Cars are changing.
Technology is rapidly advancing in the automotive space to meet user demands for convenience, as well as the sustainability needs of urban areas. Enhanced connectivity is at the heart of innovation, and the industry is swiftly headed towards the commercialization of cars controlled with mobile apps and self-driving cars guided by real-time traffic data.
While presenting new opportunities for mobility, the added connectivity exposes vehicles to cyber threats and privacy risks that can pose a significant threat to traffic safety.
Penta Security has developed the AutoCrypt suite of solutions to provide comprehensive web security, encryption, and authentication capabilities within the automotive environment.
80% of cars will be connected by 2020. To help create a more convenient tomorrow, connected cars and
IoT devices on the road will be engaging in constant communication with a wide range of entities,
including unknown ones. This raises the issue of how to prevent untrustworthy communication from entering the traffic infrastructure.
Secure communication can be achieved with mutual authentication, which prevents the introduction of
fraudulent or malicious traffic information that could endanger lives on the road. In the case of intelligent
transport systems (ITS), trusted communication can be established via the implementation of a security
credential management system (SCMS).
AutoCrypt V2X (V2X Security) and AutoCrypt PKI provide the core security components required to
protect communications in ITS.
E-mobility, or electric mobility, is driven by the dual demands for more environmentally friendly transport and lower vehicle ownership costs. To foster growth in the e-mobility market, the availability of charging
stations for refueling EVs and hybrid cars is expected to increase. In the process, the security of backend billing management systems and electric charging points must be addressed to ensure the integrity of
utility services and protect sensitive user billing information.
Communication between vehicles and charging equipment (EVSE) needs to be secured during the
charging process. A PKI system for authenticating and authorizing all entities within the e-mobility
ecosystem is essential to any robust Plug & Charge (PnC) system.
AutoCrypt V2G secures the PnC process by protecting electric vehicles and charging stations and
preventing data from being hacked when plugged-in at supply stations.
As cars become increasingly smart, the ability to connect cars with other devices and users presents valuable business opportunities for service providers. Mobility-as-a-service (MaaS) is a shift away from personal car ownership towards mobility solutions via shared transport resources. Smart devices are expected to be central to this emerging MaaS market, with phones functioning as digital access keys in P2P ride-sharing services, or as controls for in-vehicle functions.
A PKI system for authenticating and authorizing all vehicles and devices involved in the delivery of mobility services will ensure malicious actors cannot disrupt data integrity.
AutoCrypt V2D enables secure interaction between vehicles and user devices for the provision of mobility services such as those that leverage mobile apps as digital keys to manage vehicle access.
Unlike smart phones, connected vehicles are smart devices that people travel in, rather than with. This means cyber mishaps can instantly become life-threatening. Upon gaining access to a vehicle’s internal network, malicious actors may install new firmware for executing custom commands and take over controls remotely.
From the OBD-II port to the vehicle’s wireless connection, the attack vectors for hackers are plenty and aren’t easy to secure. Cars are not just becoming connected, but also autonomous and therefore architecturally extremely complex. All this data being exchanged within the vehicle needs to be monitored for signs of abnormal activity that could indicate network intrusions or attacks.
AutoCrypt AFW and AutoCrypt KMS protect the internal systems of vehicles by detecting malicious or abnormal traffic and securely managing encryption keys used within internal networks.
At Penta Security, we saw the dangers and began work on researching security for exposed areas. Considering all gateways or points of access for the car
and developing methods of securing the channels of communication via encryption, we also delved into public key infrastructure (PKI) to authenticate the
many different endpoints. This comprehensive connected car security solution resulted in AutoCrypt.
- 2007. Security between Vehicle and Diagnostic Device
- 2011. Security between Vehicle and Nomadic (mobile) Device
- 2012. Security for Patrol Car Fleet Management
- 2013. V2X Security over DSRC (WAVE)
- 2014. Mobile Telematics Security (consulting)
VDMS (Vehicle Data Monitoring System) Security
- 2016. Security for C-ITS Testbed (Daejeon-Sejong)
- 2017. Security for Electric Vehicle Charging System
Enhancement to C-ITS Testbed (Daejeon-Sejong)
Security for C-ARS Testbed (Yeoju)
Security for K-City (Hwaseong)
Security for Rail Transport System
- 2018. Electric Vehicle ‘Plug & Charge’
Firewall for Electric Vehicles
Design & Plan for C-ITS Infrastructure
Jeju Special Self-Governing Province C-ITS Project