As more and more components of cars become connected to the Internet, the surface area of risk will greatly widen. Hackers can remotely access and manipulate functions in the car including in-vehicle infotainment (IVI), automatic braking systems (ABS), or even cutting off the engine while the vehicle is in transit. Legacy technology such as Controller Area Network (CAN) buses, which were built for efficiency and not with external access in mind, contain major vulnerabilities leaving them prone to hacking.
White-hat security experts Charlie Miller and Chris Valasek were able to hack into and manipulate the electronic control units (ECU) of a Jeep Cherokee. This can be done by physically accessing the vehicle through a on-board diagnostics (OBD-II) tool or wirelessly through telematics. Some cars feature over-the-air (OVA) updates to the vehicles firmware which adds a new channel of communication open to hackers.
The need for a solution
These vulnerabilities pose a very real threat to human life. As car manufacturers roll out new features and update the code, they need to keep security at the forefront. This presents challengers for developers as the development lifecycle for cars takes a very long time to complete. Vehicle programming also contains some of the most complicated coding out of all computer technology.
Penta Security saw the dangers in the connected car environment and began work on researching security for its exposed areas. They considered all gateways or points of access for the car and developed methods of securing the channels of communication via encryption. They also considering using proven technology like public key infrastructure (PKI) to authenticate the many different endpoints within this setting. This comprehensive connected car security solution is called AutoCrypt.
Key Management System (KMS)
- Manages the entire in-vehicle encryption key life cycle process including generation and revocation
- Stores and manages keys from the moment they are issued from the security server
- The external KMS (Security Server) and the in-vehicle KMS continuously sync for constant security
- Support for HSM
- AutoCrypt AFW is an application firewall optimized for vehicle communication protocols
- Analyzes the traffic that moves through the vehicle’s telematics & AVN/IVI channels for malicious packets and responds accordingly with the appropriate security countermeasure. (Detects malicious traffic in L7)
- Can use a managed black/white list to block or accept specific sources. (Manages traffic flow)
- Patented technology recognizes variants of well-known attacks as well as new attacks
- Rapid traffic detection via session by session management
- Support for internal vehicle protocols (DoIP, SOME/IP, Ethernet, etc.)
PKI (Public Key Infrastructure) Authentication System For Vehicles
- AutoCrypt PKI is PKI system based on IEEE 1609.2 standards for certificate generation, operation, and management.
- System that generates certificates for vehicles and issues based on district roads
- Utilizes anonymity technology to protect driver privacy
- Lightweight technology based on ECC algorithms provides enhanced effectiveness
- Generates and issues PKI certificates necessary for V2X authentication
- Provides a anonymous ID for Pseudonym Certificates
- Prevents exposure of driver privacy, e.g. location, etc.
- Monitors for certificate abuse or stolen certificates