The annual Consumer Electronics (CES) conference has become a major show for automakers and suppliers to highlight the latest and greatest technological advances in cars. The past few years, there have been many announcements and demonstrations of Vehicle-to-Everything (V2X) communications, primarily using a Wi-Fi-based technology called Dedicated Short Range Communications (DSRC). The year marked a turning point, as a majority of the V2X announcements were based on Cellular V2X (C-V2X).
2018 has been an eventful year for OnBoard Security® and the markets we serve. The year started with a bang when OnBoard Security was spun off from Security Innovation®, becoming an independent company with the mission to help Automotive and IoT manufacturers stay ahead of the curve in cyber security. As an independent company, we are better positioned to focus on filling critical cyber security gaps in our target markets.
Topics: Cryptography, Automotive, Privacy, Internet of Things, V2X, Embedded Security, Autonomous Vehicles, Cyber Security, TPM, TSS, Trusted Computing, V2V, SCMS, Research, Connected Vehicles, DSRC, Blockchain, V2I
The Onboard Diagnostics Port (OBD) has been required for all cars sold in the US since 1996 and in Europe since 2001. Prompted by the need to simplify the diagnosis of increasingly complex emission control systems, the OBD-II improved on previous implementations by providing standardized condition codes for the auto repair and tuning markets. Standardized access to this data has helped spawn a robust aftermarket of plug-in devices to allow consumers to monitor their teen drivers, earn discounts from insurers, or gain insights into the performance and health of their vehicles. Similar devices allow fleet managers to monitor the condition, performance and behavior of their vehicles. Nearly all of these dongles offer a wireless connection for the convenience of their customers. Unfortunately, a wireless connection also provides a potential path for hackers to gain entry to the car’s internal networks.
Recently, our customer, Rivetz, announced their Dual Roots of Trust solution to protect private keys in a mobile phone, even if one of the systems is compromised. The Rivetz software generates and distributes the private key between the two roots – the Trusted Execution Environment (TEE) running in ARM TrustZone and the SIM card. This means that both roots would have to be compromised in order to get the user’s private key. Since the TEE is controlled by the phone manufacturer and the SIM is controlled by the mobile carrier, the user’s data is also protected from insider attacks or a vendor security breach.
Last year Americans purchased slightly less than 200,000 electric vehicles which are supported by approximately 47,000 US charging stations, according to Statista. The growth rate of electric vehicles is high and shows no signs of slowing down.
Car makers use cryptographic keys for a variety of purposes, including Over-The-Air (OTA) software updates, security immobilizers, inter-module communications, and Vehicle-to-Everything (V2X) communication security. Key Management Systems (KMS) are very complex, as the manufacturer has to manage dozens of keys for each car model, both at production and when new components are introduced during repairs, and they must maintain these keys over the long lifetime of a car. Key Management is a daunting task.
On Friday October 21, 2016, Dyn was subjected to two large Distributed Denial of Service (DDoS) attacks against their internet-address lookup Managed DNS infrastructure. The attackers used Mirai botnets launched from over 100,000 endpoints including cameras, DVRs and baby monitors to generate the significant volume of attack traffic. Affected services included Amazon, Spotify, Netflix and the New York Times.
Toyota recently sent a letter to the Federal Communications Commission (FCC) urging them to protect the 5.9 GHz band for Dedicated Short Range Communications (DSRC), the technology behind Vehicle-to-Vehicle (V2V)communications. Toyota noted that “The market leaders in Japan (Toyota), Europe (Volkswagen), and the United States (General Motors) have now either begun deployment of DSRC technology or announced a specific deployment plan for the technology.”