The Onboard Diagnostics Port (OBD) has been required for all cars sold in the US since 1996 and in Europe since 2001. Prompted by the need to simplify the diagnosis of increasingly complex emission control systems, the OBD-II improved on previous implementations by providing standardized condition codes for the auto repair and tuning markets. Standardized access to this data has helped spawn a robust aftermarket of plug-in devices to allow consumers to monitor their teen drivers, earn discounts from insurers, or gain insights into the performance and health of their vehicles. Similar devices allow fleet managers to monitor the condition, performance and behavior of their vehicles. Nearly all of these dongles offer a wireless connection for the convenience of their customers. Unfortunately, a wireless connection also provides a potential path for hackers to gain entry to the car’s internal networks.
Recently, our customer, Rivetz, announced their Dual Roots of Trust solution to protect private keys in a mobile phone, even if one of the systems is compromised. The Rivetz software generates and distributes the private key between the two roots – the Trusted Execution Environment (TEE) running in ARM TrustZone and the SIM card. This means that both roots would have to be compromised in order to get the user’s private key. Since the TEE is controlled by the phone manufacturer and the SIM is controlled by the mobile carrier, the user’s data is also protected from insider attacks or a vendor security breach.
Last year Americans purchased slightly less than 200,000 electric vehicles which are supported by approximately 47,000 US charging stations, according to Statista. The growth rate of electric vehicles is high and shows no signs of slowing down.
The world is facing an increasing threat from quantum computers. All widely deployed public key cryptosystems, namely, RSA, ECC and (EC)DH, will be broken due to Shor’s algorithm running on a quantum computer. To mitigate this threat, NIST started a call for proposal to identify cryptographic algorithms that are secure against quantum computers (a.k.a, post-quantum cryptosystems or PQC).
Most drivers place full trust in their GPS navigation systems to guide them to their destination. But what if those navigation systems can’t be trusted.
To get a clear view of your security goals and requirements it is very useful to categorize your project into one of four target environments.
Every day, thousands of new devices are given internet connectivity - called the Internet of Things (IoT). Figure 1 displays IoT devices attacked worldwide in 2015. Most of the internet connected devices are inherently insecure and hackers realize this as an easy opportunity. Even though home routers were the most targeted devices, others weren’t spared.
Topics: Internet of Things
This whitepaper provides a framework on system security design and the security software needed to achieve a system’s security goal. Four software models are examined and critiqued, with recommended strategies for choosing vendors within those differing models.