TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Making security a priority in connected cars

Making security a priority in connected cars

November 09, 2020

The growing number of Internet-connected devices and accessories in the connected car opens it up to new potential points of attack for cybercriminals.

The hack: it’s not a matter of if, but how often and how severely

The growing number of Internet-connected devices and accessories in the connected car opens it up to new potential points of attack for cybercriminals. Connected vehicles are tied into a variety of outside networks for communications, navigation, maintenance, and even the ability to be directed by apps on smart phones, providing an ever-growing attack surface with an increasing number of points (or vectors) where an attacker could try to gain access into the environment. For the connected car network, it will not be a matter of if you are impacted by a vulnerability exploit or breach, it will be a matter of when – and how often and the impact of each breach.

Failing to properly secure the connected car means more than just putting your personal information at risk; it can take key components of the car offline, rendering it undriveable or something even more catastrophic. For example, it’s been made public via Wikileaks that CIA employees have worked to infect vehicle controllers with malware, under the code word “Vault 7.” Hacker groups like the Shadow Brokers have already exploited these NSA tools, including the notorious WannaCry ransomware exploit that temporarily knocked key business offline, and show no signs of stopping. It is just a matter of time when an exploit kit aimed at the connected car hits the dark web.

The threats to connected cars have been made clear, but the Herculean task now at hand is implementing top-level security practices under time-sensitive and high-pressure conditions. Car makers are in an arms race to develop these vehicles, hoping to gain a competitive edge and become the go-to name in the market. Complications rise to the surface as the hours spent developing the exciting, futuristic features of the connected car far outweigh time spent examining the security issues abound in integrated IT systems. More to the point, manufacturers are still adapting to the processes and structures that are standard to the traditional production of IT.

As Car Becomes Computer, There’s No Need to Start from Scratch

As the automotive industry realizes security must be at the core of the connected car, it faces the challenge of integrating proven IT and security solutions that reliably secure both networked production sites and the vehicles themselves. Consumers are clearly excited, but expectations are high – they want advanced connected cars and expect manufacturers to thoroughly secure their vehicle, as well as provide ongoing security updates. Since manufacturers are just dipping their toes into the business of cybersecurity and are under pressure to deliver quickly, it’s imperative they take note from highly regulated industries with deep security experience like technology and finance.

The current state of the automotive market tells us that the transformation to connected/networked vehicles can only succeed cross-company as industry standards – protocols and processes – must be implemented across the board. Legislators may be reluctant to force them upon the industry, leaving car makers to define best practices and de facto industry standards. As part of this process, they should consider current standards from other highly-regulated sectors such as banking, and adapt to their specific needs. Car makers may find themselves navigating financial regulations, for example, to ensure that connected vehicles can safely and securely execute transactions and simple payment processes when refueling/recharging at the (electrical) station, automatically billing parking tickets and purchasing new parts and gear as needed, among other scenarios.

Building the Connected Car Starts with the Box

As auto manufacturers attempt to ingrain themselves in the practices of IT and security to get their connected cars on the road, they have the advantage of learning from other industries.

New call-to-actionSecurity standards have already been established in the technology and finance sectors, and they can be adapted by the automotive industry to protect the data and systems in networked vehicles. At the center of consistent security is end-to-end encryption, in which hardware security modules (HSMs) constantly establish protection via authentication. They are used, for example, in the following methods:

  • Key Injection: As a component of the HSM, you can insert individual digital keys into semiconductors using a real random generator. With the unique key of the components, the connected car is given a “digital identity” that authenticates the vehicle throughout its entire lifecycle. Authentication is used, for example, when the vehicle arrives at the workshop for maintenance, or eventually as cars communicate data and information among themselves (V2V).
  • Authentication as the base layer for access control: Only those who have the digital key can make changes to the system in the vehicle – for example, downloading GPS updates or music would require authentication. In terms of any maintenance work on the vehicle, dealers and services can securely access the system using a Public Key Infrastructure (PKI).
  • Code Signing: Software in the connected car will have already received an individual key during the development phase. This ensures that the code is both genuine and correct, and the integrity and authenticity of the software and its updates are safeguarded.
  • Protecting the exchange of user data: Personal information should only be stored in an encrypted database. The cryptographic key material is managed and stored on premise, yet separated from the database in an HSM. Data is then protected against any unauthorized access, even if the database contents fall into the wrong hands – like the media and cybercriminals.
  • Protecting monetary transactions: Ensure processes like tokenization and Host Card Emulation (HCE) are standard to securing the vehicle, as they are currently used in smartphone payments and transactions.

Security will Make or Break the Connected Car

As the automotive industry scrambles to develop vehicles with an impressive suite of IT features that stand out from the crowd, it is essential security is not seen as an added feature, but a prerequisite. The connected car will only reach its full potential if security is made a top priority – safety risks within the vehicle as well as threats to greater networks like the electric grid have the potential to create serious safety issues and unwanted disruptions to service.

Facing this new phase in the industry, auto manufacturers that have traditionally been tasked with providing safe, sturdy and well-built vehicles are switching gears to build hyper-connected and equally secure next-generation cars with the sleekest, coolest tech that can play the field with smartphones and other devices. But when cars become computers, the everyday traffic jam is a hacker’s paradise. To ensure security is fundamental to the development of the connected car, auto makers and OEMs must implement practices that quickly resolve any detected safety gaps during the process of production and systems development. Similarly, big industry players will be encouraged to join forces to develop cross-company/industry standards and adopt and adapt established ones.

 

This blog has first been published on July 19, 2017

Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Encryption Consulting LLC Softline Solutions GmbH Telegrupp AS Abrantix AG Fortiedge Pte Ltd. Macroseguridad intarsys AG Thomas-Krenn.AG Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Primekey Solutions AB Baas Control s.r.o. MTG - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd Cyber Armor Pte Ltd Compumatica secure networks GmbH Utimaco HSM - QuintessenceLabs CertiSur S.A. VAR Group SpA - Utimaco Hardware Security Modules Partner Perceptus-sp.-z-o.-o. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner E-Sign S.A. PrimeKey Labs GmbH Cryptomathic A/S AKEA S.A. - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Cryptomathic GmbH Compumatica secure networks B.V. Utimaco HSM - PTESA_profesionales en transacciones electronicas Nexus - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. Utimaco HSM - InfoGuard Swiss Cyber Security IQuantics Corp CEGA Security Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Microexpert Limited Rohde & Schwarz Cybersecurity GmbH Altacom UAB CewTec S.A. cv cryptovision GmbH JJNet International Co., Limited - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. SecureMetric Technology Sdn. Bhd. ESYSCO Sp. z o.o. Nexus Technology GmbH PKI Solutions Inc. Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Versasec Real security d.o.o. MALKOM D.Malińska i Wspólnicy s.j. Ascertia - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Envoy Data Corporation - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Safesoft Kft. Fornetix - Utimaco Hardware Security Modules Partner CREA plus d.o.o. Clearkey Consulting - Utimaco Hardware Security Modules Partner Cryptomathic Inc. MIcrosec
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research