Fraunhofer rolls security platform for cars
Electronic control units in today’s vehicles are connected to engine control, steering, even the behaviour of the brakes. In an average vehicle several dozens of these small computers are doing their service; some top models have more than 100. “Information technology nowadays is one of the strongest drivers of innovation in the car,” says Christoph Krass. He is researcher at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) in Darmstadt, Germany. The institute is focusing on the safety and security of embedded IT systems in vehicles. “The car, hitherto a closed system, is today target of attacks through its multiple IT interfaces that are increasingly implemented,” Krass says. The list of current examples of attacks is quite long. Hackers spied out private user data, used car dealers manipulate the odometer readings, car thieves outwit the immobiliser and open car doors and even rogue car owners activate functions they have not paid for. Very recently, a hacker duo took control of vital vehicle functions like brakes and steering; another one hacked into GMs OnStar communications system. Along with the progress of hacker’s ability to bring cars under their control grows the necessity to increase the security level for the in-car IT.
“Of course, cryptographic solutions are available”, says Krauß. “However, in many times they are not flexible enough”. Along with his team, Krauß built a solution that makes use of hardware security modules (HSMs) to ensure security at device level. In doing so, they utilised the Trusted Platform Module, a widely recognised open standard, in its latest version TPM 2.0. It has been developed by the Trusted Computing Group, an organisation bundling the standardising efforts of almost all important IT players. “Our solution is a software platform that helps developers to create secure control units based on TPM 2.0”, explains project manager Andreas Fuchs. “With this platform all necessary building blocks of automotive control units, hardware as well as software, can be simulated and subsequently implemented. Thus, car manufacturers and tier ones obtain important information already during the development that helps them to try out different application scenarios. To look into real HSMs once they are developed is not possible for security reasons”, Fuchs said.
The TPM-based solutions devised with the Fraunhofer platform can be integrated directly into the ECUs or be connected upstream of them, depending on what needs to be protected. The hardware of the solution takes the function of a “trust anchor” in that it is a secure storage for the cryptographic keys and at the same tome an application environment for all security relevant operations. It detects attacks and releases the keys only if the device is in a trusted state. “If, for example, the parking assistant has been manipulated, the engine control unit inhibits starting the motor to prevent undesired access to steering through this parking assistant,” explains Krauss.
The software in this system is required to communicate with the hardware and embed the security functions provided along with the platform into the main tasks of the ECU. Based on this framework, the researchers developed an HSM demonstrator for a head unit, the building block in automotive electronics that runs the infotainment system. It protects the car-related data as well as the owner’s private data against unauthorized reading.
“Today, TPM modules are installed in almost any desktop or laptop computer,” says Fuchs. “For instance, they secure the BitLocker disk encryption from Microsoft that is integrated into Windows. Our development environment is a contribution to establish the TPM standard in cars. This makes it easier for car manufacturers to implement these standards as well as applications based on them.”
The platform is not only relevant for car designers but likewise for other application areas such as industrial controls or the Internet of Things. According to Fraunhofer, licensing the technology for two industry sectors is imminent, and also automotive deployment is already close to series maturity.
Related articles:
Hackers take over a moving vehicle remotely
Opinion: Of hackers and showmasters
Automotive cyber-security: striving for better solutions
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
