Automotive Cyber Security: From OTA Updates To Anti-Counterfeiting

The National Highway Traffic Administration (NHTSA) defines automotive cyber security as the protection of vehicular electronic systems, communication networks, control algorithms, software, users and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

From our perspective, automotive cyber security is one primary concern the industry must immediately address. To be sure, modern vehicles are essentially a network of networks – packed with a range of embedded communication methods and capabilities. Potential vulnerabilities include altering over-the-air (OTA) firmware updates, unsecure vehicle-to-vehicle communication, the unauthorized collection of driver or passenger information, seizing control of critical systems such as brakes or accelerators, intercepting vehicle data and tampering with third-party dongles.

Perhaps not surprisingly, the global automotive OTA update market is projected to grow at a CAGR of 18.2% from 2017 to 2022 and reach $3.89 billion by 2022. According to Research & Markets, the automotive OTA market is being fueled by a rise in stringent vehicle safety legislation and an increased demand for connected automotive devices and services. In this context, automotive manufacturers have begun to provide secure OTA updates for various systems; as well as shield vehicle peripherals and components against tampering by implementing a range of layered hardware and software security solutions.

In addition to protecting vulnerable systems from malicious attackers, automotive manufacturers are working to ensure that the vehicle supply chain is kept free of stolen and counterfeit components. Nevertheless, a wide range of grey market devices can still be found powering high-value modules such as in-vehicle infotainment systems and headlights, as well as in critical safety systems including airbag modules, braking modules and powertrain controls. Unfortunately, the inclusion of sub-par counterfeit components is likely to negatively impact driver and passenger safety, rapidly erode OEM and supplier brand equity and decrease sales of authentic aftermarket modules.

Clearly, ensuring the authenticity of automotive systems is absolutely critical to maintaining a safe environment for vehicle drivers and passengers. This is precisely why hardware-based security solutions should be used to help determine vehicle system authenticity. More specifically, such a solution should consist of a security chip embedded in a module, along with verifier firmware integrated into the processor on an in-vehicle network. In this paradigm, the firmware challenges the security chip – and based on the response – determines the authenticity of the module. This model can be implemented across any interface protocol, such as CAN or Ethernet, allowing for simple integration into any vehicle architecture.

In conclusion, adopting a hardware-first approach to security and implementing the necessary functionality on the SoC level is a key element of protecting intelligent transportation systems – both now and in a fully autonomous future.