In part I of my blog, I discussed the advent of the modern-day automobile and the coming wave of autonomous vehicles. I noted the challenges and opportunities inherent in this budding technology. Here, I further explore the most effective security option available for the industry.
All of this new technology will be pegged to the success of the security that helps prevent hackers from taking control of one or a group of autonomous cars. The public will not allow any mistakes. The first autonomous car that is remotely driven off a cliff or into a wall will signal the death of the autonomous car industry. It’s been already proven that the public has some patience for an autonomous car that is mistakenly involved in an accident. It’s unlikely the same patience will be granted to a car taken over by a hacker.
The automotive industry has selected a tried and true security technology called Public Key Infrastructure (PKI). As security technologies go, there’s nothing more secure, nothing more tested and nothing more respected for its security performance in digital systems. PKI uses a pair of cryptographic keys that have a specific mathematical relationship. This relationship, defined in asymmetric cryptography, allows data encrypted by the private key to only be decrypted by the public key and vice versa. Both keys work in concert to secure the manufacturing of and updates to individual components in a car as well as the car itself. The manufacturer uses the private key to sign (a special form of encryption) the digital elements of a system. The system will validate these signatures with the public key, testing whether digital systems have been tampered with.
The public key by name is meant to be public. This key will be stored in the digital components of the car. The private key is the one that mates with the public key and solidifies the security of the infrastructure. This key represents the root of trust in a PKI system. This root of trust can be held with the manufacturer, but can also be embedded in the car’s digital management systems. This key, whether in the car or at the manufacturer, needs to be protected at all costs. If this key is compromised, the infrastructure will be compromised and a hacker can masquerade as a digital component of the car or the automaker itself. Once a hacker takes control of a system, they will be able introduce or remove code that will make a car vulnerable to commands that will override a car’s programming. Once overridden, the hacker could do anything under digital control within the car.
The private keys held by the manufacturer hold the highest risk if compromised, and therefore have the highest value. These keys can sign digital elements for a large number of cars.
A hardware security module (HSM) is a purpose-built device to generate, protect and allow authorized use of high value cryptography keys. Unless automakers and component manufactures are storing their private keys inside an HSM, the chances of these keys being exposed or compromised is high. The other major issue is that the private key cannot be changed easily or often within PKI systems, therefore, the private key must be kept secure for years or decades.
The alternative to an HSM is storing these very important private keys in application servers that would service the automotive infrastructure. These would only be protected by the corporate networks’ perimeter security and by the hope that the private key cannot be found. This is a false hope. Corporate network perimeters are too complicated to secure. Penetration of perimeter security systems has been demonstrated to be the at the heart of most corporate security breaches. In 2018, all of the corporate security breaches that involved the exposure of data were caused by failures of perimeter security measures. Think the loss of a social security or credit card number is bad from a convenience and financial standpoint? The loss of a private key in the autonomous vehicle environment could be deadly.
The driving public accepts that accidents will happen. The driving public will never forgive companies that knowingly put them at risk. In a PKI ecosystem, storing the most important security aspect of autonomous vehicles in a hackable environment won’t be tolerated. Using an HSM for an autonomous vehicle’s security infrastructure should be an industry standard before the US government mandates it.