Building the Trusted Connected Car
Learn how to address the risks and maximize business potential of building the trusted connected car.
While connected cars offer huge opportunities for drivers and associated businesses, the full measure of these gains won’t be realized without effective security.
The Internet of Things (IoT) paradigm has been having a profound impact on the automotive industry and the long-term prospects. As the power of the IoT comes to automotive vehicles, it presents opportunities for consumers, manufacturers, and service providers in a range of areas including: unprecedented data collection; convenient communication; geography-based services; tailored insurance incentives; intelligent diagnostics; and assisted driving.
While all of these opportunities are significant in one way or another, they are only as strong as their weakest link when it comes to security. As the connected car’s intelligence, services, and ecosystem expands, so do the potential risks and exposures. It is critical to have strong assurances about the legitimacy of the various elements that need to communicate with each other. If an unknown device can gain access to data or services, or a compromised device can impersonate a trusted device, the efficacy of any defenses in place starts to collapse. Consequently, it’s a critical requirement to establish fool-proof identities of each of the elements within the connected car ecosystem.
Organizations need to employ robust, hardened security mechanisms for the IoT. To establish the control and visibility required, your organization needs to institute secure identities, strong authentication, strong encryption, and robust key management.
Trusted Identities - leverage digital certificates to establish trusted identities of connected cars, providing reliable identification with the original manufacturer or service provider
Secure Communication Between Devices - both with one another and with the master of devices
Authentication - issue certificates at the time of manufacturing, which can then be used to facilitate strong authentication when deployed
Data Integrity - securely generate and store critical cryptographic keys in hardware security modules (HSMs) to prevent unauthorized access, theft, and tampering
Code Signing - create and establish trust and address potential IoT vulnerabilities
High Availability and Disaster Recovery – ensure easy recovery from failures, and minimize downtime from any single platform so it won’t lead to a catastrophic loss of keys
Monitoring and Management – rely on strong authentication to make sure that only authorized drivers and service personnel can access sensitive systems