We were very impressed by Autotalks’ experience and knowledge in security engineering. The close cooperation with Autotalks' security team was key to the success of the process.
Kfar Netter, Israel and Oldenburg, Germany (PRWEB) September 24, 2015
In several recent incidents, well covered by the media, it was demonstrated how simple it can be to hack and manipulate a vehicle from a remote location through an insecure wireless communication interface. In the era of V2X technology, new kinds of vehicular security challenges arise, and the approach to security must be adapted accordingly.
V2X technology allows for communication between vehicles and their surroundings (other vehicles, infrastructure, or pedestrians) with road safety as the key application. To realize the vision of V2X technology, vehicles must be able to trust messages from their surroundings. One essential element of a viable V2X security solution is secure signing. Message signature generation involves a private key that represents the identity of the message source. Exposure of this private key can be abused for injecting malicious messages into the vehicular V2X network. The use of Hardware Security Modules (HSMs) to protect sensitive key material has therefore been made mandatory by the V2X Protection Profile set as a target by the Car-to-Car Communication Consortium (C2C-CC).
Autotalks has developed a dedicated HSM firmware to address the rigorous secure signing requirements for V2X communication, while maintaining flexibility to implement the diverse security schemes that are required due to different security infrastructures, standards, regulations and future-proofing. Autotalks’ security approach is multi-layered, understanding that although physical security is important, it becomes meaningless if the firmware is insecure. This is why Autotalks selected OFFIS, Institute for Information Technology located in Oldenburg, Germany, to conduct an independent security analysis of its HSM API. The validated HSM is part of Autotalks' product offering, available today and deployment-ready.
The goal of OFFIS’ security review was to detect possible vulnerabilities to private key exposure attacks. To perform the analysis, OFFIS used its state-of-the-art security analysis framework. The framework supports extremely thorough formal analysis as well as systematic informal analysis of security APIs. Based on OFFIS’ latest research it also includes dedicated methods to tackle V2X APIs: such APIs are challenging to analyze since they must support various advanced cryptographic constructs. The research was carried out within the context of the project Critical Systems Engineering for Socio-Technical Systems (http://www.uni-oldenburg.de/en/cse).
The security review was conducted by PD Dr. Sibylle Fröschle, principal scientist at OFFIS, who leads the institute’s security research. Dr. Fröschle stated: "We were very impressed by Autotalks’ experience and knowledge in security engineering. The close cooperation with Autotalks' security team was key to the success of the process. For us this review was a perfect example of how practical engineering and fundamental research go hand in hand to ensure the security of commercial APIs. We are proud to be the first to tackle HSM security implementation towards mass V2X deployment."
Autotalks’ security team is led by Mr. Alex Reicher, software architect and security expert, who is helping to shape V2X security requirements within multiple industry and government entities. Mr. Reicher explained: "OFFIS’ recognized experience and competence in formal security analysis made our selection very simple. The thorough and deep review by OFFIS further raised the grade of our security implementation."
OFFIS – Institute for Information Technology, founded in 1991, is an application-oriented, international research and development institute for computer science based in Oldenburg, Germany. In an average of 70 ongoing projects OFFIS performs with its approximately 270 employees research and prototypical development work on the highest international level in its divisions of Energy, Health and Transportation. The Transportation division specializes in the design and analysis of safety critical systems.
For more information, visit http://www.offis.de/en/start.html or e-mail: info(at)offis(dot)de
About Autotalks Ltd.
Autotalks enables the V2X communication revolution by providing an automotive qualified chipset that supports all functions required from a V2X ECU. The unique technology of Autotalks addresses all key V2X challenges: communication reliability, security, positioning accuracy and vehicle installation. Autotalks’ ready solution is used in series production units reaching the market from 2015 on. Autotalks and STMicroelectronics have formed a strategic partnership for the V2X market, and are working to produce a mass market-optimized second-generation V2X chipset.
For more information, visit http://www.auto-talks.com or e-mail: info(at)auto-talks(dot)com