Automotive Security through New Communication Lockdown
Contextual Layer
The content of each incoming message
is checked for legitimacy in the specific
functional state of the vehicle,
subsystem, ECU, etc. Messages from
specific origins to specific destinations
are permitted or discarded depending
on the contextual/functional state of
the vehicle. For example, messages
received from the OBD-II maintenance
connector during the vehicle movement
on the road (speed > X Kmph) will be
discarded.
Communication Lockdown Methodology
Unique Benefits:
DETERMINSTIC
The
Communication
Lockdown
approach is a fully deterministic cyber
security methodology. The closed-
system approach is not to look for
attacks, but rather to ensure that the
vehicle continues to function in the way
it was designed.
UPDATEABLE
Using automatic tools to create layered
protection, a fully deterministic, yet
updateable mathematical model that
can be formally verified is generated.
FORMALLY VERIFIED
On three different layers, down to the
bit level. Additionally, open fields are
also ‘locked down’ to ensure stringent
security.
FINITE STATE-MACHINE
This model includes a state machine,
which enforces predetermined states,
with a dedicated ruleset generation
tool. Only allowed communications, as
IIC Journal of Innovation
- 62 -
detailed
by
OEM
technical
specifications and bus network
communication matrices, are approved.
STAND ALONE SOLUTION
There is no need for cloud connectivity
nor for ongoing updates. No malware
can sneak in and corrupt the safety
requirements of the vehicle. The
Communication
Lockdown
methodology delivers the requirements
of the Safety Critical Subsystem of the
connected car.
SECURED CLOUD CONNECTIVITY
The Communication Lockdown model
behaves as a secured landing point
within the vehicle for cloud connectivity
which enables secured OTA and data
transfer, among other things. The
mechanism
supports
mutual
authentication and encryption between
the backend, the cloud and the vehicle,
therefore enabling secured cloud
connectivity when needed as opposed
to resource-intensive and vulnerable
continuous connectivity.
CAN BE INTEGRATED WITH ANY SOC
Supports any SOC to monitor, log and
report any and all activities.