NMW2017: Kaspersky Lab and AVL Software and Functions GmbH pave the way for secure-by-design connected cars

FRANKFURT, Germany – September 13, 2017 – In response to the rising cybersecurity challenges facing the connected and autonomous car industry, today Kaspersky Lab and AVL Software and Functions GmbH unveil the Secure Communication Unit (SCU) at New Mobility World / IAA 2017 in Frankfurt, Germany. This security solution prototype demonstrates the possibilities of interference-proof communication between car components, the car itself, and its external connected infrastructure, making connected cars secure-by-design.

With each new generation of automobiles introduced, new intelligent technologies – such as those for remote diagnostics, telematics, automated and autonomous driving, remote driver assistance and infotainment – are incorporated to make each car more innovative than the last. Car controls are becoming more and more complex cyber-physical systems with multiple sensors, controls, applications, subnets and communication modules that interact with other vehicles and their environment. This means that their functions can now be controlled remotely, via digital systems which makes connected cars increasingly vulnerable targets of cyberattacks.

The rising number of third-party applications, system complexity and the increasing dynamic in software update cycles that make use of over-the-air updates has made it difficult to test the complete connected car system for bugs, backdoors and architectural issues. The Secure Communication Unit makes it possible for connected cars to be secure by-design, regardless of the third-party software and systems on board.

The SCU is a communication gateway control unit, connected to several subnets and/or gateway-controllers to these subnets within the car network, acting as a single secure gateway for incoming and outgoing communication flows. Based on security policy enforcement and strong separation to prevent unwanted contact between various car components, the software helps ensure proper interference-proof communications within the car network.

The software platform of the SCU consists of security components that are trustworthy-by-design. The microkernel proprietary operating system, KasperskyOS, is based on well-established principles of security-driven development and specifically designed for embedded systems with strict cybersecurity requirements. KasperskyOS removes the chance of undocumented functionality, and thus mitigates the risk of cyberattacks; even if unauthorized code is embedded, it will not be executed because undocumented functionality is prohibited by default. Other components include a security policy engine, Kaspersky Security System, defining the scope and character of interaction between various components and a trusted channel framework with a set of crypto algorithms, as well as low-level protection services based on hardware capabilities.

“With the modern automobile ecosystem becoming more and more complex and interconnected, it is not surprising that cybersecurity concerns arise among consumers and the automotive industry itself,” said Andrey Doukhvalov, head of future technologies and chief security architect at Kaspersky Lab. “While the opportunities and benefits are apparent, there is still a need to make automotive systems secure. That’s why we’re making a big step forward with our prototype for secure car communications to ensure that connectivity opportunities don’t turn into failures.”

The SCU prototype presented is exemplarily implemented in ARMv7 architecture with recommended 128 MB RAM and IOMMU. Other hardware platforms can be developed on a case-by-case basis in accordance to the requirements of a particular manufacturer.

The platform provides the solution framework for specific customized applications, allowing car manufacturers to develop and implement unique SCUs into their cars, based on hardware and additional software components aligning with their manufacturing plans. The SCU is available for OEMs, ODMs, system integrators and software developers around the world.

More details on the Secure Communication Unit are available in our white paper.