The New Challenge: Security

Automobile manufacturers need the expertise of suppliers, who also benefit from the competences of external partners – for example, in the development of software for automotive security. Dipl.-Ing. André Zeh, owner and managing director of F+S Fleckner und Simon Informationstechnik GmbH, explains important aspects of this issue.

André ZehMr. Zeh, automotive security is about protecting unauthorised access to sensitive data. Which data needs to be protected in a motor vehicle?

Dipl.-Ing. André Zeh: In the past, security was relevant primarily for two areas: the key system, to protect the vehicle against theft; and access for maintenance, to prevent manipulation of the motor or tachometer.

But that is changing now. Autonomous driving, or to be more correct, partially or fully automatic driving, requires technological interfaces for the transfer of data between vehicles and the infrastructure, such as traffic lights. Of course, these new interfaces must be protected against manipulation.

In other words, cars will have more interfaces that require protection?

Zeh: Yes, but unfortunately it’s not that simple. Because not only the new interfaces, but all functions have to be protected – and not only against access from outside: the controllers in a vehicle must also be protected from each other.

Do you actually expect attacks on one controller by another?

Zeh: There is no absolute security; an interface can be hacked. In the event that one controller is “taken over” it is necessary to prevent the attacker from taking control of the entire vehicle. A knight’s castle was also built with the knowledge that several ramparts are better than just one.

Are multi-stage attack scenarios really conceivable?

Zeh: Yes, just to give one example: ethical hackers – experts who uncover weak spots so they can be eliminated – were able to hack a Jeep in 2015 because its infotainment system was not secure. From there the hackers were able to manipulate the gateway and all other controllers, which allowed them to operate the vehicle as if by remote control.

Such attacks have to be prevented in the future. If an interface is hacked, it is important that only that one function is “lost” and not the entire vehicle!

Do you have ideas for how to protect the controllers?

Zeh: Of course, we already have a few ideas, but one cannot just do whatever one pleases. We need international standards so that the infrastructure can communicate securely with the vehicles and the vehicles with each other.

Automotive manufacturers and security experts from the Fraunhofer Institute SIT, for example, are currently developing standards and encryption technologies for vehicles and for the infrastructure.

And if everything is standardised? Why is your competence still needed?

Zeh: If you have ever tried to read a standard, then you know that it is not easy, and that is not only because of the awkward wording. For one thing, one needs a great deal of expertise to be able to understand and apply a standard...

...and you have this expertise?

Zeh: Yes, we have the qualified experts in our team and I myself, for example, worked in IT security at T-Systems. In addition, we have extensive experience with automotive embedded systems from a wide range of areas, such as display systems, infotainment, active chassis control, power train, but also the "security classic" immobilizer.

That answers the one question, but I interrupted you. What does one need besides expertise to understand a standard?

Zeh: Security is only as strong as the weakest link in the chain. To make every single controller secure, it is therefore necessary to understand the communication structure of the vehicle. One also needs good processes for the error-free implementation of security solutions. But the most important thing is to be aware of all potential problems.

Awareness of problems – is that not taken care of by the standard?

Zeh: I’m afraid not. We have been working for years as experts in the field of functional safety. Management and developers almost always underestimate the challenges of functional safety in systems.

It will be similar with respect to security: the developers will think they only have to integrate a few encryptions. But if they do so without proper understanding of the architecture and potential attack scenarios, it can easily happen that they will open back doors and even entire gateways that allow hackers to break the encryption.

Do you believe that F+S is better prepared for this task than other suppliers?

Zeh: Our experience speaks for us. For more than 15 years we have been developing software for the automotive sector and providing consultation services related to quality and processes.

We choose our development engineers on the basis of their ability to work in a disciplined, process-compliant environment. They are then trained by our experts for the particular processes and encouraged to comply with them. To put it colloquially: our developers learn the processes from the cradle on.

And how do you help your customers specifically?

Zeh: We understand the requirements of security – both with respect to the process technology and implementation. Our consultants and development engineers have the expertise and the necessary awareness of problems for proper implementation of the tasks. That enables us to help our customers to supplement their process descriptions to include the issue of security and also to achieve error-free implementation of these processes.

Doesn't that make your customers dependent on you?

Zeh: We attain customer loyalty thorough quality, not through secrecy. We make our know-how transparent from the beginning – in the product specifications, in the design and test documents and in the process descriptions. If needed, we are also glad to train our customers’ employees. That is another reason why our customers have been working with us for so many years.

Our customers do not become dependent on us. And because we make our expertise available so that others can use it, we can always create free capacities to accept new challenges.

Good luck, then, in making our cars secure for the future!