Protecting the IoT and connected automotive systems against purpose-built attacks

December 01, 2014

Protecting the IoT and connected automotive systems against purpose-built attacks

By now we've all heard the astounding statistics – Gartner is forecasting that the Internet of Things (IoT) will include 26 billion units instal...

By now we've all heard the astounding statistics – Gartner is forecasting that the Internet of Things (IoT) will include 26 billion units installed by 2020. IoT product and service suppliers will generate incremental revenues exceeding $300 billion with a $1.9 trillion global economic value add.[1] IHS estimates that in 2019 about 5 billion of these devices will be business-critical devices. Lofty numbers indeed.

The Internet of Things will shape the next generation like the web shaped our lives. Everything will be connected from wearables monitoring my health to the assembly lines cranking them out.

Security is paramount

As more business-critical IoT devices become connected, the greater the risk of "purpose-built" attacks will become. Software probing to identify connected devices will identify areas of vulnerability. Attempts to hack into these devices to gain access to the software that controls these systems can have far-reaching consequences.

For example, Freescale Semiconductor ( recently announced a comprehensive hardware/software development system for enabling automotive-grade Ethernet connectivity for next-generation infotainment, instrument cluster, camera telematics, and rear-seat entertainment designs. Freescale's SABRE (Smart Application Blueprint for Rapid Engineering) for automotive infotainment development uses i.MX 6 series application processors for Ethernet audio video bridging (AVB). This kind of silicon/software/connectivity capability promises to transform the car into an interconnected LAN that can integrate smart devices and in-vehicle infotainment and instrumentation. However, only a few feet away resides the telematics software environment – the brains of the vehicle that control the safety-critical and operational systems of the vehicle.

Many makes of automobiles are now promoting Wi-Fi hotspot capability within the car. Mix these three ingredients – Wi-Fi connectivity, infotainment interconnects of IoT devices, and the mission-critical telematics software – and you have an environment ripe for purpose-built attacks.

A combination of isolation, silicon, and software security capabilities are required to achieve the convenience of the "app store infotainment" paradigm where smart devices are welcome to interoperate and utilize the infotainment resources while still protecting the safety-critical elements of the car.

Software security

Allegro Software ( is an example of a company that started out as an embedded web server technology that has identified and embraced the security concerns IoT represents. Allegro incorporates RomDTLS for SSL 3.0 and TLS 1.2-like encryption over UDP communications. This provides the capability to provide authentication and encrypted tunnels between endpoints to increase security of connected systems. The Allegro RomCert provides public key infrastructure (PKI) and certificate-based authentication to enable authenticated access to application data as well as communications to perform firmware updates via the Internet. RomPager even provides an Allegro Cryptography Engine (ACE) for software encryption and decryption services. The ACE also includes a harness API to offload cryptography calculations to silicon if needed.

Silicon security

The telematics microcontroller environment must have safeguards to prevent unauthorized access or access to critical data areas. AURIX microcontrollers from Infineon ( utilize a built-in hardware security module (HSM) to protect software and data within the vehicle. This provides a measure of protection against hackers attempting to infiltrate the onboard systems. The HSM features AES128 encryption implemented in hardware with the performance to encrypt/decrypt Ethernet traffic. Secure key storage is provided in a separated HSM-DFLASH area for protection.

The AURIX architecture was developed according to an audited ISO 26262 compliant process. The architecture includes secured internal communications buses and a distributed memory protection system.

These kinds of silicon security features make the AURIX processor family a good fit for power train, engine management, injection systems, and hydraulic control functions in the car.

Securing a connected world

The connected car is just one example of the security issues relating to IoT. The smart grid industry is rapidly deploying advanced metering infrastructures to measure, analyze, and identify issues within the grid. The healthcare industry can take advantage of wearable technology to better monitor patients. A variety of financial-related IoT tools to make payments and financial transactions more convenient are emerging. Convenience abounds and the explosion of IoT devices is coming. A critical blend of security capabilities from encryption to authenticated access must be incorporated in order to prevent potentially life-threatening issues from purpose-built attacks on these systems.

[1] Forecast: The Internet of Things, Worldwide 2013, Gartner Group.