Thursday, August 18, 2016

Security Matters for the Software-Defined Car

Bill Boldt
Business Development Manger, Security, BlackBerry

Certicom, the crypto expert in the BlackBerry Technology Solutions family is positioned to lead the way to a secure software-defined future for the automotive industry –because when it comes to the security, real-world experience matters.

Certicom is a recognized leader in public key infrastructure (PKI) security design,innovation, and delivery. PKI is a foundational technology that has become the cornerstone of real world security across the internet, mobile, medical, financial, government,military, consumer, automotive, industrial, IoT, and just about every application that communicates information electronically. 

Public Key Cryptography uses public-private cryptographic key pairs to sign digital certificates and provide the essential elements of security, which are confidentiality, data integrity, authentication, and non-repudiation. PKI establishes the infrastructure that defines how digital certificates are created, distributed, stored, and revoked.

Public Key Cryptography Matters

It is not at all an overstatement to characterize Public Key Cryptography as having established the main way that security is provided throughout today’s (and tomorrow’s) connected world. In fact, anyone who has ever logged on to a secure web site such as e-commerce or e-banking has used Public Key crypto, most likely without even knowing it. it is already built into personal computers and smart phones, and it won’t be long before it is built into every embedded application as well. And, that is a very important notion to grasp.

Proven PKI solutions from world leading software and security infrastructure suppliers like Certicom increase device (e.g. semiconductor chip and board) security, fight counterfeiting and cloning of products and firmware, promote product and personal identity authentication, secure asset management in supply chains, and improve the security of numerous other applications, including the emerging Internet of things (“IoT”).

Public Key crypto's tremendous growth is being increasingly driven by two powerful forces: 1) the widespread adoption of autonomous communicating devices, and 2) the realization that such devices absolutely must be authenticated.

Supply Chain Security Matters
The long pole in the tent for  security in the software-defined car is in fact securing the supply chain. 

Security assets (such as crypto keys, unique serial numbers, etc.) must be installed into the devices at manufacturing time.  Devices must be distributed to and installed into vehicles in globally located factories. Devices must be warehoused worldwide for subsequent repairs.  Secure devices must be updateable at the dealers and repair shops.  Aftermarket suppliers must be able to sell and update secure devices. These requirements present a logistical tangle. Making a device such as an ECU or secure processor secure means that it will be unique. 

However, by definition that device cannot be used anywhere else.  It becomes a unique stock keeping unit (SKU), which is averse to the purpose of flexible, just in time manufacturing flows.  Security versus flexibility is a serious trade off that must be managed carefully. To maintain the maximum amount of flexibility, personalization and updating should be moved as close as possible to the very last minute.   That means it must happen not only in the factory, but in the field and via updates.  Each car maker faces the same issues, and will have to design and manage a secure device manufacturing system, security certificate management system, and a secure updating system – all of which must be global and long term in nature.

These are the type of things that Blackberry can provide  based upon decades of experience in securing mobile infrastructure and devices, to a level that no other company has done.

Experience Matters

Security is as elemental to an electronic system as DNA is to an organism—and security is BlackBerry’s DNA.

For the connected autonomous car of the future-- security has to be inside and outside the car, in the supply chain,  and updateable.  BlackBerry has the state of the art experience to to those things due to proven experience in making products secure, in high volumes, and in the supply chain. 

No comments:

Post a Comment