In an era of rapid digitalization and technological innovation, connected cars are emerging as a milestone in the automotive revolution. These vehicles, equipped with advanced communication systems and interaction with their surroundings, promise to transform our driving experience. That’s when PKI for the automotive sector makes the difference.
Think of a world where your car not only takes you from place “A” to place “B”, but also communicates with other cars on the road, avoids obstacles on its own, improves routes in real time and even evaluates itself and requests maintenance before major problems occur.
The benefits of connected cars go beyond convenience. They have the potential to drastically improve road safety by reducing accidents caused by human error.
In fact, the complete automation of connected vehicles has come to revolutionize the concept of transport as we know it.
However, with great innovations come great challenges. As we integrate more technology and connectivity into our vehicles, we also introduce vulnerabilities that can be exploited by cybercriminals.
Security, therefore, is not just a consideration – it is an absolute necessity.
Technological Challenges and Regulations in Connected Cars
Connected cars are the result of combining advanced automotive engineering with the latest information technology. This union, while promising, brings with it challenges that extend beyond simple security.
The speed of technological innovation is impressive, and what is considered cutting-edge today can quickly become obsolete tomorrow.
Car manufacturers face the ongoing challenge of keeping their vehicles up to date with the latest innovations and ensuring that they can be easily upgraded to accommodate new technologies.
Furthermore, systems integration has become a fundamental part of connected cars.
It’s not just about the individual vehicle, but how it connects and interacts with intelligent traffic infrastructures, connected homes and users’ personal devices.
This integration, while offering a richer and more connected experience, also presents challenges in terms of compatibility and security.
On the regulatory front, the challenges are equally complex
In the regulatory scenario, the challenges are profound. The increasing integration of technology in connected cars increases the need for standardized regulations that address security, privacy, interoperability and environmental considerations.
In addition, this integration requires a more systematic and strategic approach to information security and software updates.
For example, while information security traditionally relied on selective measures, the current scenario requires a holistic vision that establishes clear requirements for security throughout the product lifecycle.
This means ensuring the long-term availability of software updates and meticulous supply chain integration.
A significant milestone in this context is the adoption by the UNECE Global Forum for Harmonization of Vehicle Regulations of UNECE R 155 and UNECE R 156 in 2020.
These regulations, which came into force in 2021, establish binding standards relating to information security and software updates for vehicles.
As of July 2022, these standards have become mandatory for new types of vehicles, and manufacturers who do not comply will face penalties. In addition, by July 2024, all new vehicle manufactures will also have to adhere to these regulations.
In practice, these regulations cover vital areas such as cyber risk management, security-focused vehicle protection and the ability to detect and defend against cyber attacks across the entire vehicle fleet.
In fact, regulatory requirements emphasize the importance of providing software updates, introducing the need for automatic software updates (OTA) with a clear legal basis for vehicles.
Connected Car Safety Challenges
As connected cars become more integrated into our daily lives, the safety of these vehicles becomes a primary concern.
Here are some of the main challenges faced in ensuring the security of connected cars:
- Internal communication in the vehicle
Connected cars house various intelligent control, entertainment, passenger network and even third-party systems, as requested by the owners.
In order to offer new services, it is essential that these systems communicate internally.
However, this communication requires strict monitoring and management by means of firewalls and intrusion prevention systems, capable of discerning between legitimate and suspicious communications within the vehicle’s internal network.
- External Communications
Most on-board systems will need to connect to internet services for various purposes, such as maintenance by the manufacturer, software updates, internet access for passengers, navigation, product/service purchases and data backup.
These external communications often involve two-way data flows, initiated both inside the vehicle and on the manufacturer’s servers or the Internet.
It is imperative that this traffic is thoroughly analyzed for threats and malicious communications, using firewalls and intrusion prevention resources.
- Connectivity Infrastructure
Connected cars use cellular networks, which, although they interconnect billions of smartphones and devices, are deficient in terms of security. This scenario represents an imminent risk for future autonomous cars.
An attack directed at the cellular network or conducted through it could result in massive failures in thousands of vehicles simultaneously.
- Access Control and Identification Systems
Systems dedicated to machines, not individuals, will need to be implemented to authenticate connections seeking to access critical systems in vehicles.
The online services must be able to securely authenticate the cars and the information sent to the cloud, as well as handle transaction requests made by the owners, such as essential services or payments for fuel and tolls.
Consequently, cybersecurity in connected cars is directly linked to vehicle safety, user protection and, ultimately, the trust placed in connected automotive technologies.
While connected cars promise to revolutionize the way we travel, they also introduce a number of security challenges. Addressing these challenges is key to ensuring that the connected vehicle revolution is safe and beneficial for everyone.
PKI: The Key to Connected Car Security
Once we understand the significant challenges that connected cars face in terms of security, it becomes clear that robust and reliable solutions are needed to protect these vehicles and their users.
One of the most promising solutions for tackling these challenges is Public Key Infrastructure. Infrastructure
for the automotive sector
or PKI.
PKI
for the automotive sector
is a system that uses pairs of cryptographic keys, one public and one private, to authenticate and protect communications.
In the context of connected cars, PKI can be the backbone of security, ensuring that communications between the vehicle, manufacturers, infrastructure systems and other vehicles are authenticated and protected.
One of the main benefits of Infrastructure
for the automotive sector
is its ability to guarantee the authenticity of firmware updates. With the increasing reliance on software in vehicles, ensuring that updates are genuine and have not been tampered with is of paramount importance.
In practice, PKI
for the automotive sector
allows manufacturers to digitally sign these updates, ensuring that only authentic and verified software is installed in vehicles.
Public Key Infrastructure plays a crucial role in the cooperation between vehicles and road infrastructure
With communication between vehicles (V2V) and communication between vehicles and infrastructure (V2I) becoming more prevalent, PKI
for the automotive sector
can ensure that these communications are secure and reliable, reducing the risk of attacks and ensuring more effective cooperation.
With connected cars becoming increasingly sophisticated and integrated into our infrastructure, the need for robust security solutions has never been greater.
PKI
for the automotive sector
with its ability to authenticate and protect communications, has emerged as an essential solution to ensure that the connected car revolution takes place in a secure and reliable manner.
Code Signing: The Line of Defense Against Threats in the World of Connected Vehicles
After highlighting the relevance of PKI as an important key to the security of connected cars, it is essential to address one of its most crucial applications: code signing.
In an environment where software plays a central role in vehicle operation, ensuring the integrity of that software is vital.
Code signing is a process that uses PKI cryptography to verify the origin and integrity of the software. By digitally signing code, developers and manufacturers guarantee that the software has not been altered since its creation.
This is fundamental for connected cars, as it ensures that the systems operate as designed and are not compromised by malicious changes.
In addition to guaranteeing the integrity of the software, code signing also serves as a robust barrier against attack attempts
In a scenario of growing cyber threats, ensuring that only authenticated software is run is crucial.
This prevents cybercriminals from inserting malicious software into the car’s systems, thus protecting vital vehicle functions and, more importantly, its occupants.
Therefore, while PKI
for the automotive sector
provides the framework for secure and authenticated communication in the world of connected cars, code signing is the tool that ensures that this communication is reliable and free from malicious interference.
Together, these technologies form the front line of defense against threats in the growing world of connected cars.
Driving the Future: The Intersection of Innovation and Safety in Connected Cars
The technological evolution of connected cars is impressive, opening doors to unprecedented mobility and a deeper interconnection with the world around us.
However, this innovation must not be at the expense of safety. After all, we are talking about vehicles that transport human lives, and any failure or vulnerability can have catastrophic consequences.
That’s why implementing robust solutions such as PKI
for the automotive sector
and code signing is more than a technical necessity; it is an ethical imperative.
These solutions ensure that, as we move towards a more connected future, we also move forward safely, protecting not only the vehicles, but also the passengers inside them and the infrastructure around them.
Connected cars exemplify our innovative potential and constant search for improvements. However, to ensure that this innovation leads to a bright future, it is essential that safety is placed at the center of all development process efforts.
Only in this way can we ensure that the connected car revolution is not only technologically advanced, but also safe and reliable for everyone.
Protecting Connected Cars with ProtectServer HSMs
As we’ve seen throughout this article, in today’s automotive innovation landscape, the safety of connected cars is an undeniable priority.
The answer to this growing demand may lie in the robustness and effectiveness of Thales’ ProtectServer Hardware Security Modules (HSMs).
What is ProtectServer HSM?
ProtectServer HSM is a robust security solution designed to protect cryptographic keys from compromise, while providing encryption, signing and authentication services.
These modules allow application developers to create their own firmware and run it within the secure confines of the HSM, guaranteeing the integrity and security of the software.
Why is it relevant for connected and protected vehicles?
- Expanded Attack Surface
With the increasing digitization of vehicles, the attack surface is increasing exponentially. ProtectServer HSM ensures that cryptographic keys, vital for secure communications, remain protected against compromise.
- Secure software updates
Connected cars rely heavily on software updates. With ProtectServer HSM’s ability to guarantee the authenticity of firmware updates through digital signatures, manufacturers can ensure that only authentic and verified software is installed in vehicles.
- Integration and Scalability
ProtectServer HSM is customizable and scalable, allowing it to be integrated into different networks and protect various business domains.
- Hardware reliability:
With high-quality components and a common architecture for all ProtectServer HSMs, car manufacturers can rely on the durability and effectiveness of this solution.
- Native Blockchain Algorithm Support
With the growing interest in Blockchain technologies for vehicles, ProtectServer HSM offers support for algorithms such as BIP32, Milenage, Tuak and the SECP256k1 elliptic curve, guaranteeing the security of transactions and communications.
The security of connected cars is a concern that cannot be ignored. With solutions like Thales’ ProtectServer HSM, the automotive industry has a powerful tool at its disposal to ensure that the connected car revolution takes place safely and securely against cyber threats.
About Eval
With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.
With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.
Written by Arnaldo Miranda, Evaldo. Ai, reviewed by Marcelo Tiziano and designed by Caio.
