Feature

Authentication, encryption and AI – the key components in securing connected cars

The single biggest threat to widespread proliferation of connected cars is data security. A conversation with two giants in the Indian auto space – Tata Elxsi and Tata Technologies brings to light why the threat is of paramount importance and what can be done to bolster security.

connected-cars.jpg

Gartner predicts that by 2020, the global automotive industry will roll out a quarter billion connected cars on the road. The forecast also highlights that by next year, about one in five vehicles will have some form of wireless network connection.

While connected vehicles can no longer be considered a bragging right, and is well on its way to becoming the new norm, auto manufacturers around the globe are now grappling with the customers’ biggest fear – data security.

CSO India speaks to the two heavyweights of auto component manufacturing to get a read on what’s threatening the sector and what can be done to plug the gaps.

Warren Harris, CEO of Tata Technologies says that every major player in the industry is treating cybersecurity as a priority and as a major issue that needs to be addressed.

... Every major player in the industry is treating cybersecurity as a priority and as a major issue that needs to be addressed.
Warren Harris
CEO, Tata Technologies

“We were part of Fiat Chrysler Automobiles when they were hit by the hack of Jeep. It made it possible for hackers to take over control of the vehicle remotely. I believe this was the crisis that prompted the industry to really mobilize activity and support,” he says.

In terms of solutions, Tata Technologies takes the applications and hardware that is being deployed to address cybersecurity and package that into the vehicles it designs and supports.

Shilu S L – Head of Infotainment & Digital Cluster at Tata Elxsi believes that automotive systems should incorporate cybersecurity methodologies to both software and hardware implementations. These implementations aim at total protection from cyber-attacks which cause operational, safety, privacy, and financial losses.

This can be in terms of preventing unauthorized access to vehicle systems as well as preventing any malicious activities inside the system. OEMs should seek the support from domain experts to achieve this protection flawlessly.

... Standardization of cybersecurity requirements along with safety is becoming necessary. Since the problem range is vast and dynamic, artificial intelligence is going to play a major role in automotive security through the implementation of advanced deep learning based secure environments.
Shilu S L
Head - infotainment & digital cluster, Tata Elxsi

“Standardisation of cyber security requirements along with safety requirements is becoming necessary. Since the problem range is vast and dynamic, artificial intelligence is going to play a major role in automotive cyber security through the implementation of advanced deep learning-based secure environments,” says Shilu SL.

He adds that implementing these at a centralized gateway and routing all the external communications through this channel would be an effective solution.

The three major threat vectors in connected cars

With the need for cars to be constantly and seamlessly connected, Shilu SL points out that cyber-attacks can stem from these areas:

1. Threats via connected components – All connected components should have proper authentication mechanism and the communication between them needs to be encrypted. A cloud-based/centralized certification and certificate revocation mechanism should back this up.

2. Data transmission ecosystem – Any data or code injected to the system should be signature verified and any sort of malicious activities should be detected and blocked. Machine learning could be a choice in the future for detection of malicious data and activities as it will keep the system up to date with lesser manual effort.

3. Unsecured Software Updates – Special attention needs to be given for software updates. Only secure and verified software components should be accepted. Multi-level authenticity verification is required.