In the future, infotainment systems will perform increasingly more tasks. (Image: Fotolia)
In 2015, Audi AG, BMW Group, and Daimler AG paid a total of €2.8 billion to take over Nokia’s geodata company. The significance of navigation systems at the advent of autonomous driving couldn’t be emphasized more clearly. Exact positioning is required for highly automated and even autonomous driving. For this, the most important components are the accuracy of GNSS Galileo, expected at final completion, and high-quality maps. Maps from HERE (previously Nokia, previously NAVTEQ) are, according to the company, already used in four out of five car-navigation systems in Europe and North America. The investment in 2015 and all additional participations made since then seem to have been worthwhile. But how are navigation systems protected from software pirates? Do licensees use the technical possibilities available to protect data sufficiently? The answer is probably no.
Usually, SD memory cards are employed to load map data into a navigation system. Generally, the data image on those is encrypted — but only using software. This type of copy protection is apparently relatively easy to bypass, as the content encryption key must be derived somehow from the publicly readable card identifier on the very same card. An attacker — not knowing the encryption key — clones a card fully, i.e., copies the encrypted content and clones the card identifier. This is the reality in the age of the internet. Never mind license or counterfeit protection or the option of a reliable central license inventory.
Design of a secure microSD Memory Card with Secure Element (Image: Swissbit)
Copy protection, on the other hand, requires a hidden authentication feature that cannot be pirated. There are already solutions that use flash memory cards in the field. Swissbit specializes in durable memory products for industrial use with long-term availability and offers memory cards with security features. These secure memory cards combine a flash memory chip, an optional SmartCard, and a flash controller. Its special firmware with integrated AES and HASH algorithms allows a multitude of secure application scenarios.
The optionally integrated JavaCard SmartCard is certified as per Common Criteria Level EAL 5+. The combination of the identifier with standard data memory offers a technically elegant solution. Tap-proof mobile phones, bodycams, and counterfeit-proof cash registers are already secured with this type of card. The simplicity of distribution and content loading will not suffer. A high-resolution map update would be a stress test — performance- and cost-wise — for mobile data plans. Home loading or simple drop-in replacement by a mechanic guarantees the required simplicity.
An approach with potential
Using flash memory modules with Secure Element offers direct benefits such as gaining control of navigation system data and being able to ensure compliance with license terms. Yet additionally, this approach offers a broad range of application scenarios relating to data protection and cybersecurity in cars. Infotainment systems are platforms that offer a base for further communications services. These systems are becoming increasingly important as an interface to ICT devices and the internet. When offering chargeable services for this, receiving valuable media content, paying toll charges, or supporting e-charging use cases, the issue of unique identity and, thus, a secure authentication entity arises again.
Here, memory cards with an integrated SmartCard offer the ideal solution as well — especially because they can be securely paired with the vehicle and replaced so easily when necessary. Careful consideration should be taken before abandoning an SD card reader as an interface on infotainment devices. Using the relevant cards, new functions can be retrofitted and continuously secured at the highest cryptographical level.
Security as a safety aspect
In recent years, increasingly greater networking within and outside the car — for instance, Car2Car Communication — has made security in the sense of defending cyberattacks a subject for debate, mainly against the background of possible effects on functional security. The suggestion to use memory modules with Secure Element, introduced here, is also interesting regarding data traffic in electrical car systems. The communication of electronic control units (ECUs) via bus systems could be encrypted if, for example, an embedded multimedia controller (eMMC) with Secure Element serves as a Trusted Platform Module at the nodes. Thanks to this authentication feature, the risk of tampering with in-vehicle communications can be averted.
In the car, there are two categories of functional safety: security-related and non-security–related. This distinction is generally made so that, for example, the infotainment system has no access to safety-related systems on the platform. Yet even for the non-safety–related elements, the option to provide for flexible and sustainable cybersecurity is required because the life cycle of cars can easily exceed 10 years. By then, many as-yet-not-obvious requirements will need to be fulfilled, such as toll collection, billing of e-charges, chargeable value-added media services, subscriptions for updates of navigation map data, and much more. The added value of the infotainment system will increase as it performs increasingly more important tasks. On the other hand, automotive IT systems will be exposed to increasingly more sophisticated attacks over time.
The communication of ECUs via bus systems could be encrypted if, for example, an eMMC with Secure Element serves as a Trusted Platform Module at the nodes. (Image: Swissbit)
A secure replaceable storage medium, such as the SD Memory Card from Swissbit, would be a suitable solution to keep the security of an infotainment system up to date during the life cycle of a car. (Image: Swissbit)
For security reasons and as a precaution, a flexible, replaceable Secure Element in a memory card should be provided for the protection of future business. The British Standards Institution (BSI) requires the consistent application of state-of-the-art technology, which cannot be achieved for security solutions that are several years old and especially purely based on software security, which offers the required flexibility but never the required long-term security. Therefore, it is advisable to maintain the option of a replaceable hardware security module. Another benefit in addition to easy modification and retrofitting: Different software-dependent configurations of the same model are easy to manage.
All variants are configured, and with the help of Secure Element on the memory card, the ones purchased by the customer are activated — an effective way to simplify the variant diversity in production. And when deciding between a soldered and removable flash memory, the negative effect on the durability of the NAND chips in the memory modules, caused by a combination of frequent access and challenging thermal conditions in the car, should be considered. This means that for memory cards that cannot be replaced by a mechanic, significantly more expensive solutions need to be found.
The protection of maps using memory cards with a security feature is just one example of an application in which the combination of memory card and SmartCard allows for a higher degree of control and security. When edging toward information and communication technology and consumer electronics, other security considerations, development cycles, and market mechanisms prevail other than in automobile manufacturing; thus, the use of a replaceable standard element offers the option to create a high level of security using hardware-based cryptography while remaining permanently flexible regarding the integration of additional services.
>> This article was originally published on our sister site, EE Times Europe.
Hubertus Grobbel is head of the security products division at Swissbit AG.