While connected cars offer huge opportunities for drivers and associated businesses, the full measure of these gains won’t be realised without effective security.
The Internet of Things (IoT) paradigm has been having a profound impact on the automotive industry and the long-term prospects. As the power of the IoT comes to automotive vehicles, it presents opportunities for consumers, manufacturers and service providers in a range of areas including: unprecedented data collection; convenient communication; geography-based services; tailored insurance incentives; intelligent diagnostics and assisted driving.
While all of these opportunities are significant in one way or another, they are only as strong as their weakest link when it comes to security. As the connected car’s intelligence, services and ecosystem expands, so do the potential risks and exposures. It is critical to have strong assurances about the legitimacy of the various elements that need to communicate with each other. If an unknown device can gain access to data or services, or a compromised device can impersonate a trusted device, the efficacy of any defenses in place starts to collapse. Consequently, it’s a critical requirement to establish fool-proof identities of each of the elements within the connected car ecosystem.
Organisations need to employ robust, hardened security mechanisms for the IoT. To establish the control and visibility required, your organisation needs to institute secure identities, strong authentication, strong encryption and robust key management.
Trusted Identities – leverage digital certificates to establish trusted identities of connected cars, providing reliable identification with the original manufacturer or service provider
Secure Communication Between Devices – both with one another and with the master device
Authentication – issue certificates at the time of manufacturing, which can then be used to facilitate strong authentication when deployed
Data Integrity – securely generate and store critical cryptographic keys in Hardware Security Modules (HSMs) to prevent unauthorised access, theft and tampering
Code Signing – create and establish trust and address potential IoT vulnerabilities
High Availability and Disaster Recovery – ensure easy recovery from failures and minimise downtime from any single platform so it won’t lead to a catastrophic loss of keys
Monitoring and Management – rely on strong authentication to make sure that only authorised drivers and service personnel can access sensitive systems
The proliferation of IoT and cloud computing are transforming our lives daily – from watches alerting on severe heart conditions to voice-enabled assistants automating daily tasks. Builders and operators of such systems must tackle the myriad of challenges across the complex IT stack – including security. Securing every digital touchpoint is crucial to delivering safe and connected services between devices, networks, machines, and users.