In automotive cyberscurity this week were Infinenon , Mitsubishi and Atos.
Infineon OPTIGA TPM for VW
Volkswagen is one of the first car makers to deploy the OPTIGA Trusted Platform Module (TPM) 2.0 from Infineon Technologies as a security solution for the connected car. The chip is designed to protect the vehicle’s communication with the outside world. For example, when car-sharing users or third-party services such as parcel delivery into a car’s trunk require access. Furthermore, the TPM is suited to secure software updates over the air by the car manufacturer.
Infineon is the first semiconductor manufacturer to offer an automotive-qualified TPM for the connected car. The chip meets international security standards and is certified by independent authorities.
Like a doorkeeper, the TPM particularly protects the vehicle’s external interfaces, for example in the infotainment system or the telematics unit. It checks the identities of senders and recipients of digital data, such as the manufacturer’s backend server. It encrypts and decrypts the data and helps make sure that only data the driver or manufacturer actually wants makes its way into the car.
The cryptographic keys needed for these security functions are stored within the TPM as in a safe. Infineon imports the initial keys in a specially certified security environment. Since all other keys can be generated, used and stored within the TPM itself, they never have to leave it and are protected against being spied on via the network. The TPM is also hardened against physical attacks. Even if someone removes the chip from the vehicle, the keys are well protected from being read.
The OPTIGA TPM 2.0 is also designed to accommodate the long product life cycles of cars. Its firmware, including cryptographic mechanisms (“crypto-agility”), can be updated remotely making sure that its security technology is always state-of-the-art.
Mitsubishi Multi-layered Cybersecurity
Mitsubishi Electric Corporation reported that it has developed a multi-layered defense technology that protects connected vehicles from cyber attacks by strengthening their head unit’s defense capabilities. The technology will help realize more secure vehicle systems in line with the increasing popularity of vehicles that are equipped for connection to external networks.
Vehicles with communication functions provide connections to the internet and/or mobile devices such as smartphones. The importance of cyber security is increasing because these vehicles are vulnerable to cyber attacks and even malicious remote control in extreme cases. Mitsubishi Electric’s new multi-layered defense technology prevents cyber attacks through a variety of robust security features, including an intrusion detection system without high-load processing and a secure-boot technology that quickly verifies software integrity during the boot process.
- Detects cyber attacks targeting the control of the vehicle and the automotive head unit. The developed technology reduces load processing by focusing on attack activities.
- The new technology requires less than 10% of the time for a normal boot-up sequence compared with conventional technology. The developed Fast Secure Boot technology enables faster and more secure boots that verify the integrity of the vehicle’s software embedded in the automotive head unit.
Atos Horus Security
Atos, a global leader in digital transformation, announced the release of its new Horus security suite for Intelligent Transportation Systems (ITS), a solution which provides security to communications in connected vehicles.
As the world of connected transport continues to evolve, both car manufacturers and smart city services providers need scalable security solutions that can manage millions of connected objects and automotive sensors.
The Horus security suite for ITS, which is based on embedded security components (V2X-HSM) and Horus PKI electronic certificates, allows operators to:
- Ensure the confidentiality and integrity of V2X (vehicle-to-everything) interactions;
- Adapt their performance and generate electronic certificates according to requests;
- Efficiently manage costs through a SaaS (Software-as-a-service) system and hybrid cloud architecture;
- Effectively fight against cyber-attacks targeting Smart City services.
The Horus security suite can easily be integrated into an existing information system, such as a fleet management organization. It can also be integrated into a Security Operations Center (SOC) to identify abnormal behavior and implement the actions needed to protect smart city services.
“Vehicle security is the cornerstone of smart city services to improve road safety and traffic efficiency. The Horus security suite for ITS has been created to enable vehicles to securely communicate with their environment. The suite also allows organizations to easily manage their security costs, scale and performance in accordance with their market’s needs,” says David Leporini, Atos IoT Security Director.
Technical features of Atos’ solution:
- The Horus security suite for Intelligent Transportation Systems relies on 3 core elements that are essential to answer smart mobility growing market:
- Confidentiality: only authorized stakeholders can access the content of the messages exchanged in a V2X environment
- Integrity: to ensure the reliability of the messages exchanged, the Horus security suite protects them from being altered by unauthorized stakeholder
- Availability: the solution is natively scalable to answer certificate delivery requests in massive volume
- The Horus security suite for ITS includes V2X embedded HSM and Horus ITS-PKI to comply with the required security automotive standards and performance needs.
Read previous automotive cybersecurity articles.
SUBSCRIBE
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.