Secure Software Updates for Vehicles: Living in the age of Science Fiction
The Internet is one of the most revolutionary technologies ever developed, producing a level of hyper-connectivity that has fundamentally changed the way we behave. Unfortunately, this connectivity is also the Internet’s greatest weakness. Trishank Karthik Kuppusamy, Chief Security Solutions Engineer at Datadog, Inc. talks us through the security landscape and outlines how new software developments can help to keep drivers safe on the roads.
The Power of the Internet
The Internet is as profound in impact today as Gutenberg’s printing press was in the 15th Century and has changed our lives in radical ways. The internet has allowed people from all over the world, no matter how far apart they may be physically, to communicate, create, and interact. Today, most people would say it is almost impossible to live without a smartphone connected to the Internet. With one touch of a button, we can chat with a loved one on the other side of the world, order a coffee to skip the queue, or read the entire library of humankind.
Taking this further, leveraging the power of the Internet also allows us to interact with and impact the economy. Take cryptocurrencies for example — we could always send and receive money, but now we can do that without needing centralized intermediaries. We can also support political revolutions unfolding on the other side of the world, and start a business on another continent. If alive today, our forebears might struggle to conceptualise such interconnectedness.
Unfortunately, this connectivity is both a blessing and a curse. While it breaks downs walls and geographic barriers, it's also the Internet’s greatest weakness.
Previously, it was impossible for people from one location to attack people in another without great expense. The cost of building weapons, transportation, and physical marshalling made it impractical. But, through the Internet, it is now possible to not only attack from a distance, but to do so anonymously, and with devastating effect. Lately, hardly a week goes by without hearing about a new security attack. What's more, the severity of these attacks will only get worse in the future as hackers perfect their art and broaden their targets. Previously, these attacks existed only in the realm of science fiction.
However, our increased hyper-connectivity now makes these scenarios possible in the real world. Take, for example, self-driving cars. Twenty, perhaps even ten years ago that was science fiction. Now it's a reality; we have them. So imagine if someone managed to hack into thousands of vehicles (not just the self-driving ones). It could cause unspeakable mayhem on the streets. One of the possible ways they could launch such an attack is via malicious software updates.
Securing Software Updates
A few years ago I decided to switch gears, leaving my industry position to pursue a PhD in Computer Science at NYU Tandon, with a focus on cybersecurity. While there, I was fortunate to work with Justin Cappos on two related projects: The Update Framework (TUF) and Uptane. I learned that software made by open source organizations and tech companies is often distributed insecurely. Usually, their distribution systems are set up in such a way that if the file server used to deliver the software is compromised, then attackers can easily tamper with software updates, and secretly upload malicious versions for install instead.
TUF and Uptane
TUF, a security system funded by the U.S. National Science Foundation, addresses the potential vulnerability of the software update process through a set of design principles that combine to deliver compromise-resilience. In a nutshell, compromise-resilience preserves the authenticity and integrity of software updates — even if attackers have partial control of the distribution system. Uptane, funded by the Department of Homeland Security, is a version of TUF designed for automobiles.
Uptane provides the automobile industry with the ability to automatically update software on vehicles without sacrificing security. Briefly put, Uptane uses the separation of concerns principle. It is designed so that two entirely different parties are responsible for any software update. It is similar to the two-man rule used to launch nuclear missiles. In this scenario, two different people with separate signing keys must come together to perform the action. The first party, automation running on the cloud, has the power to choose which software is installed on which vehicles. However, this automation is only able to choose software that the second party, authorised developers, has signed off on.
The State of Cybersecurity
There is no shortage of work for engineers in cybersecurity as we seek to stay ahead of the hackers. The impact, magnitude, and breadth of cyber attacks will only increase as we connect even more devices to the Internet. Additionally, devices and systems used for public benefit – medical equipment, transportation, and municipal power grids – are also targets. The silver lining in the cloud, as David Deutsch said, is that “Problems are inevitable. Problems are soluble.” With smart people like yourself, I am confident that we can boldly tackle these challenges while uniting people like never before.
The competition seeks innovative entries from all over the world to capture the wonders of engineeringRead more
The self-driving car is the most complex system challenge humanity has ever tried to solve. To succeed, we must leverage the power of community.Read more