hierarchy of security starting with MCU hardware, OS and middleware security, applications, data and access security, and communication integrity. The security strategy should also assume that security breaches will occur and plan for operational security checks that can detect unauthorized events. The security for auto ECUs that operate the cars will also need to be stricter than for infotainment ECUs and their external connections should be separated for maximum protection.
By Colin, Bird, Senior Analyst, IHS Automotive
Posted January 22, 2015

1 - 1 of 1 Posts