Car makers use cryptographic keys for a variety of purposes, including Over-The-Air (OTA) software updates, security immobilizers, inter-module communications, and Vehicle-to-Everything (V2X) communication security. Key Management Systems (KMS) are very complex, as the manufacturer has to manage dozens of keys for each car model, both at production and when new components are introduced during repairs, and they must maintain these keys over the long lifetime of a car. Key Management is a daunting task.
Security vendors offer a number of proprietary solutions, while Tier 1 suppliers and automakers themselves sometimes develop their own solutions. This means the KMS must implement several solutions in the same car model, and perhaps a different solution in following years for the same model. This can lead to car manufacturers not entirely understanding a security vendor’s solution or making errors in implementation due to the different processes.
Mcity, the University of Michigan-led public-private partnership formed to accelerate the development of connected and automated vehicles, has recognized the complexity and inherent risk in having so many proprietary standards for KMS, and is working with OnBoard Security to develop a secure key management standard for the car industry. OnBoard Security is an Affiliate Industry member of Mcity.
Over the next few months, the security experts at OnBoard Security will be identifying common use-cases, developing KMS requirements, and then proposing a KMS standard. The KMS needs to be flexible enough to work with legacy systems, while also covering all common use-cases and accounting for different car makers’ solutions, both today and extending into the future.
This work on the KMS is the first step in enabling car makers and their suppliers to offer a secure system in the short term, benefit from improvements developed by the community in the future and save cost for all involved parties. The car makers can move forward without worrying about how to manage all of those cryptographic keys and can focus instead on differentiating themselves with features their customers demand.
The full press release on the KMS work we are doing can be found here: https://www.onboardsecurity.com/company/news-and-events/onboard-security-partners-with-mcity-on-secure-crypto-key-management-system-for-automotive