- Unauthorized access
In a modern vehicle, the range of users is expanding. For example, users may include multiple individuals, legal entities, or services. KASG delineates the access levels of these users so that they only receive the appropriate permissions for their intended functions. For example, the driver can drive the vehicle, a passenger can adjust the interior temperature, and the remote diagnostics service can receive information from the vehicle systems.
- Targeted attacks on ECUs
Vulnerabilities in smart cars can be the target of cyberattacks. KASG detects malicious commands or messages circulating within the vehicle over the CAN bus, Ethernet bus, or external V2X data transfer channels, and notifies vehicle security operations center (VSOC) security officers of this malicious activity.
- Attacks via in-vehicle infotainment (IVI) systems
The widespread use of app stores for IVI results in a large amount of third-party code that is not always subject to proper security oversight. Attacks through this type of system can lead to the exposure of a user’s personal data or the theft of financial information. KASG restricts access to data exchanged between applications, validates the data, and loads trusted data into the IVI system.
- Uncontrolled data streams
The solution enables you to proactively block malicious data streams (e.g., via backdoors) according to the vehicle manufacturer’s defined specifications. The gateway essentially acts as a firewall between trusted and untrusted segments of a vehicle’s internal network.
- Malicious diagnostics
Attacks via diagnostic sessions enable hackers to take control of vehicle units by using commands or reflashing device firmware. KASG provides a defense-in-depth approach to minimize the risk of these threats by providing:
- single point of access for diagnostics;
- state-of-the-art authentication and authorization mechanisms for diagnostics access;
- delineation of diagnostics domains and access to them;
- UDS session traffic analysis;
- authentication of updates and configurations.
- Compromised over-the-air updates
If a faulty or compromised external component in an update is not detected in time, it can create risks for the vehicle. KASG verifies the chain of software update providers according to the latest requirements of the AUTOSAR Adaptive Platform, Uptane standard, and Cyber Immune update patterns for KasperskyOS.
- Communication disruptions
While in motion, a smart car is limited to using wireless data links to the infrastructure or to other vehicles. Interference and deliberate attacks (signal interception/substitution) in the absence of secure communication channels pose a threat to the proper operation of vehicle units. KASG takes control of the functions for protecting all external communications, including TCP/IP traffic and RPC services (SOME/IP, DDS, MQTT).
- Insecure data storage
Unauthorized access to data storage can result in compromised certificates in chains of trust, or leaked subscription payment tokens, for example. The KASG solution provides secure storage for this type of critical data.
Aclue Automotive Adaptive Platform
This is a specialized SDK platform that was developed based on the AUTOSAR Adaptive standard to create reliable applications for ECUs in smart cars. You can use the platform tools to build the following secure solutions:
- driver assistance systems (HAD/ADAS);
- telematic systems (TCU/V2X, gateways);
- high-performance controllers;
- other types of ECUs.
- Cyber Immunity and security
Even if a specific ECU component is operating abnormally or is attacked, KasperskyOS technologies will not allow the component to affect the way other systems perform their own critical functions. This protection is provided by a multi-layer security system that includes a microkernel operating system, KAAP in-platform security mechanisms, and functions for secure update downloads and VSOC integration.
- Integrated Approach
Software developed using the Kaspersky Automotive Adaptive Platform enables the creation of a complete ecosystem of applications for embedded automotive systems. This approach ensures the reliability and functionality of systems at all levels throughout the vehicle’s life cycle.
- Service-oriented architecture
When developing products, you do not need to consider all the details of a specific electronic unit. You can run Adaptive standard applications and/or migrate non-AUTOSAR services to the platform without compromising performance or security.
- Compatibility
KAAP-based applications can implement data exchange between a vehicle and the connected vehicle cloud, and between a vehicle and OTA services. The applications can be used in high-performance ECUs. The SDK includes a tool for automatic porting of AUTOSAR applications.
Materials
Materials
Automotive Adaptative Platform
Building reliable IT systems for smart vehicles
Automotive Secure Gateway
About the solution for connected vehicle manufacturers and ECU developers
Automotive Adaptative Platform
Building reliable IT systems for smart vehicles
Automotive Secure Gateway
About the solution for connected vehicle manufacturers and ECU developers
