How do smart cars achieve network system security protection?

As smart and automated vehicles develop, the automotive industry and consumers are increasingly aware of the need to strengthen automotive cybersecurity measures. Malicious cyber intrusions pose a high risk and can cause property loss and serious damage to the vehicle, with potentially fatal consequences for drivers and passengers.

Traditional network systems, even newer ones, are often fragmented, which makes the systems full of vulnerabilities and particularly vulnerable to cyber attacks. The solution is to introduce an element common in IP enterprise networks - the gateway. As the communication routing and policy engine of the vehicle network, the gateway directs traffic from sensors to processing nodes and directs commands from processing nodes to actuators or other processing nodes, while ensuring the isolation, integrity and flow of communications.

Security is always at the core of the automotive network gateway. It is important to consider the entirety of the Ethernet gateway system to determine the requirements needed to create a reasonable lack of risk. This means that the gateway can support multiple vehicle bus protocols, as well as support field-based relocation of sensitive electronic components and subsystem upgrades without compromising vehicle safety. The vehicle gateway must also support automated subnet configuration, effectively knowing which components are authorized to communicate in which groups, and ensuring that new ECU modules are securely registered to the appropriate network with minimal support from the backend system. The gateway must distinguish between trusted ECU modules and untrusted or potentially compromised devices and use this information to effectively manage network policies.

These requirements rely on gateways that establish secure communications using trusted device identities, cryptographically complex client authentication, and key management schemes that are best suited for heterogeneous in-vehicle network environments.

Strengthen your defenses against attacks

The key to creating a secure environment is to use trusted partners and solutions within that environment. These components must have appropriate security and safety features and be validated to provide increased resistance to security attacks.

The layered security architecture solution minimizes the risk of single point security vulnerabilities by creating multiple security layers with the gateway as the trust anchor.

A robust gateway security credential manager monitors connections between vehicle electronic subsystems and acts as an arbitrator of trusted relationships.

It leverages public key infrastructure (PKI)-based authentication and key management principles of modern network platforms, using a gateway-based key master to support the heterogeneous networks of today’s vehicles, thereby protecting the security of CAN, CAN FD and Ethernet-based subsystems and vehicle communications.

establish trust

The process of providing digital identities and sensitive key materials requires trust in a local key manager embedded in each automotive ECU. This enables the ECU to interact with the gateway to establish a secure connection through an authenticated key agreement.

Gateway connections are established using an embedded trust anchor list that details known and trusted vendors provided during vehicle assembly. Occasional communications with the OEM backend to manage the trust anchors and perform certificate status checks keep the trust list up to date.

Security solutions must also include isolation mechanisms to protect the integrity of key managers and provide firewall access to security-critical network work interfaces, allowing "run safe" mode when appropriate if anomalies are found. Downloaded applications should be certified and signed by the appropriate authority to set permissions for these resources in the system.

Resilience is another fundamental requirement. Advanced security cannot disrupt the functionality of the system it is meant to protect or limit its serviceability. Therefore, a trusted key manager is able to coordinate the key distribution of a closed network in normal operating mode.

Modern network platforms should be able to monitor the entire vehicle network using identity-based access control policies to automate subsystem provisioning, while working in conjunction with the OEM backend to facilitate the detection of counterfeit and blacklisted parts. For example, OEMs can control the disabling of certain features in the vehicle when untrusted, old or stolen components are used during vehicle repair. This in turn enables OEMs to manage their responsibilities in terms of vehicle warranty, security updates and safety-critical operations.

A PKI-based vehicle gateway trusted key management approach for policy management and secure communication between ECUs is an effective way to enhance the security and manageability of increasingly connected vehicles.