- no title specified

The Interconnected Car – Connection Problems

In July last year, the news reported internationally that an SUV class car in the USA was “taken over” by hackers as it was driving. The driver was hardly able to master the situation with the controls still left to him.

Quite some time ago there was a report about how hackers had succeeded in remotely controlling the central locking of a car manufactured in Germany over the internet.

In both cases it was the so-called info-tainment system that the hackers were said to have used as a gateway into the electronic system of each car.

These cases and others not mentioned here show that an “interconnected car” is not safe to build with the currently available hardware components.

This statement also applies to "autonomous driving" which not only delegates a much greater range of driving responsibilities to the technology but where communication with external entities – such as other vehicles and traffic control systems – also plays a far more important role.

A non-technical aspect of this connection is the product liability, which, with today's technology, represents an incalculable risk for vehicle manufacturers.

The challenge lies in connecting devices from various origins together in such a way that they form a functional system. In order for the security of the complete system to be guaranteed, each individual part needs to be secure in and of itself. Since every manufacturer interprets "security" differently, inevitable gaps will emerge that can only be closed by making sure that your own system part remains secure, in terms of IT, and reliable despite weaknesses in other parts of the system.

The weakness in these systems exists in the hardware of the processors. Practically all standard makes of these hardware components are based on an architecture that has existed for around eighty years. The software that has been "stretched over" this architecture can compensate for some, but not all, of the deficiencies that adhere to these systems. Even multiple systems which monitor each other and offer each other redundancies can be "switched off" by malware attacks. The most important deficiency is the non-existent separation between instructions (for the hardware to carry out) and data (information to be worked with) in the database. The resulting muddle leads to the high success rate of hacking attempts that are being reported more and more often. These attacks usually run along these lines: instructions disguised as data are channelled into the computer over an interface (internet, modem, external drives) to be carried out by the processors.

A new hardware architecture, which demands and supports a clean and thorough separation between the data categories that exist in the system, could remedy these issues. This is achieved by the technology described here. It prevents software from being installed without the operator's involvement. This allows the operator to maintain complete control over the systems thus formed making it a mark of quality and a risk-minimising criterion for the above-mentioned product liability.

This hardware architecture is patented and won first prize in the "Hardware" category at the competition "INNOVATION PRIZE – IT 2015".

IT security "Made in Germany" - further information available from friedhelm.becker2@t-online.de.