The slew of recent news reports showing the vulnerability of connected cars to hackers has shattered trust in cars themselves as well as in emissions monitoring. The way manufacturers can rebuild this trust is by ensuring the best possible protection, authentication and authorisation between entities and devices exchanging data.
In the case of the connected car, this relates both to the communication within the car system and externally. Furthermore, protection against hacking or irregularities requires a high quality framework allowing manufacturers to update firmware remotely, as these can be expensive if done purely through physical recall, says Jason Hart, VP and CTO for Data Protection, Gemalto.
(Also see: Time for car makers to face new challenges, says Ptolemus Consulting following Jeep ‘hackjack’)
However, building a high quality framework requires car manufacturers to have a 360 degree view of their cars’ operating systems and data, a complex task which can often be overlooked. Having a full understanding of the connectivity, security, and monetisation issues surrounding connected cars can help.
Connectivity is key
In order to meet the needs of today’s always-on users and guarantee safe communications, the automotive sector must improve their devices’ connectivity and management flexibility.
This is why manufacturers are increasingly embedding SIM cards in cars during the manufacturing process, simplifying their installation and enhancing security. This not only reduces exposure to tampering and damage, it also means manufacturers can securely identify individual cars, encrypt communications and ensure secure global connectivity for smart vehicle systems including telematics and navigation.
In the future, secure cloud-based service enablement and next generation features such as secure ID-based ignition, integrated near field communication and mobile wallet applications will further contribute to convenience for drivers and passengers alike.
Ensuring the best level of security
According to the latest Breach Level Index report, there were 888 data breaches in the first half of 2015 alone, compromising 246 million data records of customers’ personal and financial information worldwide, making it clear that security breaches are not a matter of “if” but “when”. With regard to cars, hackers are able to remotely send commands through entertainment systems to control everything from the stereo and air conditioning, to brakes and engines, turning vehicles into one of the most dangerous connected ecosystems.
By using reverse engineering, hackers can understand how to mount their attack. This means that security by design is key in deploying a secure connected car architecture. It starts with a thorough risk evaluation so that needs can be properly assessed. From there, specific hardware and software solutions can be implemented across the entire connected car ecosystem to protect the complete chain – from the device, the application, the network, and the data to the back-end infrastructure.
A combination of hardware and software modules and procedures to manage digital certificates are needed in such a potentially insecure environment, which is why manufacturers should enforce two-factor authentication – whether via the generation of one-time passcodes or by way of smart cards or USB tokens – as well as strong public key infrastructure (PKI) plans in order to keep connected cars safe.
The added value of software monetisation
Thanks to small, low-cost sensors embedded inside connected cars, IoT devices generate vast amounts of data, offering manufacturers unprecedented levels of insight into a vehicle’s “health”. Predictive maintenance, as it is known, allows manufacturers to foresee and proactively deal with technical issues before they become a problem, keeping upkeep costs low and improving user experience. What’s more, it enables them to tap into new markets by offering a wide range of consumption-based pricing models to suit every budget and user requirement.
Software monetisation also allows manufacturers to protect their most valuable assets from intellectual property theft – a threat that costs businesses worldwide hundreds of billions of pounds each year. The moment software is out in the open for others to use, it is susceptible to piracy, tampering, reverse engineering and licensing infringement. Using advanced encryption techniques, software monetisation tools keep manufacturers’ licenses secure and ensure vehicle data is encrypted, protecting source code from theft, manipulation and tampering.
Ultimately, building a high quality framework where no compromises are made on security, connectivity and monetisation enables manufacturers to significantly reduce the chance of any security breaches, such as the Jeep hack earlier this year. Now, it’s only a matter of time until all connected car manufacturers adopt a comprehensive approach such as this for their frameworks.
The author of this blog is Jason Hart, VP and CTO for Data Protection, Gemalto
