Due to high-profile hacks on cars, it is hard to argue that safety can exist without security. Security is emerging as perhaps the most important factor in the evolution of the connected autonomous car.
Originally posted on the QNX Auto Blog[1]. As part of the run up to CES 2017[2], we are running a series of blogs to address automotive industry topics that we feel will be prominent at CES in January. Stay tuned throughout the month of December for more.
Cars are the most software-intensive systems in the universe, with far more lines of code than even a state-of-the-art jet fighter. Being that they are such complex digital systems, cars have become prime targets for attack. Cryptographic countermeasures are essential.
In the emerging software-defined world, safety increasingly comes from security, and security comes from cryptography. Robust cryptographic security implementations are the way to increase trust, and when it comes to a car, every system must be trusted – the dashboard, the smart infrastructure, the emerging application-based ecosystem; everything back to the supply chain.
In securing these myriad systems, many factors come into play:
- Automotive security fundamentally depends on the security of the operating system. For example, a microkernel architecture that separates critical OS components into their own protected memory partitions, provides temporal separation, and provides network security, among other things can greatly reduce a vehicle's attack surface.
- Security assets (crypto keys, serial numbers, etc.) must be securely installed into electronic devices such as electronic control units (ECUs), domain/area controllers, and other processors. This process is called "personalization."
- Electronic devices are often personalized and installed into vehicles in globally-located factories, which should utilize secure equipment and processes to ensure security of the devices.
- Devices must be updateable at dealers and repair shops.
- Aftermarket suppliers must be able to sell and update secure devices.
- OEMs must be able to authorize or not authorize specific electronic devices at manufacturing time and after the car is in use (for example to enforce warranty policies).
Personalizing a device such as a networked ECU makes it one-of-a-kind. It becomes a unique stock keeping unit (SKU) – unfortunately, the process of personalization also serves as an obstacle to flexible, just-in-time manufacturing flows. The tradeoff between the security of personalization versus manufacturing flexibility will play a part in most any automotive security design decision.
Security robustness versus cost is another critical tradeoff and applies both to the manufacturing infrastructure and the design of the secure systems inside and outside the vehicle. Because security must be injected both in the factory and in the field, a secure manufacturing system must have global reach, be manageable on a distributed basis, be updatable by various entities, and remain secure for years. In addition, updates will increasingly be made over the air, and the systems responsible must be highly secure while also easy to manage.
To maintain the maximum amount of flexibility, personalization and updating should be moved as close as possible to the very last minute, which is becoming a critical objective of the global manufacturing blueprint.
In the car, outside the car, and in the manufacturing supply chain, security must be designed with best practices in mind right from the start. That's where BlackBerry comes in. BlackBerry QNX software is well-known for safety, and new products are setting the standard for security; we provide mission-critical automotive software proven in the automotive market.
BlackBerry's Certicom subsidiary provides certified cryptographic code and design consulting, as well as secure equipment and managed services that harden the automotive supply chain. Completing the picture, BlackBerry's secure OTA managed services make it easy to update software and security assets over the air. When it comes to automotive security, BlackBerry brings it all together.
Come see us at CES 2017 in the North Hall[3] and learn how.
References
- ^ QNX Auto Blog (qnxauto.blogspot.com)
- ^ CES 2017 (www.ces.tech)
- ^ Come see us at CES 2017 in the North Hall (ces17.mapyourshow.com)