By Christian Plappert of the Vehicle Services Work Group

As vehicle automation continues to advance, the transportation industry is likely to see drastic changes over the coming years. More than 4.5 million self-driving vehicles are expected to be on U.S. roads by 2030, but these will not necessarily be personal vehicles. Private car ownership may drastically reduce with the rise of electric car services deployed by ride-share companies. If car manufacturers are to retain their customers, new business models must be considered.

As a result, features such as navigation and infotainment may no longer be bound to specific cars, but to the user. This means that once a customer successfully authenticates with any car,  personal features could be activated and made available to them. However, security incidents relating to these systems are already becoming prevalent, with cybercriminals targeting them to obtain personal data and help steal the whole vehicle.

An evolving automotive landscape

Smartphones have already provided the perfect gateway for companies like Uber to grow in popularity. The mobile connectivity available already allows users to register with a number of companies and, when combined with GPS, to search their surroundings for available cars and transmit their location to nearby drivers. With the rise of automated vehicles, we will soon see these applications interact with driverless cars, enabling access to the infotainment features users have grown accustomed to in their personal vehicles.

At the same time, the emergence of autonomous vehicles has further accelerated the trend towards fully automated cars. But as more cars become connected, the attack surface available to hackers also increases. Weak ciphers used in key signals designed to unlock a car and deactivate the immobilizer could quickly result in attackers gaining access and stealing the vehicle in a matter of seconds. Furthermore, we may also see attacks levelled against the in-vehicle network increase, with cybercriminals potentially able to reprogram the infotainment and locking systems, disarm airbags, remotely control the steering, and locate, unlock, and start up the car. These attacks not only cost manufacturers millions in reputational damage but can also result in serious physical harm to the user.

A new security approach

In order for these threats to be mitigated, the Vehicle Services Work Group at TCG has proposed a novel secure role and rights management system. This has been developed to consider existing security measures for automotive vehicles with the goal of enabling a trusted secure access and feature activation mechanism. Its features include both online and offline delegation of usage rights and roles, alongside an online revocation feature. Keys used to enable certain features will be securely stored in the TPM 2.0, with usage bound to an inherent access policy mechanism called ‘Enhanced Authorization’. Adopting this system provides hardware-level security guarantees while maintaining a high level of flexibility for the manufacturer.

Looking at crucial elements of feature activation, such as data confidentiality and IP protection, the VSWG’s system provides functional security requirements that ensure the protection of the vehicle. The system maps the vehicle requirements to the TPM 2.0’s inherent commands and features to provide detailed access policy concepts to the vehicle. These are requirements which specify how access to the vehicle is managed, and who has permission to do so. A proof-of-concept prototype has also been implemented within the system, which mirrors current electronic control units (ECUs), infotainment systems and Android smartphones to evaluate performance. This leads to better authentication and access control, and enhanced security measures for the vehicle.

Establishing trust in vehicle services

Using the TPM 2.0 as a trust anchor – an authoritative entity that enforces strong security policies for accessing stored keys with an enhanced authorization concept – enables cars to effectively withstand software and hardware attacks. Inside the car itself, the TPM 2.0 acts as the endpoint for all internal and external communications, conversing with the ECU and the owner’s authentication token (such as a smartphone) through secured, end-to-end channels over the internet or internal bus system. This helps to prevent malicious third parties from gaining access to the vehicle or its key systems.

Manufacturers can rest assured that all keys used as part of the in-vehicle network remain symmetric, with the existing protocols and architecture of the car remaining untouched. This is because the keys used in the protocols will now be securely stored and accessed within the TPM 2.0. The system devised by the VSWG is applicable to general car or fleet sharing applications where it can be used to authenticate the immobilizers of non-autonomous vehicles, allowing users to start the engine when required and thus enabling traditional ride-sharing concepts.