When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the vehicle delivered to the consumer. When one typically thinks of applying encryption, it is focused on protecting the confidentiality of data at rest, in motion, or even while being processed. However, what about measuring whether the data should be trusted instead how whether it needs to be protected?
This begs the question of integrity versus confidentiality, which switches the emphasis of cryptography from encryption/decryption to digital signatures, verifications, and hashes. Management becomes critical as either symmetric key verification (such as Tesla’s message authentication code-based method using AES Keys) or other ECDSA\RSA PKI methods leveraged for validating software in an automobile. The crazy thing is, the rabbit hole is much deeper and if any protocol that a car consumes is considered safe or secure, the methods in a car's supply chain must also demonstrate integrity in application. Time to go down the rabbit hole.
Any given automobile is an exercise in multiple suppliers and multiple technologies coupled with processes for contracting and logistics. In these cases, the processes for building an automobile involve multiple tiers of suppliers providing components that come together to become the end product. That is a wicked problem – as multiple parts on multiple delivery schedules come together to be the car you buy at the dealership. This drives the need for the right item to be delivered at the right time to make the right delivery schedule. Cryptographic integrity helps drive the idea that aspects of building the right thing is demonstrable and understood by all parties. Ideas such as Smart Contracting, Software Integrity, and Hardware Attestation are driven by cryptography.
- Smart Contracting — The idea that items can be signed by one entity and validated by downstream suppliers. Items like bills of lading, delivery receipts, and manufacturing orders can be signed and validated with outside observers of the direct supplier-to-supplier interaction such as the ultimate owner of the supply chain. With our Key Orchestration solution, we can address the relationships between all of the suppliers acting as nodes within a hierarchy. We address contract and logistics actions using Digital Signature, MAC, or Hashing operations on the data. Positional Security and Policy ensure that the right transactions are executed by the right people on the right data, creating a trust system that aligns with the supply chain or is externally exposed via Blockchain technologies like the Ethereum network.
- Software Validation — As discussed in our white paper on Automotive Iot, a critical tool is key management of the root of trust for application and supporting the Digital Signature and Verification operations. Distribution of key material is critical in Software Validation as appropriate public keys or symmetric keys need to be available to confirm the signature of software. With Key Orchestration, we can provide a KMIP-enabled framework to support policy-driven operations for the generation and distribution of cryptographic material and the ability to sign and validate data based on PKI or MAC implementations.
- Hardware Attestation — This is a fascinating subject and plays a huge role in supply chain security. If the supporting hardware is compromised, every software component that runs on that hardware is compromised. The Spectre vulnerability demonstrates that multiple operating systems were endangered because the hardware was compromised. In the case of Spectre, it was an engineering flaw — where things get scary is when the flaws are intentional. Hardware attestation gives hardware from a manufacturer the capacity to demonstrate its integrity to a third party. They can use signatures, hash, or MAC values to validate the given hardware's identity. With Key Orchestration, this is accomplished much in the same way as software validation with extra initial steps to using vendor-provided data to establish nonces or validate signatures, hashes, or MACs.
But what about Blockchains? That's an interesting question. Blockchains are driven by crypto-focused integrity and distribution of nodes that makes attacking the integrity of the entire network very difficult. With solutions like the Ethereum Blockchain network, there is neutral ground to associate operations. This helps in application of smart contracting as the contract actions become written and distributed across Ethereum nodes. Where things become interesting is navigating the combination of private and public blockchains (and orchestrating that behavior in line with other processes). Key Orchestration provides a combination of cryptographic operations, objects, and structure to provide a foundation for applications that emphasize cryptographic integrity. Cryptographic operations include the ability to create encryption keys, encrypt/decrypt data, sign/verify data, hash data, and use MAC/MAC to verify data. As for the objects themselves, the Key Orchestration appliance can operate the above operations on certificates, symmetric keys, asymmetric keys, and opaque objects (which can represent other data types beyond keys). Finally, the policy and hierarchy of Key Orchestration binds the node to node interaction in a flexible, consistent, and secure manner. In this architecture you find the means to use cryptographic trust, built on standards-based cryptography and protocols, to address integrity in automobiles and the supply chains that create them.
It all comes together with the concept of cryptographic integrity, a secure supply chain, and trust through distributed nodes and cryptographic operations. Confidentiality via encryption remains absolutely critical for protecting privacy data and intellectual property in the supply chain. Encryption aside, there is a lot of trust that is needed to make a connected car work as expected. When we developed the Key Orchestration technology, this was the type of problems we set out to solve. Data-Centric Security is not just about protecting data — it is equally about how you trust the data.
Take a deep dive into what it takes to secure connected cars - Register for our on-demand webcast now - Understanding and Controlling Security Vulnerabilities in Automotive IoTShare this entry