Closing connected car vulnerabilities quickly and reliably – via the cloud
When car manufacturers have to implement security updates or patches to connected cars, time is of the essence. Fluctuating connection speeds and network coverage of mobile networks aggravate the issue, but a cloud-based over the air (OTA) connected vehicle solution can provide the answer. With it, the delivery of critical updates can be accelerated while the data centre being used to deliver the update can be protected against DDoS attacks.
No matter how huge the benefits of connected cars, their connection to the Internet can make them vulnerable to hacking. The car industry has already learnt this lesson after recent incidents, and numerous news stories about students and IT experts gaining control over connected vehicles. Remotely honking horns, opening doors and sunroofs, switching off the engine or turning off the screens, even while driving, are just some examples of things that can be accomplished by exploiting communication weaknesses.
Once detected, these security vulnerabilities must be solved as soon as possible using software updates and patches provided by the car makers – without customers needing to visit a service centre or car dealer. In the case of electric vehicles the situation is made easier: In general, they are open for Wi-Fi and owners can use their private Wi-Fi to connect the car directly to the Internet. Another advantage of electric cars is that the period of time during which they are being charged is long enough to implement the critical security updates.
Conversely, for petrol and diesel cars the situation is quite different: these vehicles often connect only when the motor is switched on in order to prevent the battery from running down. Car owners also use their cars on week days mostly for short distances in the morning and evening, such as commuting from home to work. As a result, the window for updates is shorter and more challenging.
Internet gateways as "single points of failure"
Cars with gas or diesel engines, which are rarely able to use Wi-Fi, have to be updated via the cellular network – a method that can be prone to strong fluctuations in connection speed and network coverage. While cellular networks transport data using the Internet their radio cells are basically just acting as connectors to the cars. However, the radio cells themselves are not connected to the Internet. Instead, they connect to the core network of the provider’s cellular network. Here, all data is concentrated and exchanged with the Internet through a central gateway. This detour can delay the implementation of time-critical updates. Moreover, the gateway can be a single point of failure, which means in case of an overload, the update cannot be implemented in time, if at all.
Another risk of the gateway approach is that it could become a target of DDoS attacks. Cyber criminals can attempt to overload the gateway deliberately and stop it from delivering security updates, or, in addition to this, the car makers’ data centre itself - from where the updates are delivered - can also become a victim of DDoS attacks.
A cloud-based solution
A cloud-based OTA connected vehicle solution can resolve these challenges. It uses a global distributed network of servers, which would help to improve the interaction between the static Internet and the Mobile Network by improving download performance, reducing download aborts, increasing availability and enhancing stability and security.
To achieve this, OTA makes use of Network Optimization Technologies including TCP Optimisation and Edge Caching. Edge Caching means that clones of static web content are saved on several servers on the periphery of the Internet. If a user is asking for content, a close edge server will respond rather than a distant central server.
If a time-critical security update is done using WiFi, the car will connect to a server as close as possible, reducing the distance between server and car. But this method can also accelerate the update through the cellular network, since it uses edge servers that are located close to or even within the provider’s mobile gateway.
The Transmission Control Protocol (TCP) is, like the Internet Protocol (IP), one of the central transmission protocols of the Internet. While exchanging data between two terminal devices, the TCP is controlling the partition of the data into little packages at one end and the composition of the data at the other. These processes can be optimised with special TCP acceleration methods and adjusted efficiently to the different requirements and limitations of WiFi, 3G or LTE networks.
Flexible and fast reaction through cloud security
A cloud-based OTA connected vehicle solution can contribute to improved Internet security – for example, it can use its own capacity to mitigate DDoS attacks. With this in mind, inbound traffic can be redirected to special and highly scalable data centres – “scrubbing centres”, where malicious traffic is removed and legitimate traffic processed without delay. This way, the two critical bottlenecks in the supply chain of security updates – the gateways and the data centre – can be specifically protected against DDoS attacks.
With all these benefits, being cloud-based not only improves the delivery of security patches, it also results in the car being up-to-date and protected, which makes both the vehicle and the owner considerably less vulnerable to attack.