Security in the Connected Car
April 12, 2012 by John Day
Connected, safe, and reliable—this is the vision for the car of the future. To make sure these three requirements can be met, vehicle manufacturers, suppliers of electronic components and software, as well as system architects have to master numerous challenges, and they must do it with close cooperation.
Demand for Sophistication
The consumer’s wish list for the car of the future is long and demanding. It includes the need for continuous connectivity with the Internet, current traffic data, and the best possible integration between the vehicle and personal mobile devices such as smartphones. Additionally, there is an increasing interest around the concept of integrating and synchronizing personalized data from smartphones and “apps” with in-vehicle systems. The message is clear: Consumers want access to their important data at all times.
As today’s modern vehicles become more sophisticated, the amount of electronic components in each automobile continues to increase. The average car contains approximately 70 computer chips. To enable these chips and carry out their allotted tasks, up to 100 million lines of command code are required, in up to 100 electronic control units (ECUs), distributed over five bus systems. Given these statistics, there is no question that the role of software for the automobile is incredibly important—and this trend will continue to increase sharply. Experts estimate that in a few years, the software contained in cars will likely be 20 to 30 times more extensive than what it is today.
Connectivity and Risk
As car manufacturers try to set their vehicles apart from the competition, they can look to differentiating through electronics and in-vehicle infotainment (IVI) systems. As a result, manufacturers have begun to integrate Wi-Fi spots in their cars and are developing the technological possibilities of autonomous communication between vehicles.
While remote control has long been in use in cars, with the popularity of smartphones, additional advancements are on the rise. The industry has already seen several vehicle models that allow the remote control of ignition, door locks, and lights via smartphones. Typically, in these cases, access to the on-board computer is only released after entry of a PIN in the smartphone app. The smartphone does not have to be in the vicinity of the vehicle for the remote control but instead connects via the telecommunications network.
Although computerization and connectivity allow consumers to enjoy greater convenience and automotive innovation, it also increases the dangers and risks. For example, imagine malicious code or malware triggering equipment malfunctions by infiltrating the electronic control system of the vehicle via the unknowing use of infected MP3 music files or an app downloaded onto the car’s IVI system.
Researchers at the University of South Carolina and Rutgers University recently demonstrated, among other things, how a hacker could invade consumers’ privacy and continuously track a vehicle’s travel route over great distances using technology such as radio frequency identification (RFID) tags, for example. Additionally, in 2011, in Texas, a disgruntled ex-employee was able to access the remote vehicle immobilization system of a car dealership and prevent more than 100 car owners from starting their vehicles or controlling their horns.
Of course, in addition to infiltrations via wireless communication routes such as Bluetooth and Wi-Fi, dangerous hacks can be conducted remotely by attackers gaining physical entry into a vehicle and accessing the on-board network via the on-board service interface. The University of California, San Diego and University of Washington developed a program called CarShark that demonstrates how hackers could obtain access to the on-board electronics via the Controller Area Network (CAN) system and take over control of the brakes, locks, and other systems.
Given that connectivity opens the door for potential vulnerabilities, security is clearly a top priority for the connected car. The security aspects that must be fulfilled for the connected car can be divided into four categories:
- Cable-connected and wireless communication, such as peer-to-peer and other connections
- IVI system, including SSL encryption
- Electronic components within the vehicle, such as sensors or engine control units (ECUs), including the certification and verification of applications, remote management, and virus or malware control
- Services either developed by car manufacturers or third parties, including apps that can be downloaded from the cloud
The most powerful solutions encompass a range of security aspects, depending on the application, and will demand close collaboration with the car manufacturer. Take for example the complexities and deep coordination required to manage the numerous sensors in a vehicle, such as GPS or movement sensors that react when a vehicle is moved suddenly.
Among the best security solutions in today’s age of increased connectivity and “app stores” is the use of embedded virtualization and hypervisors. For example, Wind River Hypervisor can enable the separation of different partitions via virtualization to isolate the safety-critical components such as car park systems or access to braking system functions from components that don’t require safety certification such as entertainment applications, while still operating on a single hardware platform (Figure 1).
Additionally, to address challenges such as virus detection and intrusion, other security companies such as McAfee have started to investigate and adapt solutions for the automotive environment.
“Embedded systems are an integral part of our daily lives – from appliances, water and power systems, to automobiles. This phenomenon has exploded the threat scope for these devices, and security technologies, such as whitelisting and configuration control, combined with global threat intelligence gathered from millions of nodes, are becoming more than a nice to have – they are becoming a ‘must.’ McAfee is committed to securing embedded devices and building custom solutions for automobiles and the world beyond PCs.”
– Stuart McClure, chief technology officer, McAfee
Today, the availability of processors with several multi-core CPUs permits new IVI architectures. Moving forward, expect greater consolidation of hardware, with several operating systems to run simultaneously, such as WinCE, VxWorks, Linux, or AUTOSAR. In this case, protection is possible through the use of embedded virtualization and a hypervisor coupled with appropriate certifications (e.g., ISO 26262 standard). The growing trend of multi-core and embedded virtualization paves the way for greater reliability, shorter boot times, and cost optimizations as well as allows for brand-new automotive use cases and applications previously too difficult to achieve without hypervisor technology.
Figure 2: Multi-core-CPUs create the basis for a new IVI architecture
Additionally, as the auto industry increasingly turns to the Android operating system and leverages its flexibility for innovation, especially in areas of multimedia and connectivity, automotive electronics become easier targets of attackers and malware. While we may not see an Apple or Android Market app store in cars in the imminent future, many vehicle manufacturers have started to work on rolling out their own apps as a means to entice and retain customers.
A further measure to enhance security in the future may be to outsource susceptible files to the cloud and only load content or information—from music to navigation—when required via telecommunications. For this scenario to come to life, quite a bit of coordination is needed across the automotive electronics ecosystem and standardization committees such as GENIVI.
Security solutions can only protect a system against the threats for which they were developed. While it’s impossible to safeguard against all attacks 100% of the time, there are many methodologies the industry is investigating further. Embedded components can be protected against attackers via hard or software-based “sandboxing” concepts. Examining files prior to downloading for viruses and malware from the cloud would also assist with automotive security. Ideally, a comprehensive solution would take into consideration the issues around cloud services and over-the-air security as well as embedded security.
Security is a multifaceted issue and requires factoring in a variety of elements. Companies that have the expertise, technologies, and relationships across the embedded and automotive ecosystem, such as Wind River, are becoming even more important as the auto industry increasingly turns to the experts who understand and can connect all the pieces together.