By Malte Pollmann, CEO, Utimaco
Automotive manufacturers are scrambling to become the defacto “name” for Internet of things (IoT) enabled vehicles, which will soon be the standard rather than a mere convenience option. At the same time, there is a growing infrastructure emerging through both public and private investment to advance smart city and smart highway initiatives and the many revenue opportunities these concurrent developments present. While vehicle-to-infrastructure (V2I) technology will see tremendous growth and investment over the next few years, there is also an exponential expansion in the number of cyberattacks the network will face and connected infrastructure’s security surface balloons.
A vision of the future ITS
There are many factors defining the services and capabilities that consumers will face with Intelligent Transportation Systems (ITS), long before “self-driving cars” become the norm. Automotive manufacturers, third-party service providers, and federal, state and local governments now find themselves under pressure to deliver standards-based infrastructure to enable a myriad of next-generation, must-have services. This includes:
- Identity-based services for vehicle occupants, including streaming audio and video, hands-free parking, automatic refueling/recharging with seamless payment capacity, on-demand usage-based HOV access, and entirely new services not yet available via other channels
- Capabilities for local and state governments, and for private enterprises to institute mileage-based taxation and identity-based tolls, dynamically adjust road speeds by adjusting the signal phase and timing (SPaT), maximizing fuel economy and improving traffic flow during peak travel hours
- Automotive manufacturers will need to provide IoT access embedded in each vehicle to allow connecting to multiple services and future Department of Transportation regulations
The challenge of protecting ITS, components and users
While these ITS features and benefits require secure, dedicated short-range communications (DSRC), protecting these from attack is a monumental task. Many of the entities instrumental in developing and implementing these processes and systems don’t have deep IT security knowledge. Thankfully, there are existing technologies that can be leveraged to address each interaction and attack path.
Open source technology is likely key to ensure regulatory and market requirements are met, both today and in the future. First among these requirements is to securely identify both the vehicle and the user, in real-time, during even the highest periods of local network traffic. Imagine hundreds or thousands of moving vehicles interfacing with the ITS and third-party services via the ITS at any given moment. Each passenger or driver will need identity management mechanisms. Vehicle sharing services and the second-hand automotive market will require the ability to securely wipe previous owner or renter information while leaving vehicle and component identities intact. However, there are a couple of key challenges the industry will need to overcome to make an operational and secure V2I network a reality.
Interfaces and standardization
Automotive industry convergence with payment, telecommunications, and road infrastructure is a must. Besides instant communication with road infrastructure, V2I will enable automatic toll collection, intelligent parking and intelligent traffic services. Information like driving conditions, traffic status, and road issues will be communicated to the driver and vehicle as necessary. But when it comes to laying the foundation for V2I, both automakers and the ITS industry will face the challenge of deciding which existing industry standards and protocols they want to incorporate, and what new standards they need to create to fit their needs.
In banking, certain regulations are already in place to ensure customer data and company information is kept secure, the Payment Card Industry Data Security Standard for example. This sort of collaboration can be seen in the 5G Automotive Association, where SIM card manufacturers, carmakers and members of the payment industry are working together on specific use cases to set universal standards.
Technical implementation
Each connected vehicle, including many of its parts, requires a unique identity to ensure data transmitted to and from the vehicle can only be accessed by the right people. This unique identity needs to be attributed during the production process, as it is in Industrial IoT (IIoT) manufacturing. Key and certificate management will be an essential part of this secure over-the-air-updates (OTA) and authentication.
V2I requires data exchanges to occur instantaneously, often many times per second. This means that verifying the identity of the vehicle must happen just as fast. To meet these needs, vehicles implementing V2I must be equipped with digital certificates and encryption key management.
Over-the-air (OTA) data exchanges or downloads, for instance, new code, software, media content or vehicle usage data, will need to be executed securely. Not only will the vehicles and infrastructure need to be secured, but the channels through which the information is exchanged needs to be protected. Without security measures in place, vehicles risk transmitting the wrong, or even harmful, data to and from ITS.
Flexible solutions to meet evolving needs
The market and regulatory landscapes are still evolving in the context of V2I and associated ITS. OpenVPN may a provide robust, secure point-to-point and site-to-site connections utilizing SSL/TLS for key exchange provisioning authentication certificates for every connecting client with signatures and certs, which will be secure and accessible only inside the vehicle’s embedded Trusted Platform Module. What connections to the Cloud will look like, where the Hardware Security Modules (HSMs) are likely to sit, is still less clear.
These HSMs will provide the “root of trust” by securely storing the connection certifications.
The key components to creating the root of trust for these security solutions include:
- Key Injection (or ‘seeding’) of semiconductors with unique digital keys, generated within an HSM, and based on the HSM’s true random number generator (TRNG). Together, these unique keys provide a vehicle’s unique digital identity. During the lifetime of the vehicle, this will be used for authentication of the vehicle at the service center or, for electric vehicles, at the charging station. In the future, this will also occur within vehicle-to-vehicle communications (V2V).
- Authentication forms the basis for access control of both the driver and the service center, who can only access or log in to the vehicle if in possession of the correct digital key. In the case of the automotive dealer who needs to do maintenance or install a feature update, gaining access to the vehicle will only be possible within the context of public key infrastructure (PKI).
- Both for over-the-air software updating (OTA) and the first-time deployment of software onto a vehicle, it is important that automatic integrity and authenticity of the software is assured. This is done by code signing. During the development stage, the software is signed with a unique key that allows the person responsible for deploying the code to verify that it is both genuine and correct. The same principles apply for the infrastructure aspect of V2I.
- Any exchange or storage of vehicle usage data must only take place in an encrypted database. This assures that resting data is not accessed without permission or tampered with, and remains inaccessible in case of theft.
- A tight system of vehicle authentication is necessary to enable the future of autonomous vehicles, public infrastructure services, and private infrastructure services, and services supporting payment functionality via V2I. These must be equipped with PKI, ensuring access is restricted and data is secure.
A long and winding road
The promise of the smart city, smart highway, and connected car are right around the corner, but the industry is at a key point where decisions must be made and plans put in motion to enable a robust and stable network to handle the demands we can anticipate today, as well as those we have not even begun to realize.
Consistent end-to-end encryption is a necessity for the future of V2I and associated ITS. The technology we have today, including the current HSMs on the market today, can ensure the challenges associated with the total V2I landscape can be met securely, in-time, and within acceptable costs borne by the public and private investment in the V2I infrastructure, as well as third-party services and applications.
About the Author
Malte Pollmann has been CEO of Utimaco since 2011. Prior to that, he served as VP of Business Development and General Manager of the company’s two business units: Hardware Security Module and Lawful Interception and Monitoring Solutions. With a master’s degree in Physics from the Universities of Paderborn and Kaiserslautern in Germany, Malte also received a general management education at INSEAD in Fontainebleau, France. In parallel to his work at Utimaco, he serves on the Supervisory Board of the International School of IT Security – isits AG in Bochum.
Malte can be reached online at [email protected] or https://twitter.com/Utimaco, and at our company website https://hsm.utimaco.com.