<p>The demand to stay connected while driving is steadily growing and car manufacturers are keen to provide better, more exciting connected services to differentiate their brands and stay ahead of the competition. This is a global phenomenon and India is no exception, especially with Gen-Y car buyers who are used to a digitally connected lifestyle. In fact, some studies indicate that 90% of cars will be connected to the internet by 2020.<br><br>This connectivity could be in terms of enabling features like cloud connected services, downloadable apps, integration with personal devices of consumers, vehicle data analytics, driving pattern analytics, Internet enabled entertainment, vehicle-to-vehicle or vehicle-to-infrastructure communication, etc. However, increased connectivity has a downside as well. The downside is mainly to do with increasing system and SW complexity. In terms of SW complexity alone, the code base is expected to increase many folds from a few hundreds of thousands of lines of code in the not so distant past to a few tens of millions of lines in the near future.<br><br><strong>Connected Cars are becoming exponentially complex</strong><br>This increased codebase leads to an increase in the Trusted Computing Base (TCB) resulting in higher security vulnerability and multiple security threats. The figures below shows a sample set of potential security threats and attack vectors that may be used to mount a cyber attack on a connected car.<br><br>Here are some of the broad goals of cyber attackers and how they can be prevented.<br><br><strong>System Availability - Denial of Service attack</strong><br>Denial of Service attacks can be mounted by blocking the system's resources (CPU, Memory, I/O) and directly or indirectly disabling certain functionality through remote software modification or through heavy unauthorized network traffic on system network interfaces (cellular, Wi-Fi, Bluetooth, USB, etc). <br><br>To protect against Denial of Service (DoS) attacks, all network communications with external entities need to be secure in terms of mutual authentication and authorization of communicating parties, encryption of communication messages, verification of compliance to network protocols and white listed firewalls to ensure that only authenticated and authorized communications take place with the system. <br><br><strong>System Integrity - Malfunctioning related attack</strong><br>In these types of attacks, the attackers try to make the system behave in a way which is different from the way the system is expected to behave. This can happen if unauthorized entities get control over the system and are able to modify the software and / or data in the system or inject software (malware) into the system.<br><br>Protection mechanisms similar to the ones against DoS attacks can be effective here as well. Basically, it needs to be ensured that only legitimate software can be installed and executed in the system using authentication and a mechanism called "Chain of Trust" where all stages of the software is authenticated before execution starting from the Bootloader.<br><br><img alt="" src="http://bw-image.s3.amazonaws.com/cyber-attackers-1-lrg.jpg" style="width: 640px; height: 260px;"><br><br>The systems should also have mechanisms to detect an attack of this nature and if possible, partially, shut down affected parts safely rather than allowing the malfunction to continue which can have a much bigger and more adverse impact. Creating different system partitions, where a particular partition can be shut down when affected while others continue to run, can be an effective way to achieve this. <br><br><strong>Theft of assets / sensitive data</strong><br>Assets / sensitive data could include patented SW code running in the system, personal data of the user including PINs and passwords, program output reflecting functioning of a unique feature, log data capturing system behavior and performance, system configuration data, communication messages / data exchanged between the system and external entities, etc.<br><br>To protect against this type of theft, the system should provide secure storage, secure deletion, strict access control mechanisms for memory, files, database, peripherals, communication stacks, etc through HW /SW mechanisms.<br><br><strong>Unauthorized usage of the system</strong><br>In this type of an attack, the attacker can gain unauthorized access into the system, remove certain restrictions to get access to new features or functionalities or could masquerade as a valid user and use paid Connected Services free of cost. To mount this sort of an attack would require knowledge of an "insider specialist".<br><br>Therefore, to protect against these types of attacks, the system should not only support the protections mechanisms described above, but also, HW based tamper proofed secure storage and encryption for PINs, passwords, authentication data, certificates, configuration data, etc to prevent an unauthorized entity to access the system.<br><br>In summary, ensuring effective protection requires a multi-layer security framework architecture that can make the work of violating the system increasingly difficult at every stage for the hacker thereby making these attacks technically difficult and economically unviable.<br><br><em>The author, Debashis Mukherjee, is director - corporate technology group, Harman</em></p>
