Protection against attacks for networked vehicles

secunet exhibits COQOS-Demonstrator at IAA [Berlin / Essen, 14 September 2011] At the Frankfurt Motor Show (IAA) on 15th and 16th September 2011, OpenSynergy and secunet Security Networks AG will demonstrate that networking vehicles with the outside world can be achieved safe from malicious attacks when using their joint technology. In a live demonstration COQOS, OpenSynergy's automotive platform, will be presented with secunet's new protection unit. The demonstrator can be seen at secunet's stand B11 in Hall 4.1.

The key product of OpenSynergy's COQOS is an open-source automotive software platform. It enables the integration of Linux or Android-based software frameworks into an AUTOSAR-compatible car environment. This means that technology from consumer electronics can be re-used in vehicles and is connected securely to the car's onboard network. The platform has recently been expanded to incorporate the secunet Protection Unit (PU). Together COQOS and PU guarantee isolation of the internal onboard vehicle network against attacks from the outside.

The demonstrator displayed at IAA shows the most important features and unique advantages of OpenSynergy and secunet's joint technology:

Rule-based communication control
Access rules are derived from the vehicle's onboard network specification. All information, such as which signals are not required on the CAN-bus, can therefore be taken into consideration. The PU then receives all write accesses instead of the onboard network. Only if the rules allow access, the message will be transmitted to the internal bus system.

Software-based isolation mechanisms with a high protection class allow for the cost-effective partition of the infotainment hardware. These allow for the use of access paths only, which are statically compiled during production, between both partitions and hardware elements.
Further features can be explained by the secunet and OpenSynergy experts on stand B11 in hall 4.1:

Real-time corrective action
When an undesired action is detected through infringement of the rules, the control unit initiates corrective action. This includes a reboot of the infotainment partition and the infotainment operating system, the closure of processes and system recovery from original versions.

Policy rules update
If enhancements are carried out by the manufacturer to the onboard network or applications added to the infotainment system, new sets of encrypted and signed rules can be rolled out safely within the active fleet.

The cryptography unit allows for security methods such as signature verification, secure key store and VPN support.
Rolf Morich, OpenSynergy CEO, predicts a successful future for the product: "Combining COQOS and PU has finally given the automotive industry a solution to bringing about the car in the cloud."