In response to the rising cybersecurity challenges facing the connected and autonomous car industry, Kaspersky Lab and AVL Software and Functions GmbH have unveiled the Secure Communication Unit (SCU) at New Mobility World / IAA 2017 in Frankfurt on September 13. The security solution prototype demonstrates the possibilities of interference-proof communication between car components, the car, and its external connected infrastructure, making connected cars secure-by-design.
Based on electromechanical vehicle actuators, car controls are becoming more and more complex cyber-physical systems with multiple sensors, controls, applications, subnets and communication modules that interact with other vehicles and their environment.
The rising number of third-party applications and the system complexity in connected cars, as well as the increasing dynamic in software update cycles making use of over-the-air updates, makes it difficult to test the complete system to be sure that no bugs, backdoors and architectural issues are overlooked.
The role of the Secure Communication Unit is to make connected cars secure by-design, regardless of the third-party software and systems on board.
The SCU is a communication gateway control unit, connected to several subnets and/or gateway-controllers to these subnets within the car network, acting as a single secure gateway for incoming and outgoing communication flows.
Based on security policy enforcement and strong separation to prevent unwanted contact between various car components, the software helps ensure proper interference-proof communications within the car network.
The trusted software platform of the SCU consists of security components that are trustworthy-by-design.
Firstly, the microkernel proprietary operating system (KasperskyOS) is based on well-established principles of security-driven development and specifically designed for embedded systems with strict cybersecurity requirements.
KasperskyOS removes the chance of undocumented functionality, and thus mitigates the risk of cyberattacks: even if an unauthorized code is embedded, it will not be executed because, by default, this undocumented functionality is prohibited.
Other components include a security policy engine (Kaspersky Security System), defining the particular scope and character of interaction between various components and a trusted channel framework with a set of crypto algorithms, as well as low level protection services based on hardware capabilities.
The SCU prototype presented is exemplarily implemented in ARMv7 architecture with recommended 128 MB RAM and IOMMU. Other HW platforms can be developed on a case-by-case basis in accordance to the requirements of a particular manufacturer.
“With the modern automobile ecosystem becoming more and more complex and interconnected, it is not surprising that cybersecurity concerns arise among consumers and the automotive industry itself. While the opportunities and benefits are apparent, there is still a need to make automotive systems secure. That’s why we’re making a big step forward with our prototype for secure car communications to ensure that connectivity opportunities don’t turn into failures,” comments Andrey Doukhvalov, Head of Future Technologies and Chief Security Architect at Kaspersky Lab.
The platform provides the solution framework for specific customized applications, allowing car manufacturers to develop and implement unique SCUs into their cars, based on particular hardware and additional software components in alignment with their manufacturing plans. The SCU is available for OEMs, ODMs, system integrators and software developers around the world