A modern motor vehicle can have more than 100 electronic control units (ECUs). They optimize fuel consumption, inform the driver of road conditions, entertain passengers, control braking, and perform many other important functions. The software for these control units is becoming more and more sophisticated. The amount of code can exceed 100 million lines of code – more than in a modern operating system.

This enormous amount of code is bound to have some vulnerabilities, which means that every ECU and communication interface could become a target for hackers. Today, security issues in the automotive industry have become so important that their requirements and mandatory certifications are being discussed by international organizations. For example, the World Forum for Harmonization of Vehicle Regulations (WP.29) has developed a set of regulations governing cybersecurity in the automotive industry. The regulatory provisions of R.155 and R.156 have already become mandatory in some countries. These documents describe key requirements related to:

• cyber-risk management;
• Security by Design;
• threat detection and response (event monitoring);
• secure and reliable updates.

The ISO/SAE 21434 industry standard was also created to serve as a basis for the development of cybersecure systems for road vehicles.

Kaspersky Automotive Secure Gateway (KASG) is specialized software that is designed for high-performance controllers of connected vehicles and combines the functions of a telematic control unit (TCU) and a secure gateway. KASG provides secure and reliable communication between electronic units of the E/E architecture and between these units and the connected vehicle cloud and diagnostic devices. This software can be used to implement remote diagnostics, secure over-the-air ECU updates, and other telematic services. KASG includes the Kaspersky Automotive Adaptive Platform (KAAP), which allows you to design and develop inherently secure systems (Security by Design) that meet the requirements of cybersecurity regulators based on the international AUTOSAR Adaptive standard.

KASG fully complies with the new cybersecurity requirements of WP.29 because its products and components were designed and developed according to Secure by Design principles. It also meets the applicable functional safety requirements (ISO26262) and can be used to build systems with an automotive safety integrity level as high as ASIL-B.

The solution can be customized and adapted to the specific tasks of a customer. The standard set of KASG components and products includes:

• Kaspersky Automotive Adaptive Platform — a KasperskyOS-based SDK for creating ECU applications that are compatible with the AUTOSAR Adaptive Platform standard.
• Automotive Secure Broker Framework — a component that provides secure data exchange across all communication channels, including between ECUs in the automotive network and within the V2X infrastructure.
• OTA agent — a component that provides centralized over-the-air (OTA) updates to various ECUs in a vehicle.
• VSOC agent — a component that centrally collects security events and forwards them to vehicle security operations centers (VSOC).
• RVD agent — a component for remote vehicle diagnostics (RVD) and telemetry for various vehicle ECUs.

In a modern vehicle, the range of users is expanding. For example, users may include multiple individuals, legal entities, or services. KASG delineates the access levels of these users so that they only receive the appropriate permissions for their intended functions. For example, the driver can drive the vehicle, a passenger can adjust the interior temperature, and the remote diagnostics service can receive information from the vehicle systems.

Vulnerabilities in smart cars can be the target of cyberattacks. KASG detects malicious commands or messages circulating within the vehicle over the CAN bus, Ethernet bus, or external V2X data transfer channels, and notifies vehicle security operations center (VSOC) security officers of this malicious activity.

The widespread use of app stores for IVI results in a large amount of third-party code that is not always subject to proper security oversight. Attacks through this type of system can lead to the exposure of a user’s personal data or the theft of financial information. KASG restricts access to data exchanged between applications, validates the data, and loads trusted data into the IVI system.

The solution enables you to proactively block malicious data streams (e.g., via backdoors) according to the vehicle manufacturer’s defined specifications. The gateway essentially acts as a firewall between trusted and untrusted segments of a vehicle’s internal network.

Attacks via diagnostic sessions enable hackers to take control of vehicle units by using commands or reflashing device firmware. KASG provides a defense-in-depth approach to minimize the risk of these threats by providing:

• single point of access for diagnostics;
• state-of-the-art authentication and authorization mechanisms for diagnostics access;
• delineation of diagnostics domains and access to them;
• UDS session traffic analysis;
• authentication of updates and configurations.

If a faulty or compromised external component in an update is not detected in time, it can create risks for the vehicle. KASG verifies the chain of software update providers according to the latest requirements of the AUTOSAR Adaptive Platform, Uptane standard, and Cyber Immune update patterns for KasperskyOS.

While in motion, a smart car is limited to using wireless data links to the infrastructure or to other vehicles. Interference and deliberate attacks (signal interception/substitution) in the absence of secure communication channels pose a threat to the proper operation of vehicle units. KASG takes control of the functions for protecting all external communications, including TCP/IP traffic and RPC services (SOME/IP, DDS, MQTT).

Unauthorized access to data storage can result in compromised certificates in chains of trust, or leaked subscription payment tokens, for example. The KASG solution provides secure storage for this type of critical data.

Even if a specific ECU component is operating abnormally or is attacked, KasperskyOS technologies will not allow the component to affect the way other systems perform their own critical functions. This protection is provided by a multi-layer security system that includes a microkernel operating system, KAAP in-platform security mechanisms, and functions for secure update downloads and VSOC integration.

Software developed using the Kaspersky Automotive Adaptive Platform enables the creation of a complete ecosystem of applications for embedded automotive systems. This approach ensures the reliability and functionality of systems at all levels throughout the vehicle’s life cycle.

When developing products, you do not need to consider all the details of a specific electronic unit. You can run Adaptive standard applications and/or migrate non-AUTOSAR services to the platform without compromising performance or security.

KAAP-based applications can implement data exchange between a vehicle and the connected vehicle cloud, and between a vehicle and OTA services. The applications can be used in high-performance ECUs. The SDK includes a tool for automatic porting of AUTOSAR applications.

Protecting the internet of things at the Cyber Immune gateway level

Functional thin client infrastructure with Cyber Immunity

Aclue's approach to developing Secure by Design IT systems