The automotive industry has seen a dramatic increase in security measures uptake as manufacturers come to terms with the implications of having weak or no security in a product that has been used so many times as a weapon. Combined with the rush to build intelligent self-drive cars has led to the industry being squeezed from two sides – privacy and security.
Both the consumers and regulatory bodies have become aware that products tagged intelligent, self-learning or artificial intelligence will be capturing, recording and processing its surroundings. This means recording voice to improve voice controlled subsystems, face and human characteristics to improve facial and pedestrian recognition. This has obvious implications with regard to privacy and in particular the new GDPR privacy law in the EU which gives the private consumer far more rights and the manufacturer far more responsibilities. Telemetric systems which track cars are an obvious case when it comes to privacy. However, now, even intelligent headlights which try to recognise pedestrians , create a privacy issue.
The issue of security is even greater and more complicated. Traditionally, manufacturers have been slow in even admitting there is a problem further more deal with it. At an architectural level, from the root up, implementing security has been difficult. Electronic manufacturers tend to use old transistor processes to withstand the higher voltage levels seen in vehicles. However, 180nm processes (typical in cars) tend to be prone to simple side channel attacks (there appears to be no successful attack on processes less than 45nm using simple power analysis). These processes are obviously physically bigger and in area constrained vehicles there is literally no room to implement security primitives like cryptography. Also, it was thought that real times systems such as braking systems would be unable to cope with the extra time needed for cryptographic operations although once measured they appeared to add one millisecond on a 100Mhz clock.
Today, however, the use of hardware security modules (HSM’s) in cars has shown the adoption of cryptography as an important security primitive. HSM’s create a trusted platform which makes the leakage of sensitive encryption and decryption keys virtually impossible. This technique is mainly employed in ECU’s or to secure communication between ECU’s over the CAN bus which has been the week point in communication. Manufacturers may also use firewalls to restrict access to internal networks and monitoring to check for malicious activity