Our recent companion blog for mobile devices “Think secure hardware is everywhere? Think again! (the results might shock you!)” discussed the idea that the market was saturated with devices with hardware security modules.
Unfortunately, you can’t drive a mobile device, so for this blog we’ll explore the same technologies in a different environment: the Connected Car.
For a quick review, secure hardware refers to:
- Trusted Platform Modules (TPMs): dedicated chips for handling cryptographic keys and operations; and
- Trusted Execution Environments (TEEs): secure elements in the main processor
For this discussion, we define a connected car as a light-duty vehicle with a telematics control unit or similar cellular-enabled connectivity.
People want connectivity in their cars
The demand for connectivity in vehicles has been rising steadily in the past few years. The technology began with enabling crash detection, emergency services and vehicle health reports. This trend expanded quickly to remote keyless operations, navigation and a variety of other services to create new and exciting features and services for prospective buyers. However, with increased connectivity, hackers were able to remotely access the vehicle through these connected features and apps, and exploit vulnerabilities in the vehicle systems. If you’re not already familiar, the most explosive of these was the 2015 Jeep Hack.
This pushed the industry, practically overnight, to incorporate better and more robust security controls inside the vehicle and the systems and apps connected to it. But has the industry really moved fast enough? Today we will explore hardware security and see if it’s as robust as its reputation implies.
We’ve said it before. Secure hardware is great when you can afford to use it, but it is never going to be a panacea for vehicle security. But how available is the hardware today? If you are talking about the necessity of secure hardware modules the OEM or Tier level, it is commonly considered a necessity for secure communications, secure boot, etc… But in actuality, we have only seen a small part of these connected vehicles implementing the changes to the hardware to offer enhanced security to their connected vehicles.
In 2017, sales of connected vehicles were approximately 37% of total worldwide sales of vehicles. Of these, no vehicles had been shipped with TPMs or TEEs. In 2018 the number of connected vehicles comprised more than 50% of new vehicles sold, but only 4% of those had either a TPM or TEE to layer on security. This number had only risen from 7.8% in 2019 and 10.8% YTD for 2020. This shows a slow 3-4% adoption increase per year. To be fair, the automotive production timeline is typically 3-5 years so the market saturation for secure hardware may be slower than other verticals, however this presents a very real threat that hackers can exploit.
- ABI Research Digital Authentication and Embedded Security Forecast 1Q 2020
- ABI Research Connected Cars Forecast 2Q 2020
- ABI Research Vehicle and Mobility Market Data 4Q 2019
- McKinsey Cybersecurity in Automotive 1Q 2020
What’s preventing the connected car industry from securing their hardware?
Money. One of the biggest hurdles is the cost of securing hardware. In monetary terms, TPMs and TEEs are generally less than $1 USD for the components, and even more cost-effective at volume. Sounds cheap, but this needs to factor into the millions and millions of vehicles coming off production lines. This cost is not expected to go down as the chips gain features and support a wider variety of cryptographic solutions year-over-year. So why could the average connected car, which can cost upwards of US50k, not afford to include these? In other areas such as IoT or mobile apps, the cost of secure hardware is even more expensive per unit. While it makes sense to weigh the potential security threats before including hardware security, in the connected vehicle case, the issue may be the intrinsic cost of security.
How can an Original Equipment Manufacturer (OEM) charge a customer for something that cannot be realized back into marketed feature, and therefore cover the cost of implementation? The answer is yet to be seen in the market. The reality is that the cost of the hardware is used as a justification to have it removed from a build of materials for a vehicle’s electronic control unit (ECU).
Perhaps it is because the secure hardware is only a part of the overall system security. As stated before, it’s not a one-size-fits-all for resolving security issues. Additional software security is perceived as “free” due the fact that it is only purchased as part of the overall software package. We can only assume that over the next few years as the trend of making more and more vehicles connected increases, so does the risk of malicious actors of discovering flaws and vulnerabilities.
Perhaps there is some good from all of this though. Modern System-On-A-Chip (SoC) vendors provide the ARM-based TEE as part of the baseline product, building security right in from the design phase. These chips are widely used for Infotainment, Smart Gateway, ADAS, and Telematics solutions. This is great because the TEE can be leveraged by system architects and software engineers for hardware security as well as protected applications. It can even host cryptographic software that allows for a more complex, flexible, and renewable method for continued support during the long lifecycle of the vehicle.
Click here to get in touch with to learn more!