QNX, Certicom to immunise car systems against attacks

June 25, 2015 // By Christoph Hammerschmidt
Automated driving and other safety-relevant electronic car functions have sparked a discussion. To prevent intrusion attempts, software vendor QNX has entered an alliance with security expert company Certicom. With the move, QNX continues to expand its activities in the area of security.

For the driver of car with some degree of automated functions, safety strongly correlates with security. For this reason, security techniques like cryptography and authentication are increasingly utilised to harden the internal systems against intrusion attempts. QNX, a subsidiary of secure smartphone vendor Blackberry, is already well entrenched in automotive infotainment and telematics environments with its operating system. Certicom excels in cryptography, key management and secure end-to-end solution for networked devices. The collaboration will enable the two companies to create a comprehensive security framework for automotive OEMs and tier ones. It will provide pre-integrated functions that facilitate the creation as well as the fleet management of secure connected vehicles.

Certicom’s automotive security portfolio includes toolkits for mobile cryptography, a certification service for the administration of device identities, and a management system for secure key distribution during the manufacturing process. The use of cryptographic methods aims at protecting not only the vehicle software and its communications processes, but likewise the electronic control units (ECUs) in the car: Through cryptographic methods vendors can ensure that the messages exchanged among ECUs have been transmitted by authentic devices and have not been altered in any way.

The Ceriticom technology enables customers to attach a secure key to an electronic system at production time, manage these keys over the entire lifetime of the vehicle and secure the communication between the modules, thus making sure that safety relevant subsystems such airbag or brake control units are authentic products instead of forged ones.

Related articles:
QNX launches safety-optimised auto operating system

Architectures for ISO 26262 systems with multiple ASIL requirements

Hacking self-driving cars easy but preventable, say firms