The automobile ecosystem is steadily transitioning into a full-stack realization of the service-based economy of CASE (Connected Autonomous Shared Mobility and Electrification). For each letter of the acronym, there is a concomitant widening and deepening threat surface, and cyber security is often an afterthought. Manufacturers and service organizations need end-to-end protection to respond to emerging cyber security challenges. At SecureThings, we have engineered our technology solutions around the entire automotive/transportation landscape and provide a stack that fulfills the ecosystem requirements. Our solutions can be deployed in part or whole, dependent on the needs of the customer. In the spectrum of offerings for our customers, we provide Device Level protection, Communications protection, Cloud Analytics, and Security Operations Center.
SecureThings Complete Security Suite consists of the following components:
SecureThings provides a real-time cyber security solution for connected vehicles. The multi-layered cyber security solution protects vehicles with solutions for telematics units, individual ECUs, and network monitoring/protection for the various in-vehicle networks. Our protection solutions are based on both deterministic (signature-based) and machine learning (behavior-based) approach to help protect against known and unknown attacks. SecureThings knows that performance is vital for these systems, and works with customers to tailor solutions based on risk/performance tradeoffs
In a connected vehicle, external interfaces are the most exposed to attacks, and therefore SecureThings protection starts with these interfaces. An external interface is what connects the vehicle and its occupants to the outside world, for example, Bluetooth, GSM/Cellular, cameras and sensors, OBD-II, etc. Our solutions protect both remote and physical interfaces, with the ultimate goal of preventing malicious data and code from compromising the vehicle. Our solution uses proven cyber security approaches to protect telematics and infotainment units from cyberattacks originating from both external and internal connections. Our solution monitors different types of communication protocols including Cellular communication, IP, Bluetooth, GPS, RF, CAN, and Ethernet. Our solution can operate in signature and behavior-based modes and can be configured for prevention and/or detection. Our behavior-based approach applies expert knowledge and machine learning to traffic to protect against threats. Some of the protections include:
The second layer of SecureThings solution protects device integrity and provides protection from memory-based attacks (e.g., buffer overflow attack, memory corruption). Our solution uses proven security technologies as well as novel algorithms based on expert system knowledge to help protect code and memory of devices. SecureThings can provide application protection built-in at compile time as well as runtime protections to detect and prevent malicious operations injected at runtime. Part of this protection includes learning the behavior of approved applications and then either alerting (conservative mode) or blocking (strict mode) when anomalous actions are detected. Coupled with our monitoring solutions this ECU protection allows the discovery of new attack patterns for analysis and inclusion in our static protection.
The third level of defense is an advanced intelligent in-vehicle network-based intrusion detection and prevention solution (IDPS) based on proven network security mechanisms adapted to vehicle networks. It uses different deterministic and machine learning techniques to monitor network traffic and uses this intelligence for real-time identification of malicious or anomalous activity. Again, our solution allows both the detection and/or prevention of attacks on the vehicle network. This solution is best deployed on a centralized gateway (similar to traditional network Firewall/IDS) to monitor the entire network, though it can also be deployed in a “host-based” manner on individual components. The solution works equally well in consumer vehicles as well as commercial vehicle networks. Some of the key features include:
SecureThings Threat Intelligence service gathers intelligence constantly and updates customers (OEMs, governments, fleet management providers, etc.) with specific actionable items. We gather intelligence from different sources – external Threat Intelligence Services, in-vehicle agents, SecureThings’s novel vehicle honeypots, and finally the continuous research done by SecureThings Research Lab. SecureThings cloud-based Threat Intelligence service helps to identify specific vulnerable vehicles within an entire fleet to take action. SecureThings Threat Intelligence service can also be integrated with the SecureThings Security Operations Center, where our analysts can analyze alerts and intelligence across the automotive spectrum.
The Analytics platform provides intelligent insights and trends by correlating the alert data generated from any vehicle equipped with the SecureThings agent. It performs alert aggregation and correlation to provide insights that can help understand attacker behavior and the weak links within the vehicle ecosystem. This is a cloud-based solution but can also be deployed in a Security Operations Center (SOC) for live monitoring and data correlation. Included with our platform is a dashboard that provides different at-a-glance views of the threat landscape across the fleet as well as the ability to drill-down to any specific vehicle.
Automotive Intelligence provides awareness and insights to the OEMs and suppliers to make a well-informed business decision to avoid costly vehicle recalls and can also help in identifying future architectural changes that can improve safety and security.
SecureThings in-vehicle network protection and monitoring can be configured to feed data into our own (or customer-specific) cloud-based platform to detect emerging network threats as well as provide new rulesets for vehicle protection. Our trusted mobility platform ensures that vehicle to cloud communication is protected from eavesdroppers or man-in-the-middle attacks using industry-standard cryptographic protection. Our cloud-based monitoring solution allows the following:
SecureThings Secure Over the Air Update architecture can help in minimizing any attack as well as providing a highly secure way to update the vehicle framework to clean the system. SecureThings can help customers protect their OTA infrastructure in multiple ways. First, the SecureThings OTA reference architecture captures best practices and common implementation vulnerabilities so we can identify issues with customer implementations. Secondly, the SecureThings OTA platform can be leveraged by customers to manage and coordinate software updates. Upon seeing even a single instance of an attack, the OTA platform can inform all the potentially impacted vehicles within the fleet to disable the attack chain path (as applicable) so that the cyber criminal cannot exploit the vulnerability (this use case requires the full SecureThings stack to be deployed on the fleet). A new updated firmware image can be created, and an OTA campaign can be deployed to update the vehicles. Once vehicles get an updated image to fix a particular exploit, the disabled feature can be enabled again. SecureThings OTA update solution provides a high level of security, potentially protecting from threats like attackers reversing and deploying malicious binaries or firmware images into a vehicle.