We'll just say it right away: The title is technically correct, but that doesn't mean that no password is needed anymore. And it's not even a question of whether there are better alternatives (there are, in the form of hardware tokens, for example). The question is rather how these passwords are generated, and how password security has evolved not only in the private or semi-public sphere, but especially in the automotive industry. We caught up with Sebastian Huber, IT project manager, scrum master and security expert at Cognizant Mobility, to find out where automotive security is headed - and how secure it is.
- Password security in automotive security: Have you changed your password today?
- Functional Security, Cyber Security, Hardware Based Security - What is what?
- Automotive Security and Cognizant Mobility - Sought, secured, found!
- Yes and now? How safe can be safe?
- Automotive security and the quantum future thanks to post-quantum algorithms?
Ca. 13 min
Password security in automotive security: Have you changed your password today?
Hach, what were those good times. There was a password that was known to everyone, and poof, you were on the company network. How anyone could ever steal data from there is inexplicable. One password for everything, with a Post It stuck to the edge of the screen, one fits all. But then came the standards. In the private sector, numbers and special characters conquered the beautiful four-digit password world, for games there were Steam and Blizzard Authenticators, and in the corporate sector, keys were now generated: seemingly randomly generated combinations of numbers, letters and special characters. These uniquely generated keys travel directly via API to a server or directly to the cloud and authenticate you. Only you know the key, no one else can have it – practically, long live progress.
Even to the most incorrigible 1234-password-issuers, word has spread that passwords should be changed at least once in a while. This principle is also common in automotive security: the keys change regularly, often at very short intervals. This is basically also possible thanks to innovations like the Digital Car Key, but still another topic, we only mention it for the sake of completeness and cross-reference. However, the basic option of changing the digital keys via software update, for example, is already on the screen and is partly due to the new UN ECE regulations such as UN ECE R155 and R156.
Of course, the access key is only one example of many that play a role in automotive security. After all, the step toward the fully networked car, the oft-cited “connected car,” has long since been taken. Vehicles offer numerous interfaces, some directly into the heart of OEM clouds. The latter run services, entire system architectures that could be fundamentally hacked. The new regulations already alluded to, such as UN ECE R155 and R156, now stipulate that car manufacturers must guarantee the (cyber) security of the vehicle until the end of its life. This is a huge challenge facing the industry, with some aspects becoming more relevant than before.
Functional Security, Cyber Security, Hardware Based Security – What is what?
For those who are less familiar with the industry, it should be mentioned that the distinctions between the homonymous term “security” and “safety” are somewhat simpler in English – here, a simple distinction is made between “security” and “safety”. The area of functional safety – you can find an exciting article on this topic here – concerns “safety”, i.e. the safety of life and limb, for example. If the airbag in the vehicle does not deploy, this relates to Functional Safety, as something has been tested here but does not work, but is relevant to life and limb. Very vividly formulated by our colleague Sebastian, the baby carrier is called “Babysafe” and not “Babysecure”.
Automotive security, on the other hand, relates to the classic topic of information security, which is playing an increasingly important role in our company as a result of advancing digitization and networking. Why are we breaking this down? Because there are two groups in the field of security, counterparts that play an important dual role in the development field of security, namely the party (usually an OEM, for example) that tries to ensure said information security (pun intended). In contrast, there is the group that tries to compromise them. It doesn’t always have to be directly criminal energy: The famous Jeep Grand Cherokee took place at the 2015 “Black Hat” conference – but is actually more of a “white hat hack,” meaning a hack with good intentions: The hackers wanted to show the automotive industry weak points in automotive security that need to be improved and that have led not least to the aforementioned new UN ECE regulations and ISO/SAE 21434. Of course, there are also hacking attempts that can serve negative profit or even become political, up to and including real cyberterror, of course – although this is of great importance in everyday life, it is often not as labor-intensive as the search for gaps that need to be closed for the sake of security. Entire companies specialize in these white hat hacks, for example in the form of pen tests.
Automotive Security and Cognizant Mobility – Sought, secured, found!
There are a significant number of automotive security providers in the automotive industry. Cognizant Mobility also offers to ensure information security around the vehicle and has implemented this practically in numerous projects. A decisive advantage here is the almost obligatory intertwining with the area of functional safety: If you ensure that a system cannot be hacked to manipulate something – such as the airbag already mentioned through its control unit and the onboard information flow – this helps to ensure functional safety. The (note: pun) key to this security is a certificate deposited with the OEM, with which the attacker’s key does not match and is stored in the consequence is not accepted.
So, according to the pillars of information security, well, make sure that a system is always available, but the data is immutable (keyword “Hardware Based Security“) as well as bindingness (in that data is stored unchangeably and permanently in the sense of a black box and thus remains traceable and traceable), the system is secured.
Yes and now? How safe can be safe?
The good news is that everything can be secured within the scope of automotive security, and so well that it is virtually impossible to crack. However, not all aspects in a vehicle are equally worthy of protection. The control unit that opens the power liftgate is not system-critical and therefore not incredibly worthy of protection – so it is not subject to the very highest safety standards imaginable. Of course, a tailgate could also be secured like the airbag, ABS or OBD firewall – but then the vehicle would quickly become much more expensive because this development costs money. And: The more parts are installed, the faster they can become obsolete and are thus subject to the changes of time – pitfalls in the current of progressive development. An old ECU from a Tier 1 supplier was as safe as the standard allowed 15 years ago. DES ciphers of that time are simply no longer a hurdle today.
Generating passwords and keys via the software is therefore only a solution for non-critical systems. Where high security requirements are desired or necessary, for example for the main control unit in the vehicle, the keys should be generated directly in the hardware, which is tempering proof and thus immutable. Moreover, true randomness can be generated here, which spits out secure keys – in contrast to software-based generators of keys, where randomness is not true randomness, which in turn can be a potential gateway for attacks (apparent randomness can be calculated via cryptanalysis).
In hardware-based security (a subarea of automotive security), cryptohardware that can deliver a higher security promise is used for this purpose. Some of the hardware is certified (e.g., according to “Common Criteria” or FIPS), as are its algorithms. Within the scope of this certification, both are subjected to elaborate, multi-stage checks and can therefore be regarded as truly “safe”.
Due to the immutability and the always newly generated, actually random keys, these hardware-based solutions offer exactly the high level of security that is urgently needed in today’s automotive world.
Automotive security and the quantum future thanks to post-quantum algorithms?
The final opponent to be conquered next doesn’t have a face yet, but it does have a name: Quantum Computer. It is still a legend (or at least it is not yet powerful enough and equipped with too few Q-bits), but presumably in the not too distant future quantum computers and the quantum cryptography they enable will play a major role in automotive safety and automotive security. Algorithms that break existing keys already exist today: Shor’s Algorithm is a quasi-quantum algorithm developed in 1998 that can break most existing asymmetric encryption schemes. And that affects much of today’s encryption, not just in automotive security, but in the rest of industry as well. The widely used RSA keys (already popular with PGP back then – has nothing in common with the RSA door openers), the classic YubiKey () go down in front of a hand-built, 25 year old algorithm as well as the somewhat more secure elliptic curves. What quantum computers will be able to do is written in the stars, but it does not promise much that would give cause for rejoicing. Until there are quantum methods that crack conventional methods (such as RSA, which is based on billing two extremely large prime numbers) in an extremely short time, it is really only a matter of time. All news of the company history, or the government, office or state history, retroactively, alphabetically sorted – a horror scenario for most people. And this is being worked on at full speed; after all, quantum computing also offers many opportunities.
But the industry, and especially vendors like Cognizant Mobility, has learned from past mistakes, or so one would like to believe, and so the information security team is once again positioning itself for the future: Pre-quantum cryptopgraphy secure algorithms, so-called “post-quantum algorithms” are already being developed by the industry. What’s more, standardization processes have been underway for years, and countless proposals have been and are being submitted.
This is already having an impact on the real-life automotive security projects that are taking place now, enabling vendors like Cognizant Mobility to gain experience, build architectures, and make extensive preparations: already, many OEMs are planning service packs with support for post-quantum algorithms. After all, the control units installed today must already be equipped with the corresponding capacities in terms of computing power in order to be able to act in a decade’s time. The plans are far-reaching, take years to prepare, and are therefore already part of any meaningful and forward-looking automotive development.
And so it goes on, the game of protagonists and antagonists, black hat vs white hat, automotive security vs the loss of information security. What is certain is that change continues to take place, and that development, things themselves, and passwords will continue to change.
And for sure.