In 2010, American automakers introduced a new feature that allows owners to control the lock and start the engine through a smart phone at any corner of the globe. This connection function relies on telematics systems in cars, which are now standard on many models. Before the launch of this smart phone, a university research team released a research report that pointed out that by using the defects in the embedded system of the car, the key systems of the car (for example, brakes, engine throttle valves, etc.) are very Easy to be manipulated by malicious people.
These researchers have studied how to use 'fuzzy' technology to invade critical systems from low-security networks. During the car's driving, there was a brake failure and engine runaway, which showed that the attack did put the passenger in danger. Connecting a car to a WAN is the culprit of introducing sophisticated attackers. A flaw can make a long-range attacker threaten a long queue of vehicles.
The researchers did not tell us what we could do for the current embedded car safety. But as we will discuss later, we must make substantial reforms to automotive technology to better isolate network subsystems and life-critical security functions.
Current automotive electronics
The figure below shows some of the electronic systems inside a contemporary car.
Figure 1: Part of the electronic system inside a contemporary car.
High-end luxury cars contain up to 200 microprocessors in a total of 100 components or corresponding systems of electronic control units (ECUs). These ECUs are connected by a number of different types of networks, such as Controller Area Network (CAN), FlexRay, Local Interconnect Network (LIN), and System-to-Media Transfer (MOST). Automotive OEMs need to integrate ECU components and software from dozens of Tier 1 and Tier 2 suppliers. However, OEMs do not strictly control the development process of their suppliers.
So people will not be surprised if this situation cannot be sustained. OEMs will suffer from the 'barrel theory': as long as an ECU with serious reliability problems can cause delays in delivery or vehicle failure, thus crippling reputation.
Security threats and mitigation measures
Security threats to vehicles can be divided into three broad categories: local entities; remote; internal electronics. When these threats are added together, it often causes damage to the vehicle.
Local entity threat
An example of a local entity threat is to physically access the CAN network of the drive train and disrupt communication. This type of intrusive attack can easily damage the key functions of the car. However, a local attacker such as a dissatisfied mechanic can only damage a car and is therefore not enough to draw the attention of the design safety team. In addition, the complex electronic system of a car is difficult to really guard against physical attacks. So we usually only pray for such threats.
However, there is an exception here: a private key is stored somewhere inside one or more ECUs to create a protected channel and provide local data protection services. The image below shows some examples of long-range wireless connections used in next-generation cars.
Figure 2: Long-range wireless connections used in next-generation cars.
Car algorithms, multimedia content, and confidential data may all require data protection. Private key storage must be able to withstand aggressive intrusions and non-intrusive physical attacks, because even losing only one 'key' may allow an attacker to set up a connection to a remote infrastructure device, which can cause widespread damage there.
OEMs must be able to secure keys throughout the lifecycle—from key generation and embedding to the ECU, to the ECU for delivery and assembly into the car, and then to the car and finally running around the street. Professional embedded encryption companies such as Green Hills Software, Mocana and CerTIcom can help OEMs and their suppliers through guidance and supervision in this field.
Remote threat
The following is a typical attack method: hackers find the way to access internal electronic systems by detecting the car's long-range wireless interface to find network security protocols, network services, and soft ribs in applications. Unlike data centers, cars generally cannot have full IDS, IPS, firewalls, and UTM. The recent incidents of Invasion, Citigroup, Amazon, Google, and RSA have fully demonstrated that these defense mechanisms are ineffective in the face of sophisticated attackers.
In 2010, when Stuxnet (super factory virus) raged, General Keith Alexander, commander of the US Cyber ​​Warfare Command (CYBERCOM), the US Department of Defense, proposed to build its own isolated security network for important US infrastructure, separate from the Internet. Although this approach seems too harsh, it is actually the idea we need. For driving safety, the car's critical systems must be completely isolated from non-critical ECUs and networks.
Internal electronic threat
Although physical network isolation is the ideal solution, touch points are inevitable. For example, in some markets, car navigation systems must be turned off while driving, which means communication and sensing between systems with very different security standards. In addition, there is a strong trend in design integration in the industry—using more powerful multi-core microprocessors to implement different systems, thus turning many ECUs into virtual ECUs—which increases the risk of software-induced threats, such as Privilege escalaTIon caused by operating system defects, bypass attacks on cryptosystems, and denial of service.
Therefore, for safety, the car's internal electronic architecture must be redesigned. The interface between critical and non-critical systems and networks must be demonstrated and exhaustively analyzed at the highest management level and verified against the highest level of security standards such as ISO 15408 Evaluation Security Level (EAL) 6+ to confirm that there are no defects. The High Reliability Software/Security Engineering Implementation Principles (PHASE) protocol supports significant simplification of complexity, software component architecture, minimum privilege principles, security software and system development processes. OEMs must learn and adopt independent expert security verification and Implemented throughout the supply chain.
Summary of this article
Automakers and Tier 1 suppliers may not have made great efforts to consider safety requirements when designing cars that are currently on the road, but it is clear that the situation is changing. Manufacturers should work closely with embedded security specialists as early as possible in the design and architecture of automotive electronics and networks, and must improve safety-oriented engineering and software security. Finally, the automotive industry urgently needs an independent standards organization to define and implement system-level safety certification programs for in-vehicle electronic devices.
Residual Current Circuit Breaker
RCCB named Residual Current Circuit Breaker. When there is human electricity shock or if the leakage current of the line exceeds the prescribed value, Residual current circuit breaker/RCCB(without over-current protection) will cut off the power rapidly to protect human safety and prevent the accident due to the current leakage. The rccb switch which made from Korlen electric can be used as infrequent changeover of the line in normal situation.
Korlen electric ---- the rccb switch manufacturer,produces types of Residual Current Circuit Breaker. It is applicable to industrial site, commercial site, tall building and civil house.
Residual Current Circuit Breaker,Ac Residual Current Circuit Breaker,Miniature Residual Current Circuit Breaker,Residual Current Electrical Circuit Breaker
Wenzhou Korlen Electric Appliances Co., Ltd. , https://www.korlen-electric.com