Automotive Security through New Communication Lockdown
messages between the various ECUs used to
control the vehicle. All incoming messages
are inspected, and only approved/legal
messages can continue to their destination.
Since communication lockdown looks at the
approved frequency and the size of the
messages, this effectively limits the case of
bus overload. This is furthermore achieved
even more effectively in hardware using
field-programmable gate array (FPGA) logic
since it is able to deal with a higher
bandwidth communication than solely
reaching it in software. All cyberattack
attempts—in which illegal or improper
messages are discarded—can be logged and
reported over a wireless vehicular
communication channel to a remote OEM
SOC for further technical and statistical
analysis, including fleet information,
geographies and trends.
specification. This enables full autonomy
after
installation
and
operates
deterministically without the need for
frequent software or firmware updates—
unlike
Intrusion
Detection/Intrusion
Prevention Systems (IDS/IPS) or firewalls.
Three Layers of Communication Security
The effectiveness of the Communication
Lockdown methodology is based on the
patented ability to inspect and verify
messages on multiple layers. This ensures
that if an external message from the
vehicle’s ecosystem is compromised, the
internal vehicle network remains fully
protected from the spread or propagation of
malicious code.
All incoming messages are inspected on
three layers:
Routing Layer
Intrinsic to the Communication Lockdown
methodology is the ability to use the OEM
Technical Specifications, specifically the
communication matrix, where the bus
message database and the functional
specifications are used, to create a
communication schema that models the
proper behavior of all vehicular data.
The
Communication
Lockdown
methodology is agnostic to attacks since it
does not look for them. Instead it only
models the “correct” behavior. In this
approach of not looking for attacks from a
defense methodology standpoint, you do
not care about the incoming attacks since
they are not being looked for. In
Communication
Lockdown
the
communication is efficiently modeled and
verified to comply with the vehicle
The origin and destination of each
incoming message (type) is checked by
the
Communication
Lockdown™
schema to ensure that they are
permissible or “legal”. For example,
messages from the infotainment
subsystem
to
the
powertrain
components (steering, brakes, etc.) are
prohibited and would therefore be
discarded.
Content Layer
- 61 -
The content of each incoming message
is checked down to the bit level for
compliance with the permissible format
as defined in the OEM’s Technical
Specifications. Messages that do not
conform to the defined format are
dropped.
March 2019