Several presenters unanimously regarded wireless upgrade capability of in-car software (OTA) as indispensable to counter the cyber threats. On top of that, there were suggestions for direct technical measures to solve the problem. Koji Nakao, Research Executive Director of Japan’s Network Security Research Center, suggested a multi-level security architecture that embraces messeg verification, trusted boot of ECUs, authentication of communications in and around the car, message filtering (to prevent DoS attacks) and Fault tolerance. This approach is currently discussed in the relevant working group SG-17 of the ITU-T standards organisation. In addition, Nakao suggested to adopt the lightweight cryptography described in ISO/IEC 29192 in cars: It would suit to apply data encryption on the CAN bus even for time-critical real-time safety applications, he said, and it would not overburden the micro controllers in the ECUs.
In any case, no single measure would be sufficient to attack the entire problem. In demand is a holistic approach, many experts agreed. Plus, the security issue will persist. “You can’t fix it once and for ever”, warned Frederix. “You will always see new challenges”.
IT security becomes essential feature for cars
Car security at IAA: No need to reinvent the wheel
Intel launches car security expert group
Fraunhofer rolls security platform for cars