Security has always been the elephant in the IoT room. On this, CEOs have for years sat at round tables at the biggest technology events in the world and sagely nodded in agreement. Yet it remains elusive, wispy, ethereal. If you blink, it’s gone.
That’s a neat parlor trick for an elephant, but it’s not acceptable for automotive security, where a whole industry is dependent upon it being there: tangible, reliable and unbreakable. That was the reason the Future of Automotive Security Technology Research (FASTR) consortium announced its manifesto: Toward Tomorrow’s Organically Secure Vehicle.
Realizing that autonomous vehicles are a leading use case for connected vehicles, Aeries, Intel and Uber founded FASTR in 2015 with the goal of working with the expanding automotive ecosystem to accelerate the realization of organically secure vehicles. In the wake of numerous vehicle hacks since then, the formation of the group was prescient, but it didn’t make much headway under its initial name, the Automotive Security Review Board.
Beyond the manifesto co-announcement that Karamba Security and Rambus joined the consortium, the renamed FASTR consortium’s goals haven’t changed, but it did state more clearly the need for its collaborative effort – and how it intends to help the industry.
The need for a concerted effort is clear: with 250 million connected vehicles on roadways by 2020 and the expected market for autonomous vehicles to approach $77 billion in 2023, the consortium pointed to the vulnerability of wireless technologies and all the possible attack surfaces that can be used to compromise a vehicle’s security (Figure 1).
Figure 1: The amount of data flowing back and forth, both internal to the vehicle and between vehicles and infrastructure, is going to increase exponentially, as are the attack surfaces. (Image source: FASTR consortium)
This is particularly the case with the emergence of vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I) and vehicle-to-everything (V2X), as well as infotainment systems and GPS.
To date, most of the vulnerabilities are being addressed layer by layer. User access is controlled by passwords, biometrics, dual authentication methods and the use of secure elements. Gateways can be used to provide domain isolation, followed by encrypted data communications over secure networks, ending with embedded processors that have their debug ports closed, Secure Boot enabled and have software protections in place to prevent tampering.
Then there’s current standards compliance, such as the ISO 26262 Functional Safety Standard. The Society Of Automotive Engineers’ (SAE) took this standard’s risk methodology as the foundation of J3061, the “Cybersecurity Guidebook for Cyber-Physical Automotive Systems.”
Many more efforts are afoot to address security at every level, but a cohesive approach across the whole industry has not been forthcoming that addresses:
- Trust in data confidentiality: Vehicle and data must not be divulged without the permission of the operator.
- Trust in data and system integrity: Vehicle and operator data must not be compromised or altered.
- Trust in data and system availability: Vehicle and operator data must be available to the systems and services that rely upon them.
With hundreds of electronic control units (ECUs) controlled by what will soon be hundreds of millions of lines of code, much of it geared toward sending gigabytes of data to and from a vehicle, the security elephant cannot be circumvented any longer. It needs to be addressed head on and holistically.
The FASTR consortium is gathering together OEMs, transportation network companies, supply-chain providers, autonomous vehicle specialists, IC suppliers, specialists in automotive security, and academics and researchers. As a collaborative effort, it hopes to address security from top to bottom (Figure 2). It includes:
- Defense in depth: Threat modeling, vulnerability assessment and architecture
- Hardware security features: Multilayered defense across all hardware layers and environments
- Vehicle security design lifecycle: Predictable processes through production and manufacturing
- Threat intelligence: On-going assessment and over-the-air updates
Figure 2: FASTR’s goal is to bring the entire automotive ecosystem together and address the security issue at all levels. (Image source: FASTR consortium)
The latter point, over-the-air (OTA) updates, is tricky. The very act of doing security updates over the air does itself create a vulnerability. It’s currently advisable to do important updates at a secure site, or simply send a self-installing update to the user on a USB stick.
However, FASTR is more concerned with the future, not the present. While OTA updates may not seem good right now, that’s the whole point of a collaborative effort. In this case it’s to effect positive change to realize the potential of the various levels of autonomous vehicles, all the way up to fully autonomous.
How soon fully autonomous happens is anyone’s guess, but in the meantime, levels 2 and 3 are open for business and IoT solution providers have a role to play in FASTR to get the right security solutions deployed for IoT’s own potential to be unlocked. Release the elephant!