OnBoard Security InSights

The OnBoard Security Mission

Posted by Peter Samson on Jan 11, 2018 12:24:30 PM
Find me on:

I often get asked, what is the company’s mission?

Well, we are a software and services provider that protects the Internet of Things as well as the people who depend on it. We are globally recognized for our expertise in three areas: connected vehicle security, trusted computing, and protecting the internet from the threat of quantum computers. I tell people that we have a “Cheers” strategy: we serve three niche markets where everybody knows our name. We are already top of mind within the V2V marketplace. We are also the best-known software provider in the trusted computing market.

Trusted Computing

Trusted computing is a very fundamental method of securing computers and Internet of Things (IoT) devices through the use of special hardware called Trusted Platform Modules or TPMs, which are quickly becoming mandatory requirements in many governmental and commercial environments. TPM support is also a Microsoft requirement for Windows 10 certification, and TPMs are being adopted widely within the IoT world. The TPM chip specification was developed by a consortium called the TCG (Trusted Computing Group), which is made up of over one hundred companies including big semiconductor manufacturers as well as server, networking equipment, IoT and PC makers. OnBoard Security is a leader in the TCG—in fact, we were given Key Contributor Awards in both 2016 and 2017 for our work in defining and then writing the software that will make it easier for application providers to use TPMs. We have released the first commercial implementation of the TSS (the TPM Software Stack), which is already in use by some of the largest manufacturers in the world. For example, we were selected recently by Infineon, one of the world’s largest chip manufacturers, as their preferred security partner in the TPM space and we are working in parallel with them to drive this technology.

Because we have been at this for so long, potential partners and customers are approaching us! We have a robust partner network because of our activities in the standards organizations. People have been pushing us for a year or so to have our TSS software ready as quickly as possible. New opportunities are coming to us from the TPM space almost weekly. This is a nice position to be in.

Connected Vehicle Security

We are also the market leader in security for connected vehicles. This encompasses the next generation of cars that talk to each other and share information about their position, direction, speed, and other real-time status to prevent accidents. How will vehicles do this? By warning drivers of a potential collision a second and a half earlier than can be identified by current onboard sensors. This initiative has been sponsored by the US government, which has calculated that when vehicle-to-vehicle (V2V) communications are broadly adopted, approximately eighty percent of all accidents could be eliminated. When you consider that car crashes account for more than forty thousand deaths a year in the US and well over a million worldwide, this represents a massive improvement in auto safety. One of the key requirements of the vehicles talking to each other, of course, is that the information they share has to be secure and comes from a vehicle that has been authorized to send that information. Also, the transmission has to be completely private, so that there is no way that anyone—from the government on down—can identify either the vehicle or the drivers.

The biggest challenge is the network effect: the need to have a sufficient number of cars on the street communicating with each other to have a measurable impact on safety. Helping this is a pending government mandate that would require all cars built after a certain year, probably in the 2020-2021 timeframe, to support this technology. The first car shipped with this capability was the 2017 Cadillac CTS. At this time, it can only talk to other Cadillac CTS’s, which is not very useful. It is, however, important to recognize the fact that GM has taken an early leadership role; it has imprinted its commitment to life-saving technology on the market. Volkswagen has also announced that all of their cars in 2019 and beyond will have this technology. Both of these automakers use our software, and we have been very involved in helping develop the security infrastructure around it.

Right now, there are U.S. government-funded pilots in New York City, Tampa and Wyoming that are testing different uses of the technology, as well as collectively testing equipment interoperability. OnBoard Security is involved in all of these.

OnBoard Security’s major point of differentiation is that our Chief Technology Officer, Dr. William Whyte, defined the worldwide standard for V2V communication security and our product, Aerolink, is considered the best implementation of that standard. It is also the most widely used. Theoretically, there is no reason why other companies cannot write to that standard, but our advantage is that we have been in this from the start. We have been involved in just about every pilot implementation and are partnering with most of the key industry players, whether they are the OEMs; the Tier 1 providers that put the radios and navigation systems in cars; and the software and technology builders that they rely on. Therefore, our three major advantages are our expertise, our time-to-market, and our network of loyal partners.

There are a number of reasons we are very bullish on the V2V system. Countries outside of the United States are way ahead of us in their commitment to the implementation of connected car technology. Korea, China, Japan and Singapore, to name a few, have already committed to the technology. The Car to Car Consortium in Europe, is driving the local implementation of this technology. Similarly, U.S. car makers established an organization called CAMP, which is short for the Collision Avoidance Metrics Partnership. However, I think the biggest reason why this will happen is that V2V is a prerequisite to autonomous vehicles. For driverless cars to be able to navigate our world safely, comfortable and securely, they need to be able to share information with other vehicles, like disclosing their intentions, communicating their positions, identifying the speed at which they are traveling, and the condition of their sensors.

And finally, we have a globally respected research team that is partnering with major universities and think tanks to help evolve the security of connected and autonomous vehicles. Led by Dr. Jonathan Petit, this team has already applied for the patents that will enable us to build and capitalize on new products and functionality that will make our roads safer.

Post Quantum Cryptography

The third product is something that we have had for twenty years, which was clearly ahead of its time. It is a quantum resistant asymmetric algorithm. Long story short: many technology companies and governments—both friendly and unfriendly—are developing so-called quantum computers. This is a new family of technology that works on completely different principles than current systems, exploiting the strange characteristics of sub-atomic particles that can exist in multiple states at any one time. When quantum computers reach a well identified, critical size, which is expected to occur within the next five to ten years, they will easily be able to break all of the security that is commonly used on the Internet. Therefore, our security algorithms, which are called NTRU, were developed to replace both RSA and ECC, both of which will be easily compromised by quantum computers. When this happens, it will be known as the “crypto apocalypse” a catastrophe long feared by businesses and governments around the world. Because it can take over five years to switch over to quantum-resistant security, many of the more forward-looking large organizations are already planning their response to these existential threats to their businesses and, of course, the potential end to all of our privacy and security. Once again, in the world of encryption things move slowly but again, our advantage is that we were first with this capability. Anyone who is graduating from computer science school, or who has studied cryptography, will know the name NTRU. Once again, the “Cheers” strategy.

Ahead of the Curve

In the three market niches which we have selected, we are certainly ahead of the curve. In addition, one of our key strategies is to focus all of these capabilities into the automotive and transportation space and increase our revenue footprint per vehicle. Post quantum security is not only important in the automotive space, but is relevant to any environment where the devices have a life expectancy of more than ten years. This includes medical devices, energy grid IoT, and cars. When cars are connected they will need to be treated just like other complex electronic devices and require regular security and other software updates. Many people do not realize that a car is the most complex machine on the planet in terms of lines of computer code. It has ten times as much software as a Boeing 787 and twice as much as the Large Hadron Collider. A lot can go wrong when a car has one hundred and thirty million lines of computer code. The software has to be updated and the most efficient way of delivering the updates is over the air—but it is essential that the software being uploaded has not been tampered with. What currently protects the code? The very algorithms that quantum computers will soon render impotent.

Another area we are watching is Unmanned Aerial Vehicles (UAVs), commonly called drones because they have similar requirements as autonomous cars. Once Amazon, Alibaba and others start delivering stuff by air, the drones have to know where the other drones are, and they have to be secure and trustworthy. There are many adjacent technologies that we can use some of our products in, but right now our primary focus vertically is the Internet of Things, including connected cars.

But things don’t move quickly. We have been talking about the life-saving benefits of V2X technology for over ten years, when the FCC reserved wireless spectrum for safety messages and the auto makers started testing various use-cases. But at last the first V2X-enabled cars are starting to roll off the production line. Directionally, everything is going according to plan, but in terms of velocity it remains frustrating, and I often have to talk myself into being patient. The leading indicators are all positive and I am very excited about the impact OnBoard Security will soon have throughout our connected world.

To read more about the investment that allowed us to separate from Security Innovation, go here:  https://www.onboardsecurity.com/onboard-security-receives-funding-and-completes-planned-separation-from-security-innovation  

Topics: DSRC, Connected Vehicles, Research, V2V, TPM, Trusted Computing, TSS, Cyber Security, Autonomous Vehicles, Embedded Security, Regulation, Automotive, V2X, Internet of Things, Privacy, Quantum Computing, Cryptography, NTRU, BCAM, SCMS

Learn About the Latest in IoT Security from Our Team of Experts

 

OnBoard Security's security experts share insights on the latest security topics in:

  • Connected Cars
  • Autonomous Vehicles
  • Internet of Things
  • Quantum Computing

Subscribe to Email Updates

Recent Posts