Electronic control units in today’s vehicles are connected to engine control, steering, even the behaviour of the brakes. In an average vehicle several dozens of these small computers are doing their service; some top models have more than 100. “Information technology nowadays is one of the strongest drivers of innovation in the car,” says Christoph Krass. He is researcher at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) in Darmstadt, Germany. The institute is focusing on the safety and security of embedded IT systems in vehicles. “The car, hitherto a closed system, is today target of attacks through its multiple IT interfaces that are increasingly implemented,” Krass says. The list of current examples of attacks is quite long. Hackers spied out private user data, used car dealers manipulate the odometer readings, car thieves outwit the immobiliser and open car doors and even rogue car owners activate functions they have not paid for. Very recently, a hacker duo took control of vital vehicle functions like brakes and steering; another one hacked into GMs OnStar communications system. Along with the progress of hacker’s ability to bring cars under their control grows the necessity to increase the security level for the in-car IT.
“Of course, cryptographic solutions are available”, says Krauß. “However, in many times they are not flexible enough”. Along with his team, Krauß built a solution that makes use of hardware security modules (HSMs) to ensure security at device level. In doing so, they utilised the Trusted Platform Module, a widely recognised open standard, in its latest version TPM 2.0. It has been developed by the Trusted Computing Group, an organisation bundling the standardising efforts of almost all important IT players. “Our solution is a software platform that helps developers to create secure control units based on TPM 2.0”, explains project manager Andreas Fuchs. “With this platform all necessary building blocks of automotive control units, hardware as well as software, can be simulated and subsequently implemented. Thus, car manufacturers and tier ones obtain important information already during the development that helps them to try out different application scenarios. To look into real HSMs once they are developed is not possible for security reasons”, Fuchs said.
To read the full article, please click here.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.