Connected vehicles make many new and exciting automotive features and functions possible, benefitting both drivers and car manufacturers. New vehicle capabilities can be delivered wirelessly through over-the-air software updates—even to vehicles that are already on the road. Interested in automated valet parking? No problem; if the necessary hardware is in place, just download the app from the cloud.
While connectivity may currently be a “nice-to-have” for traditional vehicles, with fully autonomous vehicles—where real-time navigation and complex data analysis are required—connectivity is an essential, legally required feature.
As cars become more and more connected, the security risks increase. In advance of connected cars, intruders needed physical access to a vehicle to tamper with it. Today, a connected vehicle connects to a back-end cloud network infrastructure that can also be hacked or taken over. In certain organizations, the manufacturing process itself is based on IoT (Industry 4.0). This implies that car makers and vehicle owners are exposed to risks from the production line until the vehicle’s end of life.
Security and connectivity are interdependent
To be able to benefit from the full potential of a connected car, a proactive and comprehensive approach to security is required at all levels.
This means that the vehicle’s hardware is protected, and each electronic control unit (ECU) may only be accessed with authorization using a unique hardware key. Accordingly, the security measures must be embedded in the vehicle architecture: Inside and outside the vehicle, all interfaces and network functions must be systematically protected against unauthorized access and manipulation. In addition, the data flow must be permanently monitored and checked for integrity in order to identify tampering of any kind.
There is no single solution to preventing cyberattacks. Cybersecurity solutions are always assessed in terms of their effectiveness, i.e., the extent to which they make potential attacks difficult. Automotive security is not an additional function, but a holistic technical concept that covers the entire life cycle and value chain of a vehicle.
The ideal is to protect the vehicle at every layer of the software stack. It starts with the automotive architecture, with embedded cryptography architectures based on the AUTOSAR standard, and customer-specific requirements. Security mechanisms are designed for secure communication, authenticated identification, theft protection, anomaly detection, intrusion detection, and all types of cryptographic calculations, secure updates, and secure diagnostics. The protections then have to extend to those external inputs into the vehicle. The complexities are many, and may sound daunting, but they can all be enumerated, analyzed, and protected.
Experts deliver end-to-end solutions, including OTA
Most car makers are looking to automotive software experts for complete solutions including the ability to implement over-the-air (OTA) updates over a vehicle’s entire life cycle, such as EB cadian Sync. This particular solution from automotive software specialist Elektrobit prepares ECUs and systems for OTA updates as well as manages and performs updates during a vehicle’s life cycle.
End-to-end vehicle security has never been more important. Software and services that both protect and update the vehicle are now a critical necessity to fend off external attacks against individual vehicles or entire vehicle fleets. And, in addition to providing security and safety, OTA updates deliver another vital benefit as we navigate the challenging economic impacts of COVID-19: they enable the manufacturer to create powerful, new business and revenue models that go beyond the initial sale of the car.
For more information, download our tech paper "Security for connected vehicles throughout the entire life cycle".