Regulators, OEMs, tech companies focus on connected vehicle security

As “connected cars” enter the market and more vehicles include Internet-enabled technologies as a standard feature, cybersecurity in these vehicles has received more attention. Regulators, automakers, consumer groups and technology companies are developing and calling for new encryption approaches and standards to keep driver data (and drivers) safe.

Security, in fact, was a key topic at the recent Connected Cars USA 2016 conference in February in Washington, D.C.

Last July, the U.S. Senate began considering vehicle security and privacy legislation. One of the bill’s sponsors, Sen. Ed Markey, along with Federal Trade Commission head Terrell McSweeny talked up their efforts to raise awareness and establish standards at the conference.

“Everybody in the industry, and policymakers and senators, needs to be thinking about it,” McSweeny said at the conference. “As we start driving computers instead of machines, what’re the expectations around those?”

There have been several “white hat” hacker demonstrations in which vehicles were remotely hacked and controlled by gaining access to their connected infotainment and other systems. One of those demonstrations prompted Chrysler to recall 1.4 million vehicles to correct a security vulnerability.

"What I've learned from visiting with hackers and security researchers is that cars are prominent targets," McSweeny said. "But also that this prominence can create a real opportunity to enhance the safety and security of cars and the trust of consumers."

Automotive security manufacturer Giesecke & Devrient (G&D) reported earlier this year that in 2014, just 10 percent of global passenger cars were connected. By 2020, 75 percent of vehicles being manufactured will have Internet-connected infotainment systems, according to BI Intelligence, and experience a compound annual growth rate of 45 percent.

G&D has teamed with IBM to develop connected vehicle security solutions that would make car hacks more difficult using crypto chip and key technology.

“With dozens of ECUs (electronic control units) and several in-vehicle bus systems as well as various wireless connections to the external world of a connected vehicle, it is vital to protect those systems in the best possible way against remote hacks, fraudulent attacks and any attempts that could affect traffic safety,” said Erich Nickel, Director of Automotive Solutions at IBM. “As a multitude of connected vehicle online services are already available, involving aspects of data privacy and secure payments, secure infrastructures and communication channels are needed.”

The solution includes smart card security and embedded secure elements (eSE) for storing cryptographic keys, as well as key creation and management technology, subscription management and security intelligence in the vehicle to detect attacks.

Tech company Laird expanded its connected vehicle security efforts through its acquisition of the German company Novero early in 2016. Because connected vehicles will leverage a number of different connectivity options (Bluetooth, WiFi, cellular, and Dedicated Short Range Communications), security will be complex and challenging. Novero’s antenna coupling, near field, and in-car hot spot technologies will be combined with Laird’s vehicle-to-vehicle and vehicle-to-infrastructure solutions in a secure fashion.

Another significant security effort is underway at the International Transportation Innovation Center (ITIC), which signed an agreement with SK Telecom to develop quantum cryptography technologies to protect connected cars. The ITIC is creating a testbed to validate secure networked transportation technologies.

“We are developing ITIC as a neutral testbed, because we think it is important to have multiple system providers testing at the same location for cybersecurity,” says Dr. Joachim Taiber, CTO at the ITIC and a research professor of electrical and computer engineering at Clemson University. “Different engineers can work at one test location and synchronize their data and share the development results with each other.”

Because so many different companies contribute connected technology to a vehicle design, coordinating their security efforts is critical. “the ultimate responsibility is with the OEM, but if they work with an IT company that provides a data center that feeds data into the car, the OEM isn’t really responsible for that data center. So you need a neutral testbed where all of these different systems can be validated.”

SK Telecom’s quantum cryptography system uses quantum physics instead of mathematics-based encryption algorithms. According to the company, it securely distributes a secret key to legitimate parties. The key is a table of random numbers shared by legitimate users, and is secure against all possible eavesdropping.

Traditional pseudo-random number generators currently used in many connected car encryption systems are vulnerable to hackers who decrypt the digit sequence. SK Telecom claims its technology generates “true random numbers.”

Key technology companies have also formed the Intelligent Car Coalition (www.intelligentcarcoalition.org) to address connected car policy development and security issues. 

Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.