Page 69 - Cyber Defense eMagazine - October 2017
P. 69

Flexible solutions to meet evolving needs

               The  market  and  regulatory  landscapes  are  still  evolving  in  the  context  of  V2I  and
               associated ITS. OpenVPN may a provide robust, secure point-to-point and site-to-site
               connections utilizing SSL/TLS for key exchange provisioning authentication certificates
               for  every  connecting  client  with  signatures  and  certs,  which  will  be  secure  and
               accessible  only  inside  the  vehicle’s  embedded  Trusted  Platform  Module.  What
               connections to the Cloud will look like, where the Hardware Security Modules (HSMs)
               are likely to sit, is still less clear.

               These  HSMs  will  provide  the  “root  of  trust”  by  securely  storing  the  connection
               certifications.

               The key components to creating the root of trust for these security solutions include:


                   ●  Key Injection (or ‘seeding’) of semiconductors with unique digital keys, generated
                       within an HSM, and based on the HSM’s true random number generator (TRNG).
                       Together, these unique keys provide a vehicle’s unique digital identity. During the
                       lifetime  of  the  vehicle,  this will  be  used for authentication of  the  vehicle  at  the
                       service center or, for electric vehicles, at the charging station. In the future, this
                       will also occur within vehicle-to-vehicle communications (V2V).

                   ●  Authentication  forms  the  basis  for  access  control  of  both  the  driver  and  the
                       service center, who can only access or log in to the vehicle if in possession of the
                       correct  digital  key.  In  the  case  of  the  automotive  dealer  who  needs  to  do
                       maintenance or install a feature update, gaining access to the vehicle will only be
                       possible within the context of a public key infrastructure (PKI).

                   ●  Both  for  over-the-air  software  updating  (OTA)  and  the  first-time  deployment  of
                       software onto a vehicle, it is important that automatic integrity and authenticity of
                       the software is assured. This is done by code signing. During the development
                       stage, software is signed with a unique key that allows the person responsible for
                       deploying  the  code  to  verify  that  it  is  both  genuine  and  correct.  The  same
                       principles apply for the infrastructure aspect of V2I.

                   ●  Any  exchange  or  storage  of  vehicle  usage  data  must  only  take  place  in  an
                       encrypted  database.  This  assures  that  resting  data  is  not  accessed  without
                       permission or tampered with, and remains inaccessible in case of theft.

                   ●  A  tight  system  of  vehicle  authentication  is  necessary  to  enable  the  future  of
                       autonomous  vehicles,  public  infrastructure  services  and  private  infrastructure
                       services, and services supporting payment functionality via V2I. These must be
                       equipped with PKI, ensuring access is restricted and data is secure.



                    69   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   64   65   66   67   68   69   70   71   72   73   74