Design Article
Comment
Peter_Mould
I shudder with the thought that someone can remotely control the various ...
tamberg
"When the Stuxnet attack came to light [...] Alexander suggested that the U.S.’s ...
Tech Trends: Security concerns for next-generation automotive electronics
David Kleidermacher, Green Hills Software
8/26/2011 1:01 PM EDT
Internal electronic threats
While physical network isolation is desirable, touch points will inevitably exist. For example, in some markets, the car’s navigation system must be disabled while in motion, implying communication between systems of widely differing safety criticality. Furthermore, a strong trend towards consolidation—where more powerful multicore microprocessors are used to host disparate systems, turning many ECUs into virtual ECUs—increases the risk of software-borne threats such as privilege escalation due to operating system vulnerabilities, side-channel attacks on cryptography, and denials of service.
Therefore, the car’s internal electronics architecture must be designed from the ground up for security. Interfaces between critical and non-critical systems and networks must be justified at the highest management levels, exhaustively analyzed, and certified devoid of vulnerabilities at the highest assurance levels, such as ISO 15408 evaluated assurance level (EAL) 6+.
The PHASE (Principles of High Assurance Software/Security Engineering) protocol espouses minimization of complexity, software component architecture, the principle of least privilege, secure software and systems development process, and independent expert security validation must be learned and adopted by OEMs and promulgated throughout their supply chain.
Conclusion
Car manufacturers and Tier 1s may not have been thinking a great deal about security when they designed the cars hitting roads today, but clearly that is changing. Manufacturers must work closely with embedded security specialists early in the design and architecture of in-car electronics and networks and must raise the bar on security-driven engineering and software assurance. Finally, the automotive industry is sorely in need of an independent standards body to define and enforce a system-level security certification program for in-vehicle electronics.
David Kleidermacher is CTO at Green Hills Software.
Reference:
Koscher, Karl, et al., "Experimental Analysis of a Modern Automobile," 2010 IEEE Symposium on Security and Privacy
While physical network isolation is desirable, touch points will inevitably exist. For example, in some markets, the car’s navigation system must be disabled while in motion, implying communication between systems of widely differing safety criticality. Furthermore, a strong trend towards consolidation—where more powerful multicore microprocessors are used to host disparate systems, turning many ECUs into virtual ECUs—increases the risk of software-borne threats such as privilege escalation due to operating system vulnerabilities, side-channel attacks on cryptography, and denials of service.
Therefore, the car’s internal electronics architecture must be designed from the ground up for security. Interfaces between critical and non-critical systems and networks must be justified at the highest management levels, exhaustively analyzed, and certified devoid of vulnerabilities at the highest assurance levels, such as ISO 15408 evaluated assurance level (EAL) 6+.
The PHASE (Principles of High Assurance Software/Security Engineering) protocol espouses minimization of complexity, software component architecture, the principle of least privilege, secure software and systems development process, and independent expert security validation must be learned and adopted by OEMs and promulgated throughout their supply chain.
Conclusion
Car manufacturers and Tier 1s may not have been thinking a great deal about security when they designed the cars hitting roads today, but clearly that is changing. Manufacturers must work closely with embedded security specialists early in the design and architecture of in-car electronics and networks and must raise the bar on security-driven engineering and software assurance. Finally, the automotive industry is sorely in need of an independent standards body to define and enforce a system-level security certification program for in-vehicle electronics.
David Kleidermacher is CTO at Green Hills Software.
Reference:
Koscher, Karl, et al., "Experimental Analysis of a Modern Automobile," 2010 IEEE Symposium on Security and Privacy
_____________________________
If you liked this article, go to the Automotive Designline home page for the latest in automotive electronics design, technology, trends, products, and news. Also, get a weekly highlights update delivered directly to your inbox by signing up for our weekly automotive electronics newsletter here.
|
|
|
|
|
Navigate to related information
prabhakar_deosthali
8/27/2011 8:40 AM EDT
Compromising on the Car;s safety by way of attacking its embedded system by entering through the network is a serious matter. Apart from restricting the critical systems to a strictly local ( local to the car) network the other way to protect the car's internal network is to use some special protocols ( apart from the standard TCP/IP based protocols or those industry standard CAN networks.
Sign in to Reply
p_g
8/29/2011 5:29 AM EDT
We already got a glimpse of software impact on real life through Toyota Prius story. That really make us aware if some critical functionality are hacked then how much of an impact it could be on persons life. Imagine abduction through remote, mass virus attack that leads to car failure e.t.c. I remember bond movies in which they remotely use to control and play around with cars.... will be reality soon.
Sign in to Reply
agk
8/29/2011 7:57 AM EDT
By reading this i feel cars without these devices are better. But any way one more layer of security checks with artificial intellligence will solve this hacking. Needs faster AI proceesing of all the collected information from various sensors,cameras,transducers and commands.
Sign in to Reply
AhmadNasser
8/31/2011 9:40 AM EDT
The more connectivity we demand, the less security can we aspire to have. Security must be part of the design and not an afterthought.
I have a feeling this is a problem larger than the automotive industry.
Sign in to Reply
tamberg
9/10/2011 2:02 PM EDT
"When the Stuxnet attack came to light [...] Alexander suggested that the U.S.’s critical infrastructure be isolated on its own secure network, distinct from the Internet."
Weren't the attacked plants completely offline?
Sign in to Reply
Peter_Mould
3/25/2012 10:42 PM EDT
I shudder with the thought that someone can remotely control the various functions of my car, putting me and my family in immediate danger. I was hoping that companies like BMW would have strong protections against hacks like this from happening, but I would not leave it to chance. Technology allows us greater convenience, but the downside is that it opens us up to more chances of backfiring.
Peter - http://www.pmwltd.co.uk/
Sign in to Reply