A new security architecture for networked embedded devices: Page 2 of 5

June 28, 2017 //By Jan Tobias Mühlberg
A new security architecture for networked embedded devices
Road vehicles today are typically managed by networks of control processors that interpret sensor readings and operate actuators to control the car’s behavior and safety. They intervene for braking, steering, light switching, actuate airbags, and optimize the powertrain operation. The crux is: all these networks are connected and open to the outside world, which renders them vulnerable to malicious interferences.

Traffic infrastructure: opening up to the world

In high-end cars the infotainment and navigation systems are hooked up to both, the CAN network and to external public networks. The infotainment components communicate via the driver’s mobile phone or headset and they receive software updates from their vendors. With information provided by the CAN network, it is possible to turn up the music volume when driving faster or upon entering rough terrain. Autonomous vehicles take this a step further: they will communicate with the traffic infrastructure to steer and protect the car.

So suddenly a car’s CAN network provides a number of potential entry points for malicious intruders. Communication with the outside is done via Bluetooth or IP networks, some of which may connect to the Internet. And the Internet, if anything, is a highly non-trusted network. The CAN bus and it's hardware and software components were not designed to operate in such an unsafe environment. CAN offers no actual form of authentication or authorization. If a syntactically correct CAN message arrives at the car’s brake system, it just assumes that the message is legitimate and stems from a trusted source.

Moreover, car network processors are designed to be very small and inexpensive, just good enough for their task, and consuming as little power as possible. They usually run tiny operating systems and some communication and control applications. They don’t feature memory protection or an isolated sandbox to run processes in. Every application, also an application that shouldn’t be there, is able to access and rewrite the complete processor memory.

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.