Security in the Connected Car

By Franz Walkembach, Wind River

Connected, safe and reliable – this is the vision for the car of the future. To make sure these three requirements can be met, vehicle manufacturers, suppliers of electronic components and software as well as system architects have to master numerous challenges, and they must do it with close cooperation.

Demand for Sophistication
The consumer’s wish list for the car of the future is long and demanding. It includes the need for continuous connectivity with the Internet and the best possible integration between the vehicle and personal mobile devices such as smartphones. Additionally, there is an increasing interest around the concept of integrating and synchronizing personalized data from smartphones and “apps” with in-vehicle systems. The message is clear: Consumers want access to their important data at all times.

As today’s modern vehicles become more sophisticated, the amount of electronic components in each automobile continues to increase. The average car contains approximately 70 computer chips. To enable these chips and carry out their allotted tasks, up to 100 million lines of command code are required, in up to 100 electronic control units (ECUs), distributed over five bus systems. Given these statistics, there is no question that the role of software is incredibly important.

Connectivity and Risk
As car manufacturers try to set their vehicles apart from the competition, they can look to differentiating through electronics and in-vehicle infotainment (IVI) systems. Although computerization and connectivity allow consumers to enjoy greater convenience and automotive innovation, it also increases the dangers and risks. For example, imagine malicious code triggering equipment malfunctions by infiltrating the electronic control system via the unknowing use of infected MP3 files or downloaded apps.

Security Solutions
Given that connectivity opens the door for potential vulnerabilities, security is clearly a top priority. Key security aspects for the connected car can be divided into these categories:

  • Cable-connected and wireless communication
  • IVI system, including SSL encryption
  • Electronic components within the vehicle, such as sensors or ECUs, including the certification of applications, remote management and malware control
  • Services developed by car manufacturers or third parties, including apps from the cloud

The most powerful solutions encompass a range of security aspects and will demand close collaboration with the car manufacturer. Among the best security solutions is the use of embedded virtualization and hypervisors.

Today, the availability of processors with several multi-core CPUs permits new IVI architectures. Moving forward, expect greater consolidation of hardware, with several operating systems to run simultaneously, such as WinCE, VxWorks, Linux or AUTOSAR. In this case, protection is possible through the use of embedded virtualization and a hypervisor coupled with appropriate certifications (e.g., ISO 26262 standard). The trend of multicore and embedded virtualization paves the way for greater reliability, shorter boot times and cost optimizations as well as allows for brand new use cases and applications previously too difficult to achieve without hypervisor technology.

Additionally, as the auto industry increasingly turns to Android and leverages its flexibility for innovation, especially in areas of multimedia and connectivity, automotive electronics can become increasingly popular targets of attackers and malware.

A further measure to enhance security in the future may be to outsource susceptible files to the cloud and only load content or information when required via telecommunications. For this scenario to come to life, coordination is needed across the automotive ecosystem and standardization committees such as GENIVI.

The Future
Security solutions can only protect a system against the threats for which they were developed. While it’s impossible to safeguard against all attacks 100 percent of the time, there are many methodologies the industry is investigating further. Ideally, a comprehensive solution would take into consideration the issues around cloud services and over-the-air security as well as embedded security.

Security is a multifaceted issue and requires factoring in a variety of elements. Companies that have the expertise, technologies, and relationships across the embedded and automotive ecosystem, such as Wind River, are becoming even more important as the auto industry increasingly turns to the experts who understand and can connect all the pieces together.



Franz Walkembach is a senior product manager of open source platforms and automotive solutions at Wind River. Walkembach studied at Fachhochschule Giessen-Friedberg, with a specialty in mechantronics.