Securing the Internet of Vehicles – is it possible?
02 February 2018
Connected vehicles are a manifestation of the Internet of Things (IoT) and securing the Internet of Vehicles (IoV) is rapidly growing in importance. There are several areas of concern when it comes to securing a vehicle and the requirements are being heightened with the advent of autonomous cars.
Louis Parks, CEO of SecureRF, provides insight into IoV security-related challenges and how the company’s future-proof security tools help address them. DPA & Connectivity Editor, Paige West reports.
SecureRF is primarily involved in securing low-resource processors, such as the 8- and 16-bit microcontrollers deployed in modern vehicles. Vehicles can contain anywhere between 50-100 processors that are controlling various aspects to the brakes, drive train or emission system. These tend to be very simple function devices, engineered to their specific requirements. As a result, many of these devices run on 8- or 16-bit processors, which lack the computing and memory resources to implement common security methods like ECC and RSA, meaning many of the processors in contemporary vehicles have little or no security.
Modern devices, like your iPhone, tablet or laptop, typically have a 64-bit processor and the security used today works away in the background just fine, despite being around 35-45+ years old. When you go down to a 32-bit processor, it becomes challenging to have enough computational capability to run security in a timely fashion. So when you go down to 8- or 16-bit processors, you can’t even really fit traditional security on.
To date, since cars haven’t been connected, it hasn’t been an issue because it hasn’t been a threat. Today, hackers can access a vehicle's internal controller area network (CAN) bus by attacking one or more of the vehicle’s numerous 8- and 16-bit processors, which are essential components in sensors and automotive control units.
So what’s the solution? One would be authentication; industry is looking to authenticate each command sent to a vehicle as well as the source of that command. Ideally, a vehicle’s various processors must both authenticate and be authenticated by each other.
SecureRF provides fast, low-energy public-key (asymmetric) security for low-resource devices. Unlike legacy security methods such as ECC and RSA, SecureRF’s solutions fit on 8-, 16- and 32-bit processors and allow the completion of authentication ‘handshakes’ in an allowable timeframe.
SecureRF has demonstrated, using a typical on-board processor for a vehicle, the ability to perform 4-5,000 of these authentications per second. Such high performance is necessary because it’s important these authentications are being performed constantly throughout driving to ensure the source of the commands remains the same.
SecureRF is working with semiconductor and automotive OEMs on on-board device level security, to address issues at the foundation of the vehicles currently on the road. When they eventually become autonomous, there will be even more security challenges but Louis believes it will reach a threshold and in the next few years, it will become harder for a hacker to worm their way in.
The automotive industry is slowly but steadily responding to the growing security threats. In the long run, the biggest challenge will be getting the automotive world to work together. The sector is extremely competitive and companies rely on innovative technology and solutions to set themselves apart.
If, for example, car manufacturer A has developed a good security solution but isn’t willing to share it with anyone, they could potentially be doing themselves harm. When the car with this good security solution runs out of warranty, you can’t take it to a local garage because they won’t have access to the relevant codes to update/repair the technology.
Unless industry agrees on some level to share its security advancements, the company that will eventually release an open source solution will undoubtedly be the preferred choice.
Download SecureRF’s free IoT Embedded Security SDK: http://info.securerf.com/iot-embedded-sdk-development-kit
Contact Details and Archive...