Unified API promises to answer all auto security demands

Article By : Junko Yoshida

The self-driving car platform is a battleground from which the big boys—both tech companies like Google and traditional automakers—are unlikely to retreat.

The race for an “industry standard” platform for autonomous cars is still on.

A recent fatal crash involving a Tesla on “auto-pilot” will no doubt intensify the scrutiny on autonomous driving technology, but the self-driving car platform is a battleground from which the big boys—both tech companies like Google and traditional automakers—are unlikely to retreat.

Automotive security is an equally heated market. This space is hotly pursued by a host of tech start-ups positioned for acquisition by the big boys.

Car OEMs and tier ones are finding connected cars’ vulnerabilities as a clear and present danger to their business. This poses a new reality for the automotive industry, especially after last summer’s Jeep hack, which resulted in Chrysler’s recall of 1.4 million vehicles. Almost simultaneously, a flaw in General Motors’ OnStar RemoteLink system provided a gateway for a hacker to remotely unlock doors and start engines.

“There is a sense of urgency bordering on desperation in the automotive industry to protect connected cars from cyber-attack,” observed David Uze, CEO of Trillium.

__Figure 1:__ *15 of the most hackable and exposed attack surfaces on a connected car. (Source: Intel)*

Harman on a buying spree

Look no further than Harman International Industries, Inc., which has been on a shopping spree.

Best known in the automotive community as a supplier of audio, electronic, and infotainment systems, Harman acquired last year two companies—Symphony Teleca and Red Bend Software. Symphony Teleca (Mountain View, Calif.) is a specialist in software and services for cloud-based and wireless businesses. Red Bend Software is an Israel-based developer of over-the-air upgrading and other software management services.

Harman also acquired earlier this year another company born in Israel, called TowerSec, which offers intrusion detection and prevention technologies for ECUs and telematics systems.

Notably, in the Jeep hack case, it was a Harman “head unit” installed in a 2014 Jeep Cherokee that was exploited by hackers Charlie Miller and Chris Valasek. The unit offers a Wi-Fi hotspot for passengers to use. (Later the two hackers were able to tap into the car through its cellular connection, via Sprint’s wireless network.)

Thanks to these acquisitions, Harman today may have the most comprehensive automotive cybersecurity technologies.

Harman’s M&A playbook is showing the way for competitors to follow suit by shopping around for better security technologies. At least, that’s what Trillium CEO Uze, perceives. Trillium is prepared to up the ante, he explained.

A two-year-old start-up based in Nagoya, Japan, Trillium burst into automotive security last fall, demonstrating a technology called SecureCAN—“a CAN bus encryption and key management system for protecting payloads less than 8bytes.”

Historically, the automotive industry consensus has asserted that protecting the CAN bus is impossible, due to the ECU’s limited processing power and limited bandwidth of the in-vehicle network.

Uze told us last week, “We planted our flag” on the protection of in-vehicle networks first. “It’s because there’s nobody in that space.” But he now sees tier ones and OEMs clamouring for a portfolio of technologies that can secure everything from V2V/V2I communication, over-the-air (OTA) systems to smart firewalls and in-vehicle networks.

Having recently secured a Series A funding of about ₹ 33.78 crore ($5 million), Trillium is setting its sights high. Trillium is moving fast to expand its in-vehicle network protection technology beyond CAN networks to others such as FlexRay and LIN.

Further, Uze said Trillium is using the new funding to bolster engineering resources for multiple projects—in parallel. These efforts include the development of intrusion detection and prevention system (IDS/IPS) and secure OTA software update solutions, aiming toward the broader offerings that Harman is pioneering.

Uze sees Trillium’s goal as providing a range of security technologies developed “under one roof with a unified API.”

Different pieces of puzzle

A nascent automotive cybersecurity market—with only a few players—just a few years ago is changing rapidly. More start-ups are rushing to enter the market. Established cybersecurity experts in the IT industry, like Semantic and Intel’s McAfee are also weighing in.

Among the most successful start-ups in the automotive security segment is Augus Cyber Security (Tel Aviv, Israel). With ₹ 202.70 crore ($30 million) in funding, Argus provides Intrusion Detection and Prevention Systems (IDPS) for OEMs, tier ones and aftermarket telematics providers.

Argus explains that Argus IDPS, as a government tested solution, “protects a vehicle’s critical components from being hacked, and generates reports and alerts for remote monitoring of vehicles’ cyber health.”

Just last month, Symantec launched its “Anomaly Detection for Automotive,” a software suite designed to analyse and spot security threats early and neutralise them. Symantec’s technology is said to protect against a wide range of vehicle attacks via “deep packet inspection of very message,” detecting anomalies in message patterns, payload values, traffic rates and other device activity on the bus.

Intel who owns McAfee last September announced the creation of Automotive Security Review Board (ASRB), focused on security tests and audits for the automobile industry.

In parallel, Intel’s Wind River unit bought Arynga, which offers GENIVI-compliant CarSync software for enabling Over-the-Air updates in automotive computers. Common to the two acquisitions is that both will be used by Intel’s future chips and reference designs aimed at fully autonomous cars.

Rambus, a semiconductor and IP licensing company, is also jumping on the auto security bandwagon. Rambus announced last month a partnership with Movimento, a leader in automotive reflash services with innovations in OTA software. Combining Movimento’s OTA technology with Rambus’ own CryptoManager platform, the companies have developed a system that offers “one-time, single-use keys that are unique to each vehicle, ensuring validity before installation,” according to Rambus.

Look closely, though. Although many companies tout their comprehensive security technologies, they are in fact offering different pieces of a daunting puzzle.

The hard reality is that there is no one company with a single, silver bullet solution. “You need a layered approach,” Trillium’s Uze stressed.

Analogy to home protection

NXP agrees. As Kurt Sievers, executive vice president and general manager of NXP’s automotive business unit, once explained to EE Times, automotive security is a multi-faceted issue. He said, “In order to protect a house, you first lock the front door.” But it isn’t enough.

In his view, installing a tamper-resistant, secure hardware element is akin to a front-door lock. In each connectivity interface where external data enters a car via Bluetooth, cellular or V2V connectivity, you need it, he said. If the data’s source can’t be verified, the hardware element can shut it down.

The next issue is the data that floats around inside the vehicle network. “It’s like securing corridors inside a house,” said Sievers. This is easier said than done because the in-vehicle network’s domain structures include a number of branches. Without detailing how NXP plans to secure this network, Sievers said, “We have some ideas. We’re working on it right now.”

That interview with Sievers was six months ago. The state of play has already altered significantly.

Now, a host of tech companies are pitching solutions designed to protect different attack surfaces in connected cars. Systems that require protection range from cellular connections to intrusion detection and prevention systems inside a car to authentication/encryption applied to in-vehicle networks.

Although the so-called smart firewall—protected by intrusion detection and prevention systems—is there to foil hackers, there is no guarantee that intruders can’t get through. Once a vehicle’s Internet gateway firewall is compromised, what can you do?

Last line of defence?

This is where Trillium sees an opening for SecureCar technology as the last line of defence.

__Figure 2:__ *Layered approach is needed.(Source: Trillium)*

Uze explained that the lack of security solutions for ECU networks poses a real safety problem, because CAN networks are directly tied to a vehicle’s actuation—brakes, steering, etc. “85 per cent of actuation occurs on the CAN networks,” he estimated. The lack of authentication, encryption or cryptographic key management makes the CAN network the weakest link in the entire security chain. A protection gap in LIN (Local Interconnect Network) networks—often used for mirrors, windows or sun roof—could serve as a “backdoor” for CAN intrusions, Uze added.

Due to the limited processing powers of ECUs in CAN or LIN networks (“Some LIN bus use even a cheaper MCU—like 16bit or 8bit,” said Uze), the prevailing notion was that it’s not possible to encrypt these networks. An encryption algorithm (the Rijndael algorithm) used in AES handles data in the 16 byte block.

Trillium, however, claims that the company’s SecureCAN technology can encrypt data in 8 bytes.

Because of its ultra-lightweight block cipher, Trillium’s SecureCAN can encrypt CAN (and LIN) messages in real time, said Uze. Specifically, Trillium’s symmetric block cipher and key management system allow SecureCAN to “encrypt, transmit and decrypt within the 1ms threshold,” he said, a function required for automotive CAN bus real-time applications.

Since Trillium first publicly demonstrated SecureCAN, it has made improvements, according to Uze. Although the original SecureCAN demonstration used ARM Cortex-M4, a request by a chip vendor prompted Trillium to modify it to run on ARM Cortex-M0 or M01. He added. “Doing this on an MCU without a floating point was a challenge.”

SecureCAN has now added public key technology, using the Diffie-Hellman key exchange to create keys.

__Figure 3:__ *SecureCAN root of trust chain (Source: Trillium)*

Trillium is scheduled to start in-vehicle testing in July. It has outfitted a Japanese vehicle—Uze declined to name either make or model—with SecureCAN and Ethernet technology. In January, Trillium will begin in-vehicle testing of SecureFlexRay and LIN technology. (FlexRay bus is being used for sending data related to ADAS—such as vision detection, lidar and radar.)

The start-up believes it will be ready to start testing its intrusion detection, protection, and over-the-air technologies—all currently in development—by late 2017.