A Security Assurance Framework for Automotive

Roland Atoui
Illustration: © IoT For All

With the inter-connectivity of devices becoming ever-present in our lives, it’s vital to bring security standards up to par. In the automotive industry, this can be especially difficult owing to its many unique properties that make the problems of security unique to the industry.

Considering how different the automotive domain is from others, it’s hard to come up with a suitable security assurance framework addressing the entire life-cycle. You can’t apply available approaches from other domains directly, but it’s still possible to use some of their core ideas. Let’s have a look at what those ideas may be and how to apply them to a possible automotive information security framework.

Information Security Standards

With the growing interconnectivity of modern cars, mobile integration and the use of the internet, it’s safe to say that private networks in the car will soon be no more. It comes with increased functionality, cost-effectiveness, and comfort, but also new implications for functional safety. In those circumstances, it’s clear that we need to define sector-specific automotive security standards, but to do so, we must draw from existing security frameworks of other industries.

Goals of Automotive-Specific Information Security Standard

The main priority of any security standard is to make security a core part of the development process. Automotive systems need to be protected, so there should be an effort to do that by extending the existing quality systems. That includes identifying and managing risks as well as allowing for independent reviews of information security practices.

The Difference Between Automotive and IT Systems

It’s very likely that some IT-related practices can be applied to the automotive context when building a security framework. However, we need to take the differences between the two domains into account. Owing to their characteristics, automotive and IT systems face different threats. In automotive, adversaries may have physical access to devices. Also, there are specific resource constraints placed on automotive systems that are not an issue in IT systems. Additionally, automotive systems are expected to last a long time, working reliably with minimum maintenance for up to 20 years.

Challenges of Information Security Approach

The uniqueness of the automotive domain poses more interesting problems that need to be solved. Namely, how do we approach security processes? The solution could be a company-level implementation, which means that each company must ensure its product development processes have the same focus on security. However, the level of protection could be different for each product. Therefore it becomes a challenge to ensure an industry-wide security requirement level across different product classes.

Applying Common Criteria Security to An Assurance Concept

We have learned a lot from the Common Criteria framework applied to IT products. It proved to be successful in some domains such as the financial and the government IT procurement area. Given the swift product life cycle and the flexible nature of business operations nowadays, initiatives for improving the existing concept are taking place. Considering this, the elements of an efficient automotive security assurance framework should have the following properties:

Security Profiles/Protection Profiles

Security profiles should outline the security goals (e.g. strong authentication, firmware integrity, and human safety)” of the automotive product classes. These have to be based on well-thought security risk analysis involving risk-owners, developers, and cybersecurity experts. Standardizing these would provide an industry-wide application of common security goals for each given product class.

System Security Requirements

Working in tandem with the security profiles, these would define security requirements focusing on the level of controls “(e.g.tamper resistant secure storage, certified RNG and Secure event logging)”. Each product would have a minimum of these security requirements to fulfill, establishing an expectation for the level of security it should possess.

Process Requirements

Process requirements define all the activities related to product development and operational phase to comply with the security level requirement of the security profile (e.g. ISO 26262, SDLC, GDPR, ISO 27000, etc.).

Security Assurance Methodology

An optional step to establish the measures each internal or external evaluator should take to determine whether a product meets the needs of the security profile.

Coming up with an automotive security assurance framework is undoubtedly a challenge for security and automotive experts alike. However, the automotive domain could benefit significantly from it, making end users safer and propelling the progress of the entire industry.

Author
Roland Atoui
Roland Atoui
Roland Atoui is an expert in cybersecurity and the Internet of Things (IoT) having recognized achievements working for companies such as Gemalto and Oracle with a background in both research and industry. From smart cards to smartphones to IoT tec...
Roland Atoui is an expert in cybersecurity and the Internet of Things (IoT) having recognized achievements working for companies such as Gemalto and Oracle with a background in both research and industry. From smart cards to smartphones to IoT tec...