A modern motor vehicle can have more than 100 electronic control units (ECUs). They optimize fuel consumption, inform the driver of road conditions, entertain passengers, control braking, and perform many other important functions. The software for these control units is becoming more and more sophisticated. The amount of code can exceed 100 million lines of code – more than in a modern operating system.
This enormous amount of code is bound to have some vulnerabilities, which means that every ECU and communication interface could become a target for hackers. Today, security issues in the automotive industry have become so important that their requirements and mandatory certifications are being discussed by international organizations. For example, the World Forum for Harmonization of Vehicle Regulations (WP.29) has developed a set of regulations governing cybersecurity in the automotive industry. The regulatory provisions of R.155 and R.156 have already become mandatory in some countries. These documents describe key requirements related to:
The ISO/SAE 21434 industry standard was also created to serve as a basis for the development of cybersecure systems for road vehicles.
Kaspersky Automotive Secure Gateway (KASG) is specialized software that is designed for high-performance controllers of connected vehicles and combines the functions of a telematic control unit (TCU) and a secure gateway. KASG provides secure and reliable communication between electronic units of the E/E architecture and between these units and the connected vehicle cloud and diagnostic devices. This software can be used to implement remote diagnostics, secure over-the-air ECU updates, and other telematic services. KASG includes the Kaspersky Automotive Adaptive Platform (KAAP), which allows you to design and develop inherently secure systems (Security by Design) that meet the requirements of cybersecurity regulators based on the international AUTOSAR Adaptive standard.
KASG fully complies with the new cybersecurity requirements of WP.29 because its products and components were designed and developed according to Secure by Design principles. It also meets the applicable functional safety requirements (ISO26262) and can be used to build systems with an automotive safety integrity level as high as ASIL-B.
The solution can be customized and adapted to the specific tasks of a customer. The standard set of KASG components and products includes:
Strict isolation of vehicle system components and secure updates, including over-the-air updates and remote diagnostics throughout the life cycle of the vehicle.
The solution helps manufacturers meet the requirements of UN cybersecurity regulations R.155/R.156 and complies with the international regulatory frameworks for functional safety (ISO 26262) and cybersecurity (ISO/SAE 21434). The solution includes a runtime environment for applications that complies with the AUTOSAR Adaptive standard.
A telematic control unit and secure gateway are combined in one solution. Functions from other ECUs are consolidated within the framework of a service-oriented AUTOSAR Adaptive platform.
The software included in KASG protects against the following threats.
In a modern vehicle, the range of users is expanding. For example, users may include multiple individuals, legal entities, or services. KASG delineates the access levels of these users so that they only receive the appropriate permissions for their intended functions. For example, the driver can drive the vehicle, a passenger can adjust the interior temperature, and the remote diagnostics service can receive information from the vehicle systems.
Vulnerabilities in smart cars can be the target of cyberattacks. KASG detects malicious commands or messages circulating within the vehicle over the CAN bus, Ethernet bus, or external V2X data transfer channels, and notifies vehicle security operations center (VSOC) security officers of this malicious activity.
The widespread use of app stores for IVI results in a large amount of third-party code that is not always subject to proper security oversight. Attacks through this type of system can lead to the exposure of a user’s personal data or the theft of financial information. KASG restricts access to data exchanged between applications, validates the data, and loads trusted data into the IVI system.
The solution enables you to proactively block malicious data streams (e.g., via backdoors) according to the vehicle manufacturer’s defined specifications. The gateway essentially acts as a firewall between trusted and untrusted segments of a vehicle’s internal network.
Attacks via diagnostic sessions enable hackers to take control of vehicle units by using commands or reflashing device firmware. KASG provides a defense-in-depth approach to minimize the risk of these threats by providing:
If a faulty or compromised external component in an update is not detected in time, it can create risks for the vehicle. KASG verifies the chain of software update providers according to the latest requirements of the AUTOSAR Adaptive Platform, Uptane standard, and Cyber Immune update patterns for KasperskyOS.
While in motion, a smart car is limited to using wireless data links to the infrastructure or to other vehicles. Interference and deliberate attacks (signal interception/substitution) in the absence of secure communication channels pose a threat to the proper operation of vehicle units. KASG takes control of the functions for protecting all external communications, including TCP/IP traffic and RPC services (SOME/IP, DDS, MQTT).
Unauthorized access to data storage can result in compromised certificates in chains of trust, or leaked subscription payment tokens, for example. The KASG solution provides secure storage for this type of critical data.
This is a specialized SDK platform that was developed based on the AUTOSAR Adaptive standard to create reliable applications for ECUs in smart cars. You can use the platform tools to build the following secure solutions:
The platform includes drivers, base software, and AUTOSAR Runtime for Adaptive Applications (ARA).
This platform is capable of running adaptive applications while providing them with AUTOSAR-compliant functional clusters, platform services, a POSIX-compatible layer and industrial-grade libraries and environments for autonomous driving systems such as OpenCV and Point Cloud Library. It can also run services not designed for an adaptive platform.
Products based on Kaspersky Automotive Adaptive Platform have a multi-layer security system to protect against cyberthreats. This system is based on the KasperskyOS secure operating system with its subsystem called Kaspersky Security System (KSS) that controls all interactions between components. An avatar scheme is implemented at the AUTOSAR Adaptive level. This scheme guarantees that all interactions, even those between remote ECUs, go through a single point of security decision-making (KSS). The platform also ensures that data is loaded securely, and provides a secure data storage service. At the cloud service level, the platform ensures that updates are securely downloaded and security events are securely communicated to the monitoring center.
Even if a specific ECU component is operating abnormally or is attacked, KasperskyOS technologies will not allow the component to affect the way other systems perform their own critical functions. This protection is provided by a multi-layer security system that includes a microkernel operating system, KAAP in-platform security mechanisms, and functions for secure update downloads and VSOC integration.
Software developed using the Kaspersky Automotive Adaptive Platform enables the creation of a complete ecosystem of applications for embedded automotive systems. This approach ensures the reliability and functionality of systems at all levels throughout the vehicle’s life cycle.
When developing products, you do not need to consider all the details of a specific electronic unit. You can run Adaptive standard applications and/or migrate non-AUTOSAR services to the platform without compromising performance or security.
KAAP-based applications can implement data exchange between a vehicle and the connected vehicle cloud, and between a vehicle and OTA services. The applications can be used in high-performance ECUs. The SDK includes a tool for automatic porting of AUTOSAR applications.
This component provides for secure data exchange across all communication channels within the vehicle and with the V2X infrastructure. Gateways developed using this framework can perform the following functions:
This component provides centralized over-the-air updates to various vehicle ECUs.
You can use the OTA agent to:
This component centrally collects security events and forwards them to vehicle security operations centers (VSOC).
The VSOC agent enables you to:
This component provides remote diagnostics and telemetry for various ECUs in a vehicle.
The RVD agent enables you to:
pdf, 0.33 MB