Automotive Cybersecurity: Open Source OTA, Crypto & Market

In automotive cybersecurity news this week were Uptane, Microchip and research.

Uptane Prevents Attacks

Based upon Cappos’ widely-used TUF (The Update Framework), and developed with funding by the U.S. Department of Homeland Security, Uptane can prevent attacks during software updates by storing the correct encryption keys with the automaker, offline. It allows automakers and suppliers not only to secure major software updates to automotive infotainment and telematics units, it also makes possible remote, inexpensive updates to the “edge” — the dozens of in-vehicle ECUs controlling numerous functions in today’s vehicles. It also supports deployment of secure fixes for vulnerabilities exploited in an attack and allows automakers to completely control critical software and share that control when appropriate.

“Uptane helps Linux secure updates at places where Linux can’t run, since many ECUs, such as brake controllers, have tiny Flash memories. While we are essentially an encryption algorithm independent of Linux, we are part of Linux’ high-end expansion out to smaller devices,” said Cappos.

The platform’s code is posted on Github for anyone to see, test, or use. When the NYU Tandon team unveiled Uptane last year, they did so with a challenge to security experts everywhere to try to find vulnerabilities before its adoption by the automotive industry. According to Cappos, the effort led to clarifications with Uptane’s reference implementation.

Developed by Justin Cappos, professor of computer science and engineering at NYU Tandon, along with industry, academic and government collaborators, Uptane is helping to secure the OTA software updates for vehicles manufactured by one of the three major U.S. automakers, and is available to many others, including AGL members.

Microchip’s IVN TA/BSD Dev Kit

The new CryptoAutomotive™ In-Vehicle Network (IVN) TrustAnchor/Border Security Device (TA/BSD) development kit from Microchip Technology Inc. enables OEMs and Tier 1 suppliers to introduce security to networked vehicle systems, starting in areas of priority, with the highest level of protection and without disruption elsewhere. The only security-specific automotive tool in the industry, the CryptoAutomotive TA/BSD development kit emulates a secure node in an automotive network and provides system designers with an intuitive starting point for implementing security. Designed to be flexible, the tool accommodates each OEM’s implementation by allowing manufacturers to configure the node to conform to various specifications and industry standards. The tool demonstrates secure key storage, Electronic Control Unit (ECU) authentication, hardware-based crypto accelerators and other cryptographic elements. When used with a host microcontroller, it enables designers to implement functions such as secure boot and Controller Area Network (CAN) message authentication, including conversion of CAN 2.0 messages to CAN Flexible Data rate (CAN-FD) with appended Message Authentication Codes (MAC) when appropriate.

Microchip provides a comprehensive approach to automotive security. With the companion approach, the TA/BSD emulation kit enables OEMs to continue using their existing microcontrollers (MCUs) and, more importantly, existing MCU firmware certified to required safety standards by later adding the companion chip the kit emulates. These companion chips will come to the customer preprogrammed and include built-in security measures to provide true hardware-based key protection. This add-on approach can deliver significant cost and time-to-market advantages, compared to the alternative of redesigning the system with a high-end secure MCU. This can entail significant re-architecture of the MCU firmware to implement secure zones with hardware and software domains.

The tool can be used with any ECU, architecture, configuration or bus, providing the flexibility to implement security in existing systems without large-scale redesigns. The companion chip solution requires minimal MCU code updates, resulting in minimal to no impact to existing host MCU functional safety ratings. This approach also removes the requirement for in-house security expertise. The tool provides an online Graphical User Interface (GUI) program with pre-configured options to simplify and facilitate implementation.

“With great advances in AI, rapidly increasing levels of automation and autonomous vehicles on the horizon, securing automotive networks is a clear and urgent necessity the industry is now widely acknowledging,” said Nuri Dagdeviren, vice president of Microchip’s Secure Products Group. “With its flexible add-on approach, Microchip’s automotive development kit gives OEMs and Tier 1 suppliers the tools needed to start implementing security measures into existing vehicle networks immediately.”

The CryptoAutomotive Security ICs TA/BSD development kit (DM320112) is available today for $250.00.

Automotive Cybersecurity Market Growing

Automotive Cybersecurity Market is anticipated to grow at a CAGR of over 23.5% from 2018 to 2024. This market is growing rapidly due to the rising advent of smart transportation systems, according to Global Market Insights.

The companies functioning in the automotive cybersecurity market are investing in research and development strategies aimed at bringing about innovations in the automotive cybersecurity solutions. Some of the major vendors operating in the automotive cybersecurity market are Audi, BMW, Ford, Honda, Nissan, General Motors, Volvo Car Group, Volkswagen, BT Security, Cisco Systems, Lear Corporation, Symantec Corporation, Argus Cyber Security Ltd., Intel Security, Arilou Technologies Ltd., Continental AG, and Karamba Security.

Market share calculation in this report is not done based on companies covered in it. The calculation of automotive cybersecurity market share is done based on a regional approach and countries covered. On request, additional companies can be covered as well as regional data for particular country / countries can be provided.


You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.