Building a framework for trustworthy connected cars
Jason Hart, VP and CTO for Data Protection, Gemalto
Recent events showing the vulnerability of connected cars to hackers have made it clear that there is a need to rebuild trust in connected cars and emissions monitoring. The key to this is for manufacturers to ensure connected cars operate within trusted, secure frameworks, guaranteeing the best possible protection, authentication and authorisation between entities and devices exchanging data, both within the car system and externally.
Furthermore, protection against hacking or irregularities requires a high quality framework allowing manufacturers to update firmware remotely, as these can be expensive if done purely through physical recall. This means manufacturers must have a full understanding of the connectivity, security, and monetisation issues surrounding connected cars in order to build a high quality framework for their cars’ operating systems and data.
Reliability is based on best-in-class connectivity
With cars all over the world becoming increasingly connected, automotive companies need to ensure they also protect against hacking or irregularities by remotely modifying and updating the software on their vehicles. After all, as the world becomes more connected and the Internet of Things continues to grow, so do security risks.
In order to improve their devices’ connectivity and management flexibility, manufacturers are increasingly embedding SIM cards in cars during the manufacturing process, simplifying their installation and enhancing security. This not only reduces exposure to tampering and damage, it also means manufacturers can securely identify individual cars, encrypt communications and ensure secure global connectivity for smart vehicle systems including telematics and navigation.
In the future, secure cloud-based service enablement and next generation features such as secure ID-based ignition, integrated near field communication and mobile wallet applications will further contribute to convenience for drivers and passengers alike.
Software protection is key
The latest Breach Level Index report shows there were 888 data breaches in the first half of 2015, compromising 246 million data records of customers’ personal and financial information worldwide. It is clear that breach prevention and threat monitoring alone will not keep the cyber criminals out. In the case of connected cars, hackers are able to remotely send commands through entertainment systems to control everything from the stereo and air conditioning, to brakes and engines, turning vehicles into one of the most dangerous connected ecosystems.
This means these frameworks need end-to-end security to ensure device and cloud identities are not compromised, all asset integrity is maintained, and any data (whether it be at rest or in motion) is protected. Security by design is key in deploying a secure connected car architecture.
Starting with a thorough risk evaluation so that needs can be properly assessed, manufacturers can then implement specific hardware and software solutions across the entire connected car ecosystem to protect the complete chain – from the device, the application, the network, and the data to the back-end infrastructure.
A combination of hardware and software modules and procedures to manage digital certificates are needed in such a potentially insecure environment, which is why manufacturers should enforce two-factor authentication – whether via the generation of one-time passcodes or by way of smart cards or USB tokens – as well as strong public key infrastructure (PKI) plans in order to keep connected cars safe.
Staying ahead with software monetisation
The framework needs to ensure the protection of all Intellectual Property through licensing. This, crucially, allows car manufacturers to securely download/update firmware on their vehicles, whether to patch errors (perhaps emission level errors) or enable new features.
Using small, low-cost sensors embedded inside connected cars, IoT devices are capable of delivering unprecedented levels of insight into a vehicle’s “health”. Predictive maintenance, as it is known, allows manufacturers to foresee and proactively deal with technical issues before they become a problem, keeping upkeep costs low and improving user experience. What’s more, it enables them to tap into new markets by offering a wide range of consumption-based pricing models to suit every budget and user requirement.
However, while an increased use of cloud technologies has opened up many doors for car manufacturers, it has also heightened security risks including tampering, reverse engineering and licensing infringement. Using advanced encryption techniques, software monetisation tools keep manufacturers’ licenses secure and ensure vehicle data is encrypted, protecting source code from theft, manipulation and tampering. The combination of a secure IP-protection solution with a trusted software licensing platform provides the best level of protection against malicious or accidental threats.
The future of the transportation industry will rely on communication and security between cars and other IoT connected elements such as street lighting systems and even other vehicles. It is an exciting time, but clearer than ever that security must be at the heart of innovation. Building a high quality framework where no compromises are made on security, connectivity and monetisation enables manufacturers to significantly reduce the chance of any security breaches, such as the Jeep hack earlier this year. It’s now only a matter of time until all connected car manufacturers adopt a comprehensive approach such as this for their frameworks.