OnBoard Security InSights

TPM - a Powerful, Inexpensive Security Building Block

Posted by Lee Wilson on Mar 22, 2018 1:51:50 PM

There are two worlds of computer security - high-end systems and then everything else. Both high- and low-end systems typically employ “top-down” defenses to harden their attack surfaces. These are “software-only” security techniques.

Read More

Topics: Cyptography, Internet of Things, Embedded Security, Cyber Security, TPM, TSS, Trusted Computing, IoT,

What are Automated Vehicle Security Concerns?

Posted by Jonathan Petit on Jan 24, 2018 3:25:56 PM

At the Automated Vehicles Symposium (AVS) 2017, I addressed a plenary talk to the ~1,500 attendees, stating that even though it is unanimously considered as paramount, cybersecurity is still an after-thought. Or at least it still feels like it. Indeed, for the last two AVS editions, the cybersecurity breakout session reported similar open challenges, but no real changes have been seen since. In order to move the security needle, we took a different approach and didn't organize a cybersecurity breakout session. Instead, we identified that the missing components were the lack of inputs coming from the community of experts. To be able to build a more resilient system, cybersecurity experts should know about the limitations of each subsystem, and possible "nightmare scenarios".

Read More

Topics: Insider, Automotive, Embedded Security, Autonomous Vehicles, Cyber Security, Research, Connected Vehicles

The OnBoard Security Mission

Posted by Peter Samson on Jan 11, 2018 12:24:30 PM

I often get asked, what is the company’s mission?

Read More

Topics: NTRU, Cyptography, Quantum Computing, Automotive, Privacy, Internet of Things, V2X, Embedded Security, Autonomous Vehicles, Regulation, Cyber Security, TPM, TSS, Trusted Computing, V2V, BCAM, SCMS, Research, Connected Vehicles, IoT,, DSRC

Secure Crypto Key Management for Automotive

Posted by Gene Carter on Nov 1, 2017 12:21:38 PM

Car makers use cryptographic keys for a variety of purposes, including Over-The-Air (OTA) software updates, security immobilizers, inter-module communications, and Vehicle-to-Everything (V2X) communication security. Key Management Systems (KMS) are very complex, as the manufacturer has to manage dozens of keys for each car model, both at production and when new components are introduced during repairs, and they must maintain these keys over the long lifetime of a car. Key Management is a daunting task.

Read More

Topics: Cyptography, Automotive, Embedded Security, Autonomous Vehicles, Cyber Security, Research, Connected Vehicles, IoT,

Iot Devices - With Greater Connectivity Comes Greater Vulnerabilities

Posted by Gene Carter on Jul 28, 2017 9:41:34 AM

The IoT, or the "Internet of Things," represents an exciting period of innovation in our lives. It describes a world of devices all connected to the internet, a world in which inanimate technology that we use and see every day is becoming smarter. It also predicts a continuous journey towards greater ease and convenience, a future in which technology interacts with us as much as we do with it. As you can imagine, this comes with both perks and drawbacks.

Read More

Topics: Internet of Things, Embedded Security, Regulation, Trusted Computing

The country’s largest V2X implementation – Securing New York’s Connected Vehicle Pilot

Posted by Gene Carter on Jul 20, 2017 9:25:00 AM

In September 2016, the U.S. Department of Transportation (USDOT) awarded three Connected Vehicle (CV) Pilot Deployment Programs: New York City (NYC), Tampa and Wyoming. The CV Pilot Program will test and operationalize cutting-edge vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) technologies, including in-vehicle wireless, mobile devices, and roadside equipment that have the potential to reduce accidents, save lives, improve productivity, enhance mobility, and lessen the environmental impact of city traffic. The NYC CV pilot will feature an estimated 8,000 vehicles outfitted with V2X equipment, including 5,850 taxis, 1,250 MTA vehicles, 400 UPS trucks, and 500 city vehicles. There will be approximately 350 roadside units installed at Manhattan and Brooklyn intersections and on FDR drive. Additionally, 100 vulnerable road user (pedestrians and bicyclists) devices will be deployed to study the effectiveness of V2X technology in reducing NYC's high rate (5 times the national average) of crash fatalities involving pedestrians.

Read More

Topics: Automotive, Privacy, V2X, Embedded Security, Cyber Security, V2V, Connected Vehicles

Closer to Proving the NTRU Assumption

Posted by Zhenfei Zhang on Apr 20, 2017 3:57:28 PM

NTRU is a cryptosystem that uses a special type of polynomial ring. The underlying hardness assumption, known as the NTRU assumption, is that an inverse of a short polynomial (polynomial whose coefficients are very short compared to the modulus q) is indistinguishable from a uniformly random polynomial in this ring. This indistinguishability is crucial in designing a cryptosystem.

Read More

Topics: NTRU, Cyptography, Quantum Computing, Internet of Things, Embedded Security

Automotive Cybersecurity Best Practices

Posted by Gene Carter on Apr 17, 2017 4:58:39 PM

In July 2016, the Automotive Information Sharing and Analysis Center (Auto-ISAC) released "Automotive Cybersecurity Best Practices" for carmakers and their suppliers. This document expands on their "Framework for Automotive Cybersecurity Best Practices" published in January 2016. This is the first time the automakers have addressed cybersecurity in a formal manner and a strong sign they are treating hacker threats seriously.

Read More

Topics: Automotive, Internet of Things, V2X, Embedded Security, Autonomous Vehicles

Comments on the US DOT V2X Mandate

Posted by Gene Carter on Apr 13, 2017 1:12:08 PM

OnBoard Security, the embedded security division of Security Innovation, recently commented on the US Department of Transportation’s Notice of Proposed Rulemaking (NPRM) on V2V communications. OnBoard Security strongly supports the establishment of the proposed regulation since the number of lives saved increases dramatically as the number of cars with V2V increases. Widespread penetration of the technology, and the corresponding prevention of deaths, can only be reached in a reasonable time with a mandate.

Read More

Topics: Automotive, Privacy, Internet of Things, V2X, Embedded Security, Autonomous Vehicles

What the Tesla Autopilot Crash Tells Us About the Need for V2V Security

Posted by Jonathan Petit on Apr 6, 2017 3:08:29 PM

In September 2016, Tesla Motors issued an over-the-air software update to make its Autopilot system rely more on radar than cameras. This update was in response to a highly publicized crash in May 2016 in which a 40-year-old man was killed when his Tesla crashed into a turning tractor trailer. Tesla wrote in a blog post that Autopilot didn't detect "the white side of the tractor trailer against a brightly lit sky, so the brake was not applied." Without more information about the accident I can only speculate, but let me try to reflect on the problem and how security plays a role. The cause of the accident was that the camera did not detect the object because of natural/non-malicious blinding. I define blinding as the action of affecting the camera in a way that objects are not detected, either partial or full blinding. So, what does it say about the robustness of the system against blinding attacks? It says that Tesla's Autopilot apparently does not prioritize safety or does not do sensor fusion correctly, if at all.

Read More

Topics: Automotive, Internet of Things, V2X, Embedded Security, Autonomous Vehicles

Learn About the Latest in IoT Security from Our Team of Experts


OnBoard Security's security experts share insights on the latest security topics in:

  • Connected Cars
  • Autonomous Vehicles
  • Internet of Things
  • Quantum Computing

Subscribe to Email Updates

Recent Posts