OnBoard Security InSights

Closer to Proving the NTRU Assumption

Posted by Zhenfei Zhang on Apr 20, 2017 3:57:28 PM

NTRU is a cryptosystem that uses a special type of polynomial ring. The underlying hardness assumption, known as the NTRU assumption, is that an inverse of a short polynomial (polynomial whose coefficients are very short compared to the modulus q) is indistinguishable from a uniformly random polynomial in this ring. This indistinguishability is crucial in designing a cryptosystem.

Read More

Topics: NTRU, Cyptography, Quantum Computing, Internet of Things, Embedded Security

Automotive Cybersecurity Best Practices

Posted by Gene Carter on Apr 17, 2017 4:58:39 PM

In July 2016, the Automotive Information Sharing and Analysis Center (Auto-ISAC) released "Automotive Cybersecurity Best Practices" for carmakers and their suppliers. This document expands on their "Framework for Automotive Cybersecurity Best Practices" published in January 2016. This is the first time the automakers have addressed cybersecurity in a formal manner and a strong sign they are treating hacker threats seriously.

Read More

Topics: Automotive, Internet of Things, V2X, Embedded Security, Autonomous Vehicles

Comments on the US DOT V2X Mandate

Posted by Gene Carter on Apr 13, 2017 1:12:08 PM

OnBoard Security, the embedded security division of Security Innovation, recently commented on the US Department of Transportation’s Notice of Proposed Rulemaking (NPRM) on V2V communications. OnBoard Security strongly supports the establishment of the proposed regulation since the number of lives saved increases dramatically as the number of cars with V2V increases. Widespread penetration of the technology, and the corresponding prevention of deaths, can only be reached in a reasonable time with a mandate.

Read More

Topics: Automotive, Privacy, Internet of Things, V2X, Embedded Security, Autonomous Vehicles

What the Tesla Autopilot Crash Tells Us About the Need for V2V Security

Posted by Jonathan Petit on Apr 6, 2017 3:08:29 PM

In September 2016, Tesla Motors issued an over-the-air software update to make its Autopilot system rely more on radar than cameras. This update was in response to a highly publicized crash in May 2016 in which a 40-year-old man was killed when his Tesla crashed into a turning tractor trailer. Tesla wrote in a blog post that Autopilot didn't detect "the white side of the tractor trailer against a brightly lit sky, so the brake was not applied." Without more information about the accident I can only speculate, but let me try to reflect on the problem and how security plays a role. The cause of the accident was that the camera did not detect the object because of natural/non-malicious blinding. I define blinding as the action of affecting the camera in a way that objects are not detected, either partial or full blinding. So, what does it say about the robustness of the system against blinding attacks? It says that Tesla's Autopilot apparently does not prioritize safety or does not do sensor fusion correctly, if at all.

Read More

Topics: Automotive, Internet of Things, V2X, Embedded Security, Autonomous Vehicles

How We Attacked Autonomous Cars at Security Innovation

Posted by Jonathan Petit on Apr 6, 2017 3:07:38 PM

Autonomous automated vehicles (AV), also known as self-driving cars, have been garnering a lot of press coverage over the past year, as automakers (Audi, Mercedes-Benz, GM, Toyota, etc.), Tier 1 suppliers (Delphi, Bosch, etc.), Universities (Oxford, Stanford, Parma, etc.) and technology companies (Google, Apple, etc.) have all made steps toward releasing autonomous cars in the not-too-distant future.

Read More

Topics: Automotive, Internet of Things, Embedded Security, Autonomous Vehicles

Feds' Automated Vehicle Guidance Stresses Cybersecurity by Design

Posted by Gene Carter on Mar 31, 2017 4:52:21 PM

The National Highway Traffic Safety Administration (NHTSA), part of the US Department of Transportation recently issued their much anticipated Federal Automated Vehicles Policy. This 116-page document is guidance, not mandatory rule-making to "guide manufacturers and other entities in the safe design, development, testing, and deployment of HAVs [Highly Automated Vehicles]."

Read More

Topics: Automotive, Internet of Things, V2X, Embedded Security

Three Strategies for Car Cybersecurity

Posted by Gene Carter on Mar 31, 2017 4:42:44 PM

According to consulting firm, Frost and Sullivan, we can expect the number of hackers to grow to more than 150,000 globally by 2018. This fact combined with the fact that in that same time the number of connected vehicles on the road will increase to more than 220 million creates an increased threat for a significant automotive cybersecurity breach.

Read More

Topics: Automotive, Internet of Things, Embedded Security

V2V Communications: What About My Privacy?

Posted by Gene Carter on Mar 31, 2017 3:42:57 PM
There is a shift in focus from surviving accidents to stopping an accident from ever happening. Have you ever experienced unexpected stopped traffic as you crest a hill? Or narrowly missed hitting another car because your view was blocked by truck in a turn lane? While today’s vehicles are already employing technologies to improve situational awareness, they are limited to line of sight. There wasn’t a way for your vehicle to communicate with other vehicles and notify you. This is where Vehicle-to-Vehicle (V2V) communication comes in.

Read More

Topics: Automotive, Privacy, Internet of Things, V2X, Embedded Security

Changing Crypto Takes Longer Than You Expect

Posted by Gene Carter on Mar 28, 2017 3:20:14 PM

Even When You Expect it to Take Longer...

 

Read More

Topics: NTRU, Cyptography, Quantum Computing