Securing the – computer on wheels

Modern vehicles are seen as “computers on wheels” for a reason. Just 25 years ago, vehicles were closed systems with a manageable proportion of electronics. Today – in the era of connected vehicles – they often host more than 80 electronic control units and several gigabytes of data. In addition there are various external interfaces enabling vehicles to communicate among themselves as well as with traffic control systems, OEMs, service providers, home networks and others.

As an integral part of the Internet of Things (IoT), vehicles will continue to process increasing quantities of data – and will also be generating more data. While data can be monetized through different revenue models, one of the biggest challenges is securing the data and protecting the systems from hackers. One of the companies at the forefront of the fight against automotive cyber-crime is the Automotive Security Division at secunet security Networks. This Division has been supporting the automotive industry in the implementation of appropriate IT security mechanisms within the vehicle and in the peripheral Car-IT for more than 15 years.

Automotive Industries (AI) spoke to Gunnar Hettstedt, Head of Automotive Security business unit at secunet and Harry Knechtel, Director – Consulting at the Automotive Security business unit. We asked how serious is the threat that a vehicle will become target of a hacker attack.

Hettstedt: The successful hacker attacks on vehicles from well-known manufacturers published recently show that the threat has to be taken quite seriously. The well-publicized attack on a Chrysler Jeep was executed remotely under real conditions, and the attacker was able to manipulate safety functions using wireless communication..

In addition, vehicles are now also subject to the relevant hacker conferences and the basic set of hardware for a physical ODB access is comparatively cost-effective. It shows an imminent threat truly exists, but panic is less helpful in such a situation than minimization.

AI: Would you go so far as to say that our vehicles are insecure today regarding cyber-risks?

Hettstedt: We cannot confirm that. However, the sustained momentum of information technology use in vehicles leads to new cyber risks and vulnerabilities that need to be covered by appropriate IT security. That is why it looks like a competition between the automotive industry and the hacker community.

Knechtel: New attack techniques are being continuously developed. For this reason it is impossible to make a serious

forecast of whether today’s vehicles can still cope with the security requirements in five years’ time. The growing interest of the hacker community in vehicles and the dynamic development in the information technology indicate that problems should be expected over the vehicle lifecycle.

AI: Is the automotive industry sufficiently aware and prepared?

Hettstedt: The automotive industry has been given a wake-up call. The OEMs and in particular the premium manufacturer have been working for years on appropriate IT security solutions that cover changing cyber risks over time. Meanwhile, IT security is also an integral part of Automotive Standardization, which also underlines the awareness of the automotive industry.

Knechtel: However, we should not ignore the fact that the automotive industry is facing greater challenges in the implementation of IT security for vehicles than the IT sector and the personal computer. Vehicles are not permanently online and are often on the streets for 15 years and more. We also have to consider limitations in vehicle electronics with regard to computing power, memory and so forth, which makes an integration of security solutions from classical IT environments quite difficult.

AI: What is needed in the implemen­tation of effective IT security for the connected vehicle?

Hettstedt: It will be important to in­tegrate security requirements at the ear­liest stage of the software development process and to consider these require­ments throughout the entire development process. This the classical development processes to now include appropriate pro­cess steps and methods for the management of cyber risks, security requirements and the re­lated security testing.

Knechtel: The integration of technical security analysis during the development within the entire product development process (PEP) also enables the identification of vulnerabilities at an early stage. A successful penetration test for a vehicle which is already in the field would lead to an expensive recall campaign.

Hettstedt: A very important role is also played by proper management of the cryptographic keys (Key Management). The secure and controlled utilization of these keys within the entire ecosystem of the connected vehicle requires automotive and production grade key management processes over the complete vehicle lifecycle. Knechtel: Another essential aspect is the configuration management. In order to eliminate possible vulnerabilities rapidly and comprehensively it is necessary to monitor and update the vehicle configuration continuously and much more consistently than before.

AI: What experience has your company gained in addressing these challenges?

Hettstedt: More than 15 years ago we realized the fundamental differences between the automotive and the IT industries. Historically, auto IT security was addressed by the different vehicle domains individually, which has led to solutions running isolated from each other. Today it is still quite rare for concepts or technologies from the classic IT to be transferred to vehicles without significant adjustments. Due to the nature of the automotive business we always work in a field of tension between security level, costs and usability. This requires extensive knowledge of automotive systems and processes.

AI: What future challenges do you see for the age of autonomous driving?

Knechtel: The Advanced Driver Assistant Systems (ADAS) will gain many more privileges than before. The focus will not only be on electronic control units (ECU) that actively take decisions and send commands, but also on the sensors which generate and provide the basic data necessary for the decision. The challenge here will be to upgrade the bus systems with security, because security has not so far been an issues for vehicle busses. Even if the current approaches of AUTOSAR provide partial solutions, essential topics, such as key management or synchronization of freshness values between different ECUs are not yet covered. In addition we see an extensive logging of system conditions and system messages as a consequence of liability issues. The critical nature of these data sets requires appropriate mechanisms to protect them against unauthorized access and manipulation. Privacy issues are also raised as the data enables one to track where a driver has been and their behavior.

Hettstedt: Electronic components will act without driver interaction and cover all situations independently. The electronic system must be able to monitor itself. That means independently detecting hacking attacks and reacting autonomously, without endangering the safety of driver and vehicle. Against this background we may give cognitive in-vehicle security some thought. Moreover, the vast amounts of data generated and processed by the vehicle will require intelligent filtering mechanisms in order to identify security-relevant events.

AI: Where do you think the opportunities for the OEMs lie?

Knechtel: The primary aim should be to use proven structures, processes and methods. Even if safety and security differ in terms of the approach to the object of protection, both have the same goal. Specifically this means that organizational structures and processes in product development and quality assurance can continue to be used. However, these processes have to be complemented by security-specific knowledge and methods and selectively expanded by specific process steps in order to address IT security as well.

Hettstedt: As a service that is not perceptible by the driver and therefore not billable for the OEM, IT security has been primarily seen as a cost driver. This perception has since changed. Implemented appropriately, IT security can also help to establish new business models as enabling technology. An example of this is the use of separation technology in the Head Unit. A dedicated separation layer allows a secure partitioning of the memory by the generation of different compartments. Due to the technical characteristics of such a separation technology, the vehicle manufacturer would be able to rent out or lease memory to third parties, without a loss of security or control.

AI: How is secunet positioned in this environment?

Hettstedt: On the one hand, we support OEMs and suppliers in the implementation of automotive-grade security solutions for the vehicle onboard network and the back-end infrastructure. On the other we use our own security lab to analyze established systems for vulnerabilities in terms of cyber-security. One further asset of secunet is our experience with applicable IT security in associated industries. This gets more and more important as the boundaries between different industries blur in the age of networking. Therefore the utilization of opportunities from other segments is becoming increasingly important for the automotive industry.