Balancing infotainment with security?
With the imminent roll out of fully self-driving vehicles, drivers will find themselves with more time on their hands as they go about their daily commute: Time that could be put to use catching up on office work and answering emails – but even more importantly, passengers will be able to access an ever increasing array of infotainment services.
For instance: Enabled by connectivity, in December 2015 Tesla partnered with Spotify to offer its European customers a music streaming service. However, recognizing this service as a potential revenue-stream the company has recently reached out to music labels to license their portfolios for inclusion in its forthcoming global in-house music streaming service, dubbed “TTunes.”
Image Source: Teslarati.com
The problem with satisfying the consumers’ demands for extended infotainment systems and services, is that these connected services significantly increase the vehicle’s attack surface, thereby escalating the risk of a cyber-attack.
Before the arrival of vehicle connectivity, cars were deemed to be self-contained systems with wired, peer-to-peer networks connecting systems and components. The design assumptions and use cases were based on the fact that the connectivity of equipment would be confined to a local system. This constrained environment meant that designers only had to provide basic security measures. Getting physical access to the vehicle was a pre-requisite to launch any attack. Due to this, the attack surface was small.
However, with the vehicle connected to the internet or a larger communication network, it becomes another node of the network and its attack surface increases. So, in order to deal with the increased vulnerability the security controls have to be improved.
Accordingly, automotive industry associations are focusing their attention on security measures to support growth in key markets for networked services. The spectrum ranges from content streaming, location-based assistance and intelligent emergency support to over the air software updates for electronic control units.
At the same time, hackers are to be prevented from abusing these connections for their own purposes.
Cyber-attack surfaces are increasing as connected services expand
As manufacturers find new ways to leverage connectivity and the IoT, so new attack vectors are created.
Currently the systems most vulnerable to cyber-attack are:
• Infotainment systems
• Smartphone apps
• Bluetooth connections
• Communication intercepts, such as keyless entry and tyre pressure sensors
• Direct network access via the OBD port
For example, an attacker connecting remotely to a vehicle’s infotainment system could, through the CAN Bus, gain control of an ECU controlling the autonomous emergency braking, or lane departure systems; which are both safety critical.
Future attack surfaces are likely to include IT-infrastructure of dealer/repair shops, original equipment manufacturers’/service providers’ data centres, and other elements of the digital delivery chain.
Securing onboard infotainment systems against cyber-attack
Confronted by customers’ demands for a better user experience, manufacturers will continue to expand connected infotainment options and services, often via the IoT; however this needs to be balanced against the increased risk of cyber-attack.
Taking up the challenge, suppliers have developed several strategies to reduce the risk while maintaining the OEMs flexibility in offering wide ranging infotainment solutions that meet consumers’ expectations. These solutions usually form part of the overall security strategy for the connected platform.
Thus, first tier supplier Continental has chosen a multilayered approach, which takes cyber security into account from day one in product development. This starts with a detailed risk analysis of any new project to ensure products and services are secure and comply with all standards and regulations. According to Andreas Wolf, head of Continental's Body & Security business unit the company refers to this process as 'security and privacy threat analysis, risk assessment and risk treatment', which not only covers the initial development but also the entire product life cycle.
Adopting a similar approach Israeli cyber security specialists, Argus, believe that multiple solutions focused on different parts of the connected car ecosystem must be integrated in order to provide comprehensive, end-to-end security; a single product alone not offering sufficient protection. Accordingly, the company implements several layers of defense:
- Starting with the foundation, defensive software solutions can be housed locally on individual ECUs to secure these against attacks
- Moving up a level, software can protect the vehicle’s internal network as a whole by scrutinizing all network communications, flagging any changes in normal in-vehicle network behavior and stopping attacks from advancing in the network
- Next, solutions exist to defend particular structures, such as the infotainment system, that connect to the outside world. This is a critical layer in the overall cyber-security defense system, because it represents the border between the vehicle’s internal network and the external world
Intelligent intrusion detection and prevention systems are nothing new in traditional IT, having been tested and proven over the past several years in protecting IT infrastructure.
Applying these lessons to the connected vehicle industry German security services supplier, ESCRYPT, has developed a solution that detects, analyzes, and defends against cyber-attacks. The Intrusion Detection and Prevention Solution (IDPS) detects and documents attempted attacks and can automatically forward the data to a cyber-security backend for evaluation.
There, teams of experts evaluate the data in a forensic analysis of the event, so that they can define and implement appropriate countermeasures, such as over-the-air security updates.
Applying these methods of detecting and defending against attacks, automotive security becomes a continuous process that covers prevention (e.g. a firewall), the monitoring, reporting, and analysis of attacks, and the constant rollout of specific countermeasures.
In the event of an attack, IDPS launches a five-step defense:
- If the attack follows a known pattern, the embedded firewall CycurGATE immediately blocks access to ECUs. But to parry future attacks as well, the established rule sets (black- and whitelists) are also continuously updated.
- In the second step, anomalies and signs of a previously unknown type of attack are identified by the new intrusion detection software CycurIDS. Designed to run on CAN-based and future Ethernet-based EE architectures, it monitors data traffic.
- Step three stores any anomalies logged in the vehicle and uploads them later, or automatically transmits them to a cloud-based event database to enable faster response times. In this database, reports from all the manufacturer’s connected vehicles can be compiled and the reported anomalies can be compared with the fingerprints of known attacks. From the analysis of the data, OEMs receive a comprehensive and always up-to-date overview of the strategies hackers are employing, what vulnerabilities they are targeting, and if the attacks are increasing.
- Evaluating this extensive event database in the backend is step four of the defense strategy. Based on big data analysis technologies, this automated software solution analyzes the attack patterns and presorts them, the results of which can be used by the security and data forensic experts in the Cyber Defense Center in deciding on countermeasures.
- These may include specific adjustments to the firewall, updates to the rule sets, or even closing loopholes in the software in close cooperation with the manufacturers of the infotainment system or other ECUs affected.
This five-step defense strategy has been created as a future-proof, scalable solution ideally suited to rapidly evolving infotainment systems and services. But it’s more than that: every vehicle added to the system boosts its ability to analyze and detect attacks, thus improving the options for defense.
Each hitherto invisible attack – possibly blocked by firewalls – helps to tailor security measures more closely to current risks. Instead of languishing in data storage until the vehicle’s next trip to the repair shop, logged anomaly reports are sent directly to the cyber security backend, where they can immediately help improve protection.
In other words, IDPS is the connected car’s “immune system”: it grows stronger with every attack and becomes smarter, thanks to a constantly expanding database: Which is exactly what is required to balance consumers demands for more media features with system security.
The IDPS is very similar to Panasonic's newly developed security solution that the company claims will ensure safe driving by detecting and disabling cyber-attacks thereby making it easier to comply with future in-vehicle security legislations.
The system consists of a vehicle-installed "monitoring module" and a "monitoring cloud" that is linked to the monitoring module.
The vehicle-installed monitoring module monitors the entire vehicle based on the monitoring rules. By using the company's newly developed systems, once the attacks that cannot be detected with existing monitoring modules are discovered, the systems can prevent new attacks by updating the monitoring rules from the monitoring cloud. Thus helping to maintain safety even after the vehicle is released on the market.
Also, by identifying signs of attacks before they are confirmed as true security incidents, it is possible to implement countermeasures in advance to minimize the effects of the attacks.
At the end of the day it’s up to manufacturers to ensure the security of the connected vehicle while keeping pace with consumers’ demands for enhanced media offerings through onboard infotainment systems. This can only be achieved through highly adaptable and thorough security solutions.
- Christoph Hammerschmidt; EE Automotive News; First automotive processor available with Hardware Security Module; October 2017; http://www.eenewsautomotive.com/news/first-automotive-processor-available-hardware-security-module
- Panasonic Press Release; Panasonic Develops Automotive Intrusion Detection and Prevention Systems against Cyber Attacks; October 2017; http://news.panasonic.com/global/press/data/2017/10/en171010-3/en171010-3.html
- Fred Lambert; Electrek; A first look at Tesla’s own music streaming service in the works; August 2017; https://electrek.co/2017/08/31/tesla-music-streaming-service/
- Morand Fachot; IEC-eTech; Protecting road vehicles from cyber attacks; Volume 3 2017; https://iecetech.org/Technology-Focus/2017-03/Protecting-road-vehicles-from-cyber-attacks
- Escrypt; ETAS; New security solution detects, analyzes, and parries cyber-attacks on vehicles in the field; March 2017; https://www.escrypt.com/en/news-events/new-security-solution-detects-analyzes-and-parries-cyber-attacks-vehicles-field