Benefits of Connected Cars
The Internet of Things (IoT) paradigm has been having a profound impact on the automotive industry and the long-term prospects. As the power of the IoT comes to automotive vehicles, it presents opportunities for consumers, manufacturers and service providers in a range of areas including: unprecedented data collection; convenient communication; geography-based services; tailored insurance incentives; intelligent diagnostics and assisted driving.
Secure, Trusted Identities
While all of these opportunities are significant in one way or another, they are only as strong as their weakest link when it comes to security. As the connected car’s intelligence, services and ecosystem expands, so do the potential risks and exposures. It is critical to have strong assurances about the legitimacy of the various elements that need to communicate with each other. If an unknown device can gain access to data or services, or a compromised device can impersonate a trusted device, the efficacy of any defenses in place starts to collapse. Consequently, it’s a critical requirement to establish fool-proof identities of each of the elements within the connected car ecosystem.
Organisations need to employ robust, hardened security mechanisms for the IoT. To establish the control and visibility required, your organisation needs to institute secure identities, strong authentication, strong encryption and robust key management.
Tips to Building a Trusted Foundation for IoT Connected Cars:
Trusted Identities – leverage digital certificates to establish trusted identities of connected cars, providing reliable identification with the original manufacturer or service provider
Secure Communication Between Devices – both with one another and with the master device
Authentication – issue certificates at the time of manufacturing, which can then be used to facilitate strong authentication when deployed
Data Integrity – securely generate and store critical cryptographic keys in Hardware Security Modules (HSMs) to prevent unauthorised access, theft and tampering
Code Signing – create and establish trust and address potential IoT vulnerabilities
High Availability and Disaster Recovery – ensure easy recovery from failures and minimise downtime from any single platform so it won’t lead to a catastrophic loss of keys
Monitoring and Management – rely on strong authentication to make sure that only authorised drivers and service personnel can access sensitive systems