Connected Vehicle Security
Challenge: Securing Connected Vehicles
Today’s automobile has as much in common with the Apple iPhone as it does with a ’67 Ford Mustang. The technology found in modern vehicles enhances the driving experience while helping build stronger customer relationships, but this increased vehicle complexity also introduces new security vulnerabilities and challenges.
The addition of more connectivity to support infotainment systems, vehicle maintenance monitoring, and much more, opens up new potential attack vectors.
And a vulnerability in one area could expose the whole system, as advanced attackers seek out pivot points to exploit.
To prevent against unsecured components interacting with vehicle systems and introducing malware or providing a pathway for an advanced attack, components need to be authenticated. While vehicle OEMs and their suppliers have recognized that cryptographically-based digital signatures provide the strongest form of authentication, this also necessitates the management and protection of certificates and the underlying keys. The rapid increase in connected components has created the need for broad-scale secure key management, supported by a public key infrastructure (PKI).
Learn How PKIs Support the Connected Vehicle
While public key infrastructures (PKIs) aren’t new to many vehicle manufacturers and suppliers, the rapid introduction of connected components has exponentially amplified PKI usage. Well-structured PKIs are required to support the digital authentication of connected components, as well as to manage and protect certificates and the underlying keys.
And vehicle-to-vehicle/vehicle-to-infrastructure (V2X) communications – although first being introduced in 2017 production vehicles – will soon become the norm, representing a significant potential expansion of your PKI as vehicles themselves will need to be authenticated.
Risks Associated with Connected Vehicles
- The introduction of malware via software or firmware updates sent to vehicle safety, operational, and infotainment systems.
- Unauthorized and unsecured aftermarket components added to the vehicle – either deliberately or unknowingly – including widgets plugged into the vehicle’s On-board Diagnostics (OBD) II port.
- Unauthorized production runs at remote factories that result in damaged revenues and brand reputation.
Solutions: Thales HSMs Secure Connected Vehicles Today
To address these challenges, automotive OEMs and their suppliers have turned to Thales to help them build and execute on data protection strategies. In fact, Thales hardware security modules (HSMs) are trusted by two of the top three North American automobile manufacturers, and two-thirds of the tier 1 suppliers in Europe.
Combining Thales HSMs with supporting security applications, manufacturers can establish strong device authentication by injecting a unique digital certificate into each connected component. With HSMs helping to secure your manufacturing process, you can control how many components are produced as well as what code is loaded onto each – even in a geographically-disbursed supply chain.
The best practice to confirm the integrity of code updates and defend against the risks associated with software tampering is to ensure that code is signed using highly secure signing processes with private signing keys protected by HSMs. Several leading automotive suppliers use nShield HSMs to underpin their software and firmware code signing. Thales’ Code Signing solution combines nShield HSMs with services from Thales ASG (or provided by your existing systems integrator), providing tamper-resistant, certified protection for your private code signing keys and a secure platform to perform critical digital signature processes.
Many OEMs and tier-1 suppliers rely on Thales for our deep knowledge and expertise developed while building complex, highly-scalable PKIs. Our Advanced Services Group will help you identify and document your requirements, and build a PKI that’s designed to scale as your needs grow. Our PKI professionals will help you establish the chain of trust required to help secure today’s vehicles and connected components.
Learn About Vehicle OEMs and Suppliers Using Thales HSMs
When ZF Friedrichshafen AG, one of the world’s leading suppliers of automotive components, realized its decentralized PKIs were inefficient and had security weaknesses, the company chose Thales to help design an enterprise-wide PKI based on Thales HSMs. The PKI allows efficient certificate management and a reliable CA key storage environment that’s based on the highest possible levels of security.
A leading North American automotive OEM, which has been a Thales customer for more than 10 years, uses nShield HSMs to support areas such as:
- Securing telematics messaging from customer vehicles to central servers for maintenance tracking;
- Ensuring the authenticity of firmware code updates before they are introduced to vehicles;
- Designing and implementing the company’s internal PKI.
Thales has delivered on all of these requirements and the company plans to expand its use of Thales HSMs and services as it further builds out its connected vehicle strategy.
These are just a few examples of how Thales is helping to advance connected vehicle strategies. Download our connected vehicle solution brief or contact us today to discuss your unique security requirements.
- Defend against attacks by authenticating connected components.
- Validate that code updates are trusted and unaltered.
- Ensure secure and authorized communications to/from connected cars.
- Secure the most sensitive keys and business processes in the organization in an independently-certified, tamper-resistant environment.
- Improve customer service and revenue opportunities enabled by the secure monitoring of connected cars.
- Defend against unauthorized production runs and component counterfeiting that can impact revenues and brand reputation.
Thales HSMs and services help vehicle OEMs and their suppliers build trust into their connected components and advance their security strategies.