Smarter Security for Smart Cars
Cars are changing. Smart cars, cars that adopted ICT for an easier and safer driving, are now being commercialized. Now, a car becomes a wheeled data center and the car manufacturer becomes a software developer. However, as more and more components of cars become connected to the Internet, risk will greatly widen. Hackers can remotely access and manipulate functions in the car including in-vehicle information systems, automatic braking systems, or even cutting off the engine while the vehicle is in transit.
Networks of Consideration for Connected Car Security
There are different networks that one needs to consider when thinking about car security – not simply within the vehicle in itself.
V2V = Vehicle-to-Vehicle:
Through the Communication Control Unit (CCU), a car can communicate with another car to transfer traffic-related information, including traffic status. Communication between a car and a neighboring car helps to prevent car accidents in advance and allows the car to be driven in a more secure way through a temporary network, including roadside units and cars.
V2I : Vehicle-to-Infrastructure
Through road-side units (RSUs) that communicate with cars, smart cars can configure a comprehensive network and be provided with various services. The RSU communicates with cars on the road to reduce traffic and provides drivers with an agile navigation system. An Information Transportation System (ITS) is configured by integrating the elements of the existing traffic systems such as cars, RSUs, and roads and signaling systems. Through the ITS, the efficiency and safety of traffic can be enhanced dramatically.
V2D : Vehicle-to-Device
A driver can figure out the status of the car and which element should be maintained by using a smart device such as smartphone or tablet. In addition, he or she can even control the car remotely from that device.
The Need For a Solution
Threat to these networks pose a very real threat to human life. As car manufacturers roll out new features and update the code, they need to keep security at the forefront. This presents challenges for developers as the development lifecycle for cars takes long to complete. Vehicle programming also contains some of the most complicated coding in all computer technology.
At Penta Security, we saw the dangers and began work on researching security for exposed areas. Considering all gateways or points of access for the car and developing methods of securing the channels of communication via encryption, we also delved into public key infrastructure (PKI) to authenticate the many different endpoints . This comprehensive connected car security solution resulted in AutoCrypt.
AutoCrypt AFW Advanced Firewall
Firewall Optimized for Vehicle Communication Protocols
Analyzes for malicious packets from external sources or abnormal packets occurring internally.
- Detects modified and suspicious traffic using patent-based technology
- The detection engine uses logical analysis and does not require signature updates.
- Support for various manufacturers internal network protocols including CAN Bus and Ethernet (SOME/IP, DoIP)
- Positive Security Model based protocol and application management
- Uses managed black/white listing to block malicious access and Deep Packet Inspection
- Application layer malicious traffic detection and response
AutoCrypt V2X Vehicle-to-Anything
Secure Communication System For Vehicles and Transport Infrastructure
An authentication/encryption system for vehicle-to-vehicle and vehicle-to-infrastructure communication.
- Development for authentication/encryption communication between vehicles and Road Side Units (RSU) and roads and traffic signals is currently in progress.
- It was designed adhering to vehicle communications standards IEEE 1609.2, CAMP VSC3, USDOT SCMS.
- IEEE1609.2 – Family of Standards for Wireless Access in Vehicular Environments (WAVE)
- CAMP VSC3 (Crash Avoidance Metrics Partnership Vehicle Safety Communications 3)
- USDOT SCMS (United States Department of Transportation Security Credential Management System)
AutoCrypt PKI Public Key Infrastructure
PKI Authentication System For Vehicles
A PKI system based on IEEE 1609.2 standards for certificate (Identified/Pseudonym Certificate) generation, operation, and management.
- System that generates certificates for vehicles and issues based on district roads
- Utilizes anonymity technology to protect driver privacy
- Lightweight technology based on ECC algorithms provides enhanced effectiveness
AutoCrypt KMS Key Management System
Internal Key Management System
A system that manages the life cycle process which includes storage, generation, and revocation not only for keys but certificates as well.
- Manages keys for communication between the internal Electronic Control Unit (ECU) and external sources.
- Secure storage and access control
- Prevents stolen keys and abuse of keys
- Connects with external key management systems
- Support for HSM
Penta Security Automotive Security History
2007
Security Between Vehicle and Diagnostic Device
Penta Security’s first automotive solution was developed to ensure that communications between cars and diagnostic devices were secure.
- Provide encryption and key management for vehicle diagnostic data
- Install Penta Security’s cryptographic module on vehicle Electronic Control Unit (ECUs)
- Encrypted communication between vehicle and data collection server
2011
Security Between Vehicle and Nomadic (Mobile) Device
In 2011, Penta Security developed a way to protect communications between vehicles and external mobile devices.
- Device authentication & encryption of nomadic devices (PC, mobile devices, etc.)
- Support for user authentication between nomadic devices and authentication server
2012
Security for Police Car Fleet Management
Location information of police vehicles, if stolen, can compromise the safety and integrity of law enforcement agencies. In 2012, Penta Security worked to hide critical patrol vehicle GPS data from any unauthorized entities.
- Provide an encrypted communication channel for law enforcement administrators to monitor GPS data on patrol cars
- Provide vehicle authentication and random encryption key assignment
- Install security modules optimized for navigation system’s OS (Win CE, Android, etc.)
2013-2014
Vehicle-to-Everything Security
Between 2013 and 2014, Penta Security devoted its resources to develop V2X (Vehicle-to-Everything) security over wireless communications.
- Issue certificates between PKI Server System and client vehicles
- Secure Dedicated Short Range Communications (DSRC) between vehicles
- Client featured IEEE1609.2/CAMP and communicated with one another through Wireless Access in Vehicular Environment (WAVE)
2014
Vehicle Data Monitoring System (VDMS) Security
Penta Security developed security modules (or agents) for vehicles and in the back-end network. This allowed for the authentication of vehicles and service providers, as well as providing security for communications between them.
- Design and install modules
- Provide consulting for the design of Authentication Infra-System
- Provide solution for AIS Certificate Issuing
2015
AutoCrypt® Launched
Penta Security’s proprietary core technologies, our experience working with cars from 2007, and the vehicle industry’s evolving requirements resulted in the launch of AutoCrypt® in 2015. From architecture design to security against external attacks, AutoCrypt® is a comprehensive suite of solutions for connected and autonomous cars.
- Secure design infrastructure through the external gateway
- Provide encryption and key management to scramble communications
- Authentication to validate vehicles, users, and back-end service providers (including car manufacturers)
- External and internal firewalls to mitigate attacks from outside of the vehicle
2016
AutoCrypt® Tested on Smart Highways
Government agencies all over the world are taking a serious look at the what the future looks like with smarter cars and smarter highways. With support from the Korean government, AutoCrypt® has been tested for its security on Intelligent Transport Systems (ITS) since 2016.
- Initial ITS project involved 3,000 AutoCrypt®-enabled vehicles against 79 Roadside Units (RSUs) since early 2016
- Communication based on WAVE
- AutoCrypt® PKI deployed in ITS center
- AutoCrypt® V2X deployed to ensure secure communications
2017
Security for Electric Vehicle (EV) Charging Systems
IoT is coming to electric car charging stations, and promises convenience for drivers, EV manufacturers, and service providers. On the other hand, all this convenience comes with the price of new vectors of vulnerability for hackers to use. AutoCrypt® can provide EV owners, manufactures and service providers the reassurance necessary to communicate amongst each other with trust and confidence.
- Provide infrastructure for accurate EV charging
- Reliable billing for EV charging authority and other service providers
Electronic equipment controls all areas of a vehicle, including driving, brakes, steering, and various sensors. The vehicles manufactured these days are mounted with more than 100 Electronic Control Units (ECUs). An automotive company uses information collected from the ECUs to manufacture a safer and more convenient vehicle, and a driver can be provided with automated value-added services based on the vehicle driving information.
However, unencrypted information is transferred to the internal network of the vehicle. The impossibility of ensuring data integrity means that someone other than the driver may manipulate the vehicle remotely. If someone threatens a driver’s life by malfunctioning the steering device or stopping the engine while the driver is driving a car, it may lead to a disaster affecting other vehicles, pedestrians, and surrounding infrastructure.
The security accident of a company is just the loss of information; however, the security accident of a smart car can threaten people’s lives. For vehicle security, security should always come before connectivity.
Download our free infographic to find out more about the different channels vulnerable to hacking, and how AutoCrypt can prevent these attacks.