Monday, December 22, 2014

The security challenge of auto infotainment connectivity

Carhacking is a 21st century crime. Connected cars can offer a gateway for cyber criminals to hack into systems. How can infotainment systems help automakers combat this threat?

Connectivity is setting the pace of innovation in in-vehicle infotainment. Yet with cars increasingly connected to the internet, car hacking is becoming a serious threat that is forcing the industry to consider how to protect vehicles against cyber attacks. Consumer devices such as smartphones and tablets routinely ship with built-in security software or the ability to use aftermarket alternatives; current automotive architecture, on the other hand, does not yet contain adequate security to repel remote infiltration and intrusion. How can next-generation infotainment systems be equipped to firewall vehicles against highway hackers?

The security challenge of car connectivity

Latest infotainment systems provide full internet connectivity with all the benefits of real-time updates and information, but such access can also be an open door to malicious software. Once on the system, a virus could disrupt the operation of the infotainment system, causing errors in music playback, navigation and potentially corrupt the multimedia display. Equally intrusive, malware could lurk unnoticed on a system, and siphon any personal and private information that may be on the infotainment hub or contained on linked devices, back to another source.

And that’s just for starters. By far a bigger concern is the potential for malware to migrate via the infotainment system to other in-car networks such as the controller-area-network bus (CAN bus). This links infotainment to the vehicle’s critical systems. By connecting a laptop to a car’s on-board diagnostic port and hacking the vital systems, attackers could – in theory – seize control of the engine and brakes.

It is the internet connection that provides the gateway for hackers. In addition to LTE connections, there are also threats posed from smartphone Bluetooth, WiFi, and NFC connectivity as well as the increasing trend of BYOD (Bring Your Own Device) consumer electronics integration. All modern vehicles contain multiple electronic control units (ECUs) and independent systems, integrated networks such as CAN bus and Ethernet networks that are used to link the operation of various components. The infotainment system is on one hand linked with these systems to access information from the speed sensor or other safety-critical ECUs and on the other hand connected to the internet, from where attacks could come from.
How a hybrid architecture can resolve the automotive security challenge

The security architecture of the infotainment system has to be even more robust than that of the typical mobile device. It must protect the vehicle and the occupants from all kinds of threats such as malware, denial of service, and other malicious behavior. The only viable approach is to firewall the car functions from the infotainment side of the system by hardware and software security mechanisms to act as a barrier between malware and an infotainment system. This includes secure boot, data encryption, network securities and a protocol to isolate ‘crashed’ or ‘compromised’ parts of an infotainment system from other connected components and networks but also more importantly an infotainment system with two separate domains.

The next-generation scalable infotainment system architecture from HARMAN uses multi-core processors with a type 1 hyper-visor to implement segregated domains with separate operating systems. The application domain, running e.g. Linux with HTML5 as the application environment, offers a first line of defense with the proven security techniques used by mobile devices, such as secure boot, data encryption, and network securities. These security technologies already offer a strong defense against cyber attack. The vehicle domain, which runs the critical car functions, is completely isolated from the application domain through the hyper-visor. Both domains can run the same operating system, e.g. Linux, or different systems, e.g. QNX in the vehicle domain, and Linux in the application domain. The split-level architecture ensures the vehicle domain remains separate: in the event malicious code penetrates the application domain, it is firewalled from affecting the critical vehicle functions – these remain free from threat.

4G architectures also have a role to play in car security. Running the infotainment system via cloud makes it possible to bypass local software, and provides access to powerful, robust and secure servers for both processing and security. The server streams the required infotainment functions to the vehicle, significantly lowering the risk of malicious software being downloaded into in-car systems.

By combining these techniques in its unique, industry-first split-domain architecture, HARMAN offers a strong firewall between the two domains and makes the system extremely robust and resistant to hacking threats. Given the topicality of connected cars, automakers and drivers will seek ways to keep their vehicles secure to new threats. Developments such as HARMAN’s hybrid architecture point the way forward to meet these increased security requirements.