Ensuring Security with Microcontrollers
Enhancing Car Security from the Microcontroller Level
Bryce Johnstone from Imagination Technologies emphasizes the importance of starting at the microcontroller level for automotive security.
The Evolution of Car Technology
Cars are changing faster than ever before. In the next five years, we’re expected to see more technological advancements in car design and electronics than we’ve seen in the past fifty years combined. With cars becoming more autonomous and connected through various wireless technologies, the need for enhanced vehicle security is growing rapidly.
The Shift in Car Electronics
About sixty years ago, car electronics were quite basic. Early systems had a few electronic control units (ECUs) that were not interconnected. For example, the ECU managing electric windows operated independently from the speedometer in the dashboard. Nowadays, cars are wired up to the external world, leading to new security challenges. This connectivity includes keyless entry systems, audio systems, and wireless communications, which have introduced potential vulnerabilities within the vehicle’s control systems.
Risks in the Connected World
Modern vehicles feature over eleven different wireless interfaces, including WiFi, NFC, Bluetooth, 3G, and LTE. These connections support wireless speakers, phone and headset links, and telemetry data systems. In the near future, we’ll also see vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications. These wireless signals, by their nature, can be intercepted and hacked, potentially leading to data theft or even remote control of the vehicle, which can result in accidents.
A notable example of this risk is the Wired Magazine incident where hackers remotely drove a Jeep Cherokee off the road. Hackers Charlie Miller and Chris Valasek first took physical control through the ODB port and later remotely activated various systems like the air conditioning, radio, wipers, transmission, and steering. Their attack on the unprotected infotainment system demonstrated the severe potential vulnerabilities in connected cars.
Protecting User and Vehicle Data
Car systems can hold sensitive personal information, such as location data, credit card details, insurance information, and ownership documents. When these systems are compromised, the risks include theft or damage. To mitigate these risks, it is suggested to use hardware virtualization at the system level, creating isolated and secure environments. This approach is known as ‘security by separation.’
Key Security Considerations
When choosing a microcontroller for better security, look for hardware support that includes virtualization capabilities. Virtualization can be thought of as dividing a single MCU into multiple virtual sub-MCUs, each capable of running different operating systems and applications. Using a hypervisor and a two-layer memory management unit helps create several independent containers. These containers operate separately, meaning if one process crashes, the others remain unaffected. For instance, if malware crashes the infotainment system, the car’s advanced driver assistance systems (ADAS), instrument cluster, and navigation systems would still function correctly.
Additionally, integrating secure boot processes completes this security framework, ensuring a higher level of protection.
Looking Ahead
Car security has made significant progress from early features like car alarms and keyless entry. Future advancements, such as the adoption of blockchain technology and new security standards, will further enhance vehicle security, making cars safer and more reliable.