Stepping Up Automotive Security in Today's Connected World

By Special Guest
Josh Jabs, Office of the CTO, and GM, IoT Solutions, Entrust Datacard
February 28, 2018

Drivers can’t seem to get enough of the new features behind the wheel made possible by IoT.

After nearly reaching $16 billion in 2015, the automotive IoT market is expected to explode to $82 billion by 2022. But while innovative features — such as assisted parking and remote start — can enhance the customer experience, they also welcome increased risk.

Data that’s used to power connected cars can easily fall into the wrong hands, creating enormous safety and security threats. Researchers from Kaspersky Lab recently brought such concerns into focus when they were able to remotely control applications from some of the biggest car manufacturers. Given the absence of proper security measures, experts uncovered opportunities for hackers to unlock doors, turn off security alarms and even gain control over a vehicle.

In order to address these threats, it is critical for automotive manufacturers to implement the following security strategies into their automotive IoT ecosystems to stay one step ahead of hackers.

Establish trust
Almost 40 percent of new car buyers in Germany, Brazil, China and the U.S. are reluctant to use connected services in a car due to privacy concerns. Manufacturers looking to ease the anxiety of such consumers should start by assigning a unique identity to each electronic device. Whether it’s an infotainment or real-time navigation system, IoT-enabled features shouldn’t be able to assume control over a vehicle’s critical functions — such as braking or steering. Unique identities are one way to ensure non-critical systems do not become a gateway to the rest of the vehicle’s functions.

By making it possible for devices to identify and authenticate the source and destination of specific requests, these identities can remove some of the risk tied to connected cars. Commands that once originated from basic devices will no longer serve as a gateway to the most important components of a vehicle.

Take time to authorize
Most electronic components are awarded the luxury of dishing out orders without restrictions. But if manufacturers hope to ramp up vehicle safety, that needs to change — and fast. Instead of authorizing every device to send or respond to commands, manufacturers should take a component’s operating context into account.

Technologies like parallel park assist, for example, should not be able to send commands while a vehicle is moving at high speeds. Mechanical safety functions that are necessary during certain situations should be enabled only when specific criteria are met, limiting the ability each device has to affect the car incorrectly. As limits are imposed on a device’s authorization levels, reliable device-centric security will improve.

Implement code-signing
At the heart of every connected car is an Electronic Control Unit (ECU). By doling out commands and capturing sensor data, an ECU influences many different areas of a vehicle’s operation. To ensure their vehicles are safe from a potential attack, manufacturers should consider implementing code-signing. This cryptographic method can go a long way toward securing over-the-air (OTA) updates that are vital to the functionality of ECUs. Given that hackers may want to leverage an ECU to alter the way a car runs, such security measures are an important part of any automotive security strategy.

There’s been a lot of hype about the automotive IoT market in recent years — and for good reason. The industry’s rapid growth may help deliver capabilities drivers once only dreamed of. With such innovation, however, comes the need for equally impressive security standards. Long standing concerns over safety and security threaten to stop automotive IoT growth in its tracks. But by creating trusted identities or utilizing code-signing, manufacturers can alleviate consumer apprehension and establish trust along the way.

About the Author: Josh Jabs is the vice president in the office of the chief technology officer and is the general manager of IoT solutions at Entrust Datacard. He has more than 20 years of experience gauging the practical impact of changes in the technology ecosystem, most recently with the rise of the Internet of Things. Jabs also served as the vice president of PKI and IoT solutions and the vice president of global government solutions at Entrust Datacard prior to his current role.

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Related Articles

Modeshift Partners with LTCA for Smart Ticketing

By: Stefania Viscusi    11/17/2022

Modeshift's smart transit solution has been adopted by Luzerne County Transportation Authority (LCTA) in the Wilkes-Barre, PA.

Read More

Video-Based Safety and AI Technology Can Reduce Truck Accidents

By: Tracey E. Schelmetic    11/15/2022

IoT solutions with video-based safety and AI technology can help reduce the likelihood of accidents by identifying distracted and aggressive driving.

Read More

Upward Mobility: Urban Movement Labs Joins Smart City Venture Studios as New Agency Partner

By: Matthew Vulpis    2/24/2022

The technology developed to create "smart cities" can make communities more effective and efficient in the use of resources, a necessity given the pro…

Read More

Up, Up, and Away - With Your IoT Data?

By: Special Guest    2/4/2021

Times have changed in the amazing world of the Internet of things (IoT). What once was a new and compelling idea has quickly worked its way into the h…

Read More

Semtech Expands LoRa Edge Portfolio with New Solutions

By: Ken Briodagh    11/4/2020

The LoRa Basics Modem-E and LoRa Edge Tracker Reference Design lower development costs and eliminate design complexity for IoT applications

Read More