Anna Steffora Mutschler of Semiconductor Engineering recently observed that self-driving cars have prompted the semiconductor industry to consider a number of complex legal and regulatory issues.
“[Self-driving vehicles] open up a whole new field for legal interpretation, case law, and regulation,” she explained.
“While most liability cases in the past never crossed below the system vendor/supplier level, [this] could change with autonomous vehicles. [In terms of security], self-driving cars pose a huge concern given the amount of silicon and software and the size and mass of vehicles.”
Indeed, as Asaf Ashkenazi, senior director of product management at Rambus Cryptography Research points out, while the Internet revolution improved many aspects of our lives and boosted the world’s economy, it also introduced new threats and concepts such as cyber-crime and cyber-warfare.
“Self-driving cars are really no different,” he told Semiconductor Engineering. “There is no doubt that by the time self-driving cars roam our streets they will be fully connected, raising concerns about ensuring the integrity of the software, and ensuring it is not maliciously replaced by a rogue version that could bring harm to the passengers or bystanders. This is only one of many concerns that will need to be addressed by self-driving car manufacturers, operators and regulators.”
According to Ashkenazi, self-driving cars are currently undergoing a risk-reward analysis by many in the industry, with a focus on reducing accidents, traffic congestion and cost.
“We may also see some existing transportation-related businesses become redundant, and new businesses emerge to provide new services enabled by new technology,” he added.
As Mutschler emphasizes, security is a concept that makes the above-mentioned equation more palatable. If done right, she says, security must be part of the primary automotive design, rather than a tertiary afterthought. Indeed, modern vehicles are essentially a network of networks – equipped with a range of embedded communication methods and capabilities. As such, there is broad consensus that vehicle cyber security should rank as a top priority for the automotive industry.
That is precisely why Rambus and Movimento recently teamed up to deliver secure and personalized OTA updates for connected vehicles. Currently, the majority of OTA solutions designed to deliver functional updates and security patches use the very same software encryption key for multiple vehicles, which increases the vulnerability vector of an update. In contrast, updates provided by Movimento and Rambus are delivered via one-time, single-use keys that are unique to each vehicle – effectively minimizing vulnerabilities and maximizing security.
More specifically, Movimento’s OTA technology uses Rambus’ CryptoManager platform to enable in-field provisioning of encrypted keys generated for a specific vehicle, thereby facilitating secure communication between cars and the Cloud.
“CryptoManager offers an integrated security platform with flexible implementation, comprising a hardware root-of-trust and secure firmware,” Dr. Simon Blake-Wilson, VP of Products and Marketing at Rambus Cryptography Research explained. “When combined with Movimento’s OTA technology, CryptoManager enables the next level of integrated chip-to-Cloud-to-car security. Simply put, CryptoManager is an embedded hardware solution that minimizes the attack surface of the vehicle by providing end point security.”
Interested in learning more about Rambus and automotive security? You can check out our automotive security page (insert link when live) here and our article archive on the subject here.
Leave a Reply