With vehicles becoming more connected and their systems relying more on complex networked information, protecting the information is a priority task.
Think of information as all the bits and pieces that are gathered about something or someone. In a vehicle, information covers the details of the user, the information exchanged between electronic systems, and, even the software that is stored to make the systems work. Cybersecurity simply means that the information is protected against criminal or unauthorized use and/or that measures are taken to achieve this.
When we analyze cybersecurity, the first step is to look into the C-I-A triad, which is a well-known model for cybersecurity development. C-I-A stands for Confidentiality, Integrity and Availability – these security concepts help to guide cybersecurity policies. Automotive systems and related infrastructure must be protected against deliberate or accidental compromise of confidentiality, integrity or availability of the information that they store, process and communicate without hindering safety and functionality. It is important to understand each of these concepts because all risks, threats and vulnerabilities are measured for their potential capability to compromise one or all of these principles.
- Confidentiality ensures that data exchanged is not accessible to unauthorized users. The users could be applications, processes, other systems and/or humans. When designing a system, adequate control mechanisms to enforce confidentiality should be in place, as well as policies that dictate what authorized users can and cannot do with the data. The more sensitive the data, the higher the level of confidentiality. Therefore, all sensitive data should always be controlled and monitored.To maintain confidentiality in automotive systems, data needs to be protected inside and outside the vehicle, while it is stored (data at rest), while it is transmitted (data in motion), and while it is being processed (data in use). Memory protection can be applied to data in use. Cryptography is excellent for protecting the confidentiality of data at rest and data in motion, but keep in mind that it imposes computational complexity and increases latency, so it should be used with caution in time-sensitive systems.
- Integrity is the ability to ensure that a system and its data has not suffered unauthorized modification. Integrity protection protects not only data, but also operating systems, applications and hardware from being altered by unauthorized individuals. In automotive systems, CRC is known to provide integrity protection against accidental or non-malicious errors; however, it is not suitable for protecting against intentional alteration of data. Hence, the sensitive data should include cryptographic checksums for verification of integrity. Moreover, mechanisms should be in place to detect when integrity has been violated and to restore any affected system or data back to their correct state.
- Availability guarantees that systems, applications and data are available to users when they need them. The most common attack that impacts availability is denial-of-service in which the attacker interrupts access to information, system, devices or other network resources. A denial-of-service in an internal vehicular network could result in an ECU not being able to access the information needed to operate and the ECU could become nonoperational or even worst it could bring the system to an unsafe state. To avoid availability problems, it is necessary to include redundancy paths and failover strategies in the design stage, as well as to include intrusion prevention systems that can monitor network traffic pattern, determine if there is an anomaly and block network traffic when needed.
The C-I-A triad is a very fundamental security model, but as with any model there is room for improvement; other attributes such as non-repudiation and authentication are important and needed to be considered too. But at least, ensuring that the three aspects of the C-I-A triad are covered is an important first step towards designing any secure system.