5 Ways to Protect and Secure Connected Cars

Innovative automakers, software developers and tech companies are transforming the automotive industry. Drivers today enjoy enhanced entertainment, information options and connection with the outside world. As automobiles move towards more autonomous capabilities, the stakes will raise in regards to security. Even if cars are not entirely driverless, the functions will become increasingly dependent on applications, connectivity and sensors. Vehicle-to-vehicle (V2V) and Vehicle-to-Infrastructure (V2I) allows the car to communicate with other cars and infrastructure such as traffic lights. Vehicle speed adjustments, telematics, and AI voice recognition and interfaces will become common features.

Image for post
Image for post

Innovative automakers, software developers and tech companies are transforming the automotive industry. Drivers today enjoy enhanced entertainment, information options and connection with the outside world. As automobiles move towards more autonomous capabilities, the stakes will raise in regards to security. Even if cars are not entirely driverless, the functions will become increasingly dependent on applications, connectivity and sensors. Vehicle-to-vehicle (V2V) and Vehicle-to-Infrastructure (V2I) allows the car to communicate with other cars and infrastructure such as traffic lights. Vehicle speed adjustments, telematics, and AI voice recognition and interfaces will become common features.

Application Shielding: Fortifying the Connected Car

Application shielding is the process of adding security functionality directly to mobile applications so that they can withstand hacker attacks independently from the surrounding environment. Application shielding combines prevention, detection, remediation and prediction to go beyond basic best practices to deliver the highest level of mobile application security available today.

As more applications, connections and sensors run in the untrusted environment of the connected car, heightened security measures are apt to follow. By 2020, 30% of enterprises will use application shielding to prevent intrusion, tampering and reverse engineering1. Application shielding is ideal for high-value applications to prevent the crippling effects one hack can have on auto manufacturers when brand and company trust are at stake.

Application shielding utilizes the following main methods:

Obfuscation: The term “obfuscate” means to render obscure, unclear or unintelligible. The goal is to remove as much of the structure as possible that would be familiar to reverse engineers, to make the code as confusing as possible while keeping functionality the same. Control flow obfuscation modifies the basic structure of how subroutines are called. For example, calls to subroutines could be replaced with computed jumps and functions can be inlined. Symbols for function names can be replaced with random strings.

Integrity protection: One of the cornerstone mechanisms of application shielding is to prevent attackers from making any modifications to the application code. That is exactly the purpose of integrity protection. To achieve this, several sophisticated methods are used. For instance, hundreds of very small functions can be embedded into the code, which calculate checksums of fragments of code and compare them to the checksums stored at compile time. Another method is to add a signature of the code to the executable and, at run time, verify if the code matches the signature.

Whitebox cryptography: This is a highly specialized form of anti-reverse engineering, in which a special cryptographic library provides strong protection for cryptographic keys. In white box cryptography, the underlying mathematics of the cryptographic operations are obfuscated in such a way that the keys never appear in the clear. Standard operations such as encryption, decryption, key unwrapping, and digital signature creation and validation can all be done with white box cryptography techniques, protecting the keys even if the device is jailbroken or rooted.

Debugging: One of the primary tools hackers use to reverse engineer code is debuggers. Normally used by legitimate software engineers to find bugs in code, debuggers give hackers a powerful tool from which to reverse engineer code. Debuggers generally work by setting interrupts at specific points in an executable, thus modifying the executable. Application shielding inserts numerous anti-debug checks into your protected application. These checks take into account the unique indications of the target platform that may identify the presence of a debugger.

Jailbreak and rooting detection: Jailbreaking and rooting are similar terms that describe the process of gaining privileged access to a device and overcoming its software and hardware limitations established by the vendor. A jailbroken or rooted device can be used to install a modified version of a car manufacturer’s mobile application, which could be used to execute malicious activities with the vehicle. Therefore, the standard security practice is to prevent the application from running on jailbroken and rooted devices by employing a number of smart detection checks inserted into the code.

Image for post
Image for post

Download our 2018 Intertrust Connected Car Security White Paper

Intertrust’s Products for Connected Car Security

whiteCryption is a leading provider of application shielding solutions to prevent hackers from reverse engineering and tampering with code. Our products are backed up by superlative support and professional services to help you achieve your business goals quickly and efficiently. Market leaders have deployed whiteCryption in mission critical situations in major automotive, banking, finance, healthcare, and media and entertainment applications around the world. Our technology protects millions of devices and apps, protecting personal information, crypto algorithms running in hostile environments and sensitive intellectual property; we extend the secure perimeter around apps beyond where traditional technologies have gone.

Our application shielding portfolio consists of two products:

  • whiteCryption® Code Protection™ provides application developers with a comprehensive suite of anti-reverse engineering and runtime application security protections to help protect your applications.
  • whiteCryption® Secure Key Box™ is an advanced white box cryptographic library that protects cryptographic keys for critical security functions such as device authentication, secure communications, and data encryption.

Founded over a decade ago by Intertrust Technologies Corporation, Seacert provides public-key infrastructure (PKI), specializing in large-scale key provisioning for device identities. Seacert’s services are used by leading media and entertainment companies, manufacturers of automotive, healthcare, and other types of IoT devices. Seacert credentials are embedded in hundreds of millions of devices and applications worldwide.

2018 Intertrust Connected Car Security White Paper

Download the white paper

Image for post
Image for post

This white paper describes the potential threats in modern connected cars, the ways hackers attempt to tamper with the data and software, and what are the solutions to these threats. Finally, this paper will focus on Intertrust’s robust solution to protecting connected cars — a set of software tools that are intended to increase application-level security and render hacker attacks extremely difficult and expensive to execute.

Sources:
1https://www.gartner.com/doc/3747622/market-guide-application-shielding

Originally published at www.intertrust.com on June 5, 2018.

Senior Product Evangelist in data and security. All things #startups #mobile, #data #security and #IoT. Snowboarder, book worm.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store