 | Issue: | North America I 2016 |
| Article no.: | 2 | |
| Topic: | Connected cars drive the way to a more secure IoT ecosystem | |
| Author: | Kate Migon | |
| Title: | Director Sales Automotive Americas | |
| Organisation: | Gemalto | |
| PDF size: | 367KB |
About author
Kate Migon, Sales Director, Automotive Americas, Gemalto.
Heading up the Business Development efforts in the Americas for Gemalto’s Automotive division, Kate focuses on identifying new opportunities and market trends within the Connected Car and Automotive User Experience space. With over ten years’ experience in the electronics and solutions industry, Kate has been involved with consumer, automotive and M2M verticals creating a view of a market driven by innovative technological advances and grounded in industry specific requirements.
Article abstract
Connected cars can greatly enhance driver and passenger comfort, convenience, and safety through a complex network of embedded sensors, cameras and connected components, objects and systems. According to McKinsey, today’s connected car has the computing power of 20 personal computers, features 100 million lines of programming code, and processes up to 25 gigabytes of data an hour. And the industry is just warming up. By 2020, it’s estimated that there will be 220 million connected cars on the road, each equipped with more than 200 sensors – double the number in cars today.
Full Article
Thanks to the Internet of Things (IoT), the all-American family road trip is getting an upgrade to first class! Connected cars are revolutionizing travel and here’s what it looks like. It’s time to head out, so mom taps her fingertip on the car door handle to engage biometric sensors that unlock the doors and adjust her seat to the preferred position. Dad chats with the navigation system, directing it to map the quickest route before putting the car in “co-pilot” mode. This allows the autonomous driving system to manage speed, braking, and navigation. Dad participates in steering while listening to a book streamed to speakers embedded in his headrest. Meanwhile, the kids enjoy in-car Internet, wireless music and movie downloads from the onboard infotainment system. The dashboard head unit allows mom to work remotely while monitoring weather and road conditions and finding restaurants along the way. The car navigates to the nearest gas station when fuel is low and an embedded NFC payment solution automatically pays just by rolling up to the pump – no credit card needed. The connected family car also serves as a personal concierge, offering suggestions for local attractions, events, and the nearest place to put air in the tires when pressure is low. Once the destination is reached, the car parks itself and everyone leaps out for a well-deserved stretch. This might sound like science fiction, but it’s closer than you think.
Connected cars can greatly enhance driver and passenger comfort, convenience, and safety through a complex network of embedded sensors, cameras and connected components, objects and systems. According to McKinsey, today’s connected car has the computing power of 20 personal computers, features 100 million lines of programming code, and processes up to 25 gigabytes of data an hour. And the industry is just warming up. By 2020, it’s estimated that there will be 220 million connected cars on the road, each equipped with more than 200 sensors – double the number in cars today.
Cars are only one segment of the exploding IoT marketplace, which is expected to grow to 50 billion connections by 2020 – up from 16 billion connections today. Other IoT innovations such as “smart city” solutions are bringing a clear picture to how drivers and cars will be part of a holistic connected environment, communicating and interacting with other objects or persons. Smart cities also offer local governments the ability to monitor and improve traffic patterns, manage lights in real time, optimize traffic flow, and reduce road congestion. This type of smart technology has the potential to make our daily lives easier with services like automated parking systems that identify the vicinity of an open parking spot or the closest electrical vehicle charging station.
The intersection of IoT and the “sharing economy” is creating a completely new market revolving around a shared resource. Potential drivers can locate available cars to use through programs like Car2Go or Zipcar; even rental companies are taking advantage of the new market and launching car share programs in addition to traditional car rentals. With all these benefits, why is it, then, that nearly half of Americans1 are reluctant to use connected car and IoT technology?
A foundation of trust
The answer is trust. People need to feel confident that connected cars and IoT solutions are secure and protected against hacking. As exciting and promising as IoT technology is, when your smart car is under attack by unknown forces, it takes on a much darker hue. In the first half of 2015, there were more than 880 major breaches reported that compromised well over 245 million data records. That’s the equivalent of 16 lost or stolen data records every second or 1.3 million every day.
With each point of connection, there is a risk of cyber attack, and with it, the possibility of opening the door to data breeches – personal, financial, business, municipal and beyond. Hackers have already been able to gain entry to unprotected connected cars and even take remote control of a car in motion. Once a system has been hacked, a hundred million lines of code offer a myriad of doorways through which hackers might enter other connected systems including connected road signs, intelligent traffic lights, and smart city systems.
Security by design is essential
Today, cyber security is taking a front seat in vehicle design as connected cars move into the mainstream. This is driving change across the entire IoT ecosystem as developers reconsider the importance of security and trust. The key to success is making security an integral part of the design process rather than considering it an afterthought.
Fortunately, the challenges currently facing IoT have been seen before. Gemalto, the global leader in digital security and an IoT industry pioneer, has been developing solutions for decades to defend against attack in sensitive industries such as banking, healthcare and government. IoT developers can learn from these industries and approach connectivity with the intelligence of IT system integrators who defend against attack on all fronts and continuously update security architecture as new threats emerge.
Guiding principals of data security
The following five guiding principles for data security can help developers as they begin new IoT design and development projects:
1. Confidentiality – Assure that data is confidential across the entire ecosystem and access is limited only to authorized stakeholders
2. Integrity – Secure the integrity of the data and maintain and assure the accuracy and consistency of this data over the entire life cycle of the car or connected object. This is a critical aspect of design, implementation and usage because integrity attacks are difficult to identify until after the damage is done.
3. Availability – Solution design must ensure that data is easily available in all situations even when challenging wireless network conditions prevail, for instance, when traveling in remote mountains or rural areas with weak cellular coverage
4. Accountability – Assure that system users across the ecosystem – from driver to passenger to car manufacturer to intelligent traffic system integrator – are accountable for the data they produce and the actions they take
5. Auditability – Connected cars and IoT systems must provide a clear and transparent audit trail providing evidence that the data communicated is accurate
Risk evaluation and hack testing
To ensure these principals are incorporated into security architectures, developers need to work with experienced and trusted partners to identify and understand all potential system vulnerabilities. An early comprehensive risk evaluation is critical to implement security architecture across the entire IoT ecosystem – from the hardware components that enable connectivity, to the software running the connected car system, out to the communication channels it uses and the cloud platforms hosting applications. In the same way that we rely on crash tests to verify the safety of a car, digital security partners can provide security “hack tests” that reliably establish that a given product is secure and safe to use. These best practices help protect the device, its user, the network, and the data – at rest and in motion.
Trusted Identities: a crucial component
Unlike consumer devices that are connected to a single user with a tradition identity structure such as a SIM card, IoT devices have multiple identities. Each of them needs to be secured and authenticated in order to secure the entire ecosystem. IoT solutions need to be able authenticate the ID of a device like a connected car along with the driver using it as well as other ecosystem elements the car communicates with – the car manufacturer’s cloud system, the smart engine solution, intelligent road signs, the driver’s iPads and smart phone. In other words, the smart car needs to automatically and securely authenticate that the intelligent traffic light is what it says it is and not a malicious attacker seeking to disrupt traffic for their personal gain.
Best practices for securing the IoT
With decades of experience in virtually all IoT vertical markets, Gemalto has developed field proven best practices for protecting the device, the cloud, the communication channel and the ecosystem. The following strategy for implementing end-to-end trust points and countermeasures, including hardware and software elements, can help mitigate threats and defend data when and if attacks occur.
1. Protect the device – Implement tamper-proof hardware solutions and secure software to protect the device – be it a car or a connected home thermostat. For example, embedded Secure Elements are implemented to add a layer of physical and digital protection against intrusion and to store credentials and device data in a dedicated, secure platform.
2. Encrypt and digitally sign the operating software to protect against attack. Encrypted software is useless without the keys, and an electronic signature will ensure that only validated software is running in the connected car.
3. Implement strong authentication and encryption software solutions to ensure integrity and that only authorized people and applications are granted access.
4. Securely manage encryption keys to protect data and manage access to connected systems.
5. Protect against attack across the lifecycle of the smart car by including an interoperable, dedicated platform to deploy security updates and launch new applications over the air without impacting other embedded software
The “Age of the IoT Revolution” has arrived and our world is quickly transforming to a place where ubiquitous connectivity provides the potential to greatly improve the way we travel, live, work and play. Cyber attacks are inevitable. However, we have the intelligence and experience to defend against them and protect the integrity of systems and data privacy. By designing security architecture at the beginning of development projects and managing the entire trust ecosystem, from the edge to the core, we can protect what matters, where it matters, and when it matters the most. That’s a journey that’s definitely worth taking.
1: McKinsey Connected Car Report, 2014
