Trusting a New Transportation Paradigm

Nov. 20, 2015
What could connected car technology mean for tomorrow's mobility?

Connected car technology can do a lot more than just improve navigation and in-car entertainment. It is changing transportation paradigms enabling car sharing, easy multimode travel and transforming vehicle makers into 'mobility providers.' Success depends on building an ecosystem of trust.

Connectivity and mobility subscriptions enable new possibilities

Earlier this year, Audi unveiled, the Audi Key app. As expected from the first automobile maker to launch an LTE 4G connected car system, the app is a state-of-the-art demonstration of what is now possible in the connected car space. Drivers can use it to see how much gas is in the tank, how many miles to the next service, even where the car is. But one of the more exciting features of the Audi Key is that it lets drivers register other people’s phones for use with the car. At a press of a button, someone other than the owner can walk up to the vehicle and open it with an NFC-enabled handset. If it becomes that easy to assign and revoke car keys, why should everyone need their own car?

New connected car technology is encouraging carmakers, government and everyday people to re-consider society’s relationship with the car. Some previously unthinkable ideas are already here. Car sharing companies such as Zipcar and Car2go are disrupting traditional car rental models and establishing an entirely new market sector, one that Frost & Sullivan says 26 million people will use by 2020. And BMW recently launched a venture with car rental firm Sixt called DriveNow that lets people find, unlock and start cars using a mobile app, then drive them on a charge per minute basis. There’s no central collect and return point so users can drive where they like and leave the car nearby. 

The possibility of enabling mobility subscriptions is game changer for the transportation industry. Instead of purchasing cars, in the future people could sign a three-year contract with a car maker to guarantee mobility. When you need a car, one would be delivered to your house or business, you use it and then drop it wherever you go ready for next driver. And the contract wouldn’t have to begin and end with cars, it could also cover trains, buses and bikes too.

Machine-to-Machine (M2M) connective technology is at the center of the new mobility revolution in the transportation industry. Wireless M2M Modules and MIMs (M2M optimized SIM cards) make these innovations possible by enabling connectivity. Other solutions including On Demand Connectivity (ODC), Advanced Over the Air (AOTA), and Near Field Communications (NFC) solutions provide added support, capabilities and remote provisioning. And new wireless technologies including next generation LTE and soon 5G are making connectivity faster and more affordable than ever.

Building a foundation of trust

These developments and new technologies are truly exciting and they open the door to a world of possibilities and benefits – expanded productivity, improved safety, time and cost savings, enriched services, new business opportunities plus overall conveniences that simplify our lives.

But there are challenges to overcome. If cars are connected, they will most certainly be hacked. While this is a hassle when it affects in-car entertainment, it could be life-threatening if a hacker gained control of the steering wheel or gas pedal. Wired magazine touched off a recent media storm by demonstrating the vulnerabilities of unsecured connected vehicles. Other high profile attacks followed giving people a newfound mix of respect, admiration and fear of hackers. They also have a deeper understanding that connected car security is a very serious concern. So serious, that it’s motivated newly proposed U.S. legislation to help curb the threat of car hacks with federal standards for digital security.

Before we hit the panic button, people, carmakers and transportation stakeholders needs to understand that many of the practices, technologies and skills that have been developed over decades and used successfully in banking, government and healthcare are also applicable to securing connected cars and transportation networks.

Security by design

As we stand at the tipping point of an age of new transportation paradigms, it has never been more important to carefully consider end-to-end digital security architecture at the very beginning of design projects.

The transportation industry and carmakers need to approach connectivity and security with the same intelligence as IT system integrators. Securing connected vehicles and Internet of Things (IoT) devices is very similar to IT security but with some added hurdles to cross. Just as one would never build a home without a foundation, connected devices, cars and things must begin with intelligent security architecture as the foundation of trust that underpins a secure, sustainable and successful ecosystem.

How do we build trust? We need to embed it in all elements of the ecosystem – the vehicle or device, the network (which may use a range of transmission technologies), the data itself, and the cloud platform. Strong security architecture is unique to each use case but the fundamentals of an effective approach are common to all:

1. Evaluate Risk
Know and understand all potential system vulnerabilities. An early comprehensive risk evaluation is critical to implement security architecture across the entire ecosystem.

2. Implement End-to-End Trust Points and Countermeasures
Follow market proven guiding principles when implementing trust points and countermeasure to mitigate threats:

  • Protect the device with tamper-proof hardware and software. For example, embedded Secure Elements are implemented to add a layer of physical and digital protection against intrusion and to store credentials and data in a dedicated, secure platform
  • Implement strong authentication, identification and encryption solutions to ensure only authorized users and applications are granted access to data and systems
  • Encrypt the operating software to protect against attack. Encrypted software is useless without the keys!
  • Securely manage encryption keys to protect data and access to connected systems

3. Manage Security Across the Lifecycle
Like laptops and PCs, connected car systems and IoT devices need to be protected from attack over the long life of cars and devices – that can be 10-15 years! Carmakers and developers need to design-in an interoperable, dedicated platform to deploy security updates and launch new applications over the air without impacting other embedded software.

In an age where everything is connected and where cyber attacks are inevitable, trust is essential. The key to trusting our connected transportation ecosystem is designing security architecture at the beginning of development projects and managing the entire trust ecosystem, from the edge to the core, protecting what matters, where it matters and when it matters.

Juan Carlos Lazcan is vice-president of M2M for Gemalto, North American.