KEYFACTOR CONTROL

Achieve Automotive Cybersecurity Compliance

With the advancement of connectivity and IoT use cases inside smart vehicles, automotive cybersecurity is at risk of compromise.

Build secure smart vehicles with unique identities.

According to USwitch, it takes over 150 million lines of code to run a connected vehicle. Securing that code is a challenge, given the complexities of all the subsystems and ECUs contained within.

Keyfactor provides a foundation for unique device identity based on certificates and use of PKI (public key infrastructure). These robust security principles are recommended by experts in the automotive cybersecurity arena as proven methods for encrypting data and establishing secure connections within vehicles.

Risks in Automotive Cybersecurity

The financial and operational impacts of a compromised automotive IoT device impact multiple internal and external stakeholders. Take the right steps to optimize security in product design, manufacturing, operations, & maintenance of the devices.

Icon Icon

Revenue & Reputation Loss

If in-vehicle components are attacked or compromised by hackers, brand reputation and revenue suffer immediate impacts. and consumer confidence falls.

Icon Icon

Delayed Product Launches

Embedding security into each new product can be difficult. Tight timelines often lead to poor device identity and code signing implementations.

Icon Icon

Maintenance and Recalls

Managing vehicle recalls to fix security flaws can be messy. Expensive and manual processes for updating identities are complex and time-consuming.

THE CHALLENGE

Securing automobiles is hard.

Recent headlines have highlighted that threat hackers worming their way into automotive systems is real.

  • Zero-Trust Manufacturing: Complex automotive supply chains and remote manufacturing facilities make it difficult to provision identities and ensure trust.
  • Device Identities & Code Signing: Managing unique identities, encrypting device data, and establishing authentication is a multifaceted problem.
  • Inconsistent Connectivity: Managing offline devices and keeping security up to date over the product lifecycle is complex, especially with millions of vehicles in various states of service.
Automotive Challenges

Deliver Secure Connected Vehicles at Scale

Embed a secure identity foundation with your devices, along with a highly scalable platform that is purpose-built for manufacturers of connected vehicles.  Secure those identities and their underlying Root of Trust until the end of life.

Icon Icon

Comply with Regulations

Comply with emerging automotive cybersecurity regulations and standards requiring unique certificates & keys per IoT device.

Icon Icon

Increase Product Revenue

Deliver next-generation ECUs and systems with embedded security technology and state-of-the-art cybersecurity practices.

Icon Icon

Automate Identity Updates

Enable in-field updates to device credentials as encryption algorithms become outdated and need to be refreshed to maintain security.

Integrate With Your IoT Ecosystem
THE SOLUTION

Trusted Device Identity Issuance and Provisioning

Utilize PKI and Keyfactor Control for identity creation and automation.

  • Unique Identities & Device Provisioning: Create trusted identities for each endpoint within your vehicle or ECU to establish secure communications to the backend
  • On-Device Key Generation (ODKG): Create a private key on the IoT endpoint and store it securely in a TPM or secure element within the hardware.
  • Secure Boot: Utilize Code Signing and digital signature verification to prove the authenticity of firmware before booting the ECU or connected system components.
  • Identity Automation: Establish an automated, scalable process for updating identities and cryptography over time, even if vehicles have limited connectivity out in the field.

Managing 500 Million Connected Vehicles

Keyfactor performed a pilot designed to secure a large fleet of simulated connected vehicles. The premise was based on a catastrophic re-enrollment scenario where security was breached, which is a real-life threat in the automotive industry. The goal was to validate the ability to handle revocation and reissuance of 500 million certificates, and understand the time it would take to complete. The results were exceptional.

THE PROBLEM

Security complexities of connected vehicles

The promise of connected vehicles is tremendous, and so are the security measures required to reach that destination without winding up in a ditch, both literally and figuratively. Highly complex systems from multiple vendors, with legacy standards, equipment and infrastructure, all make very attractive targets for malicious actors.

THE SOLUTION

Scalable automotive cybersecurity

Keyfactor performed a pilot of securing a large fleet of simulated connected vehicles, based on a catastrophic re-enrollment scenario where the RoT was breached. The successful pilot demonstrated the ability to store, manage, and report on over 211 million certificates, and provide command-and-control instruction to 68 million simulated vehicle agents. Each vehicle’s agent polled for updates with a check-in rate of 800 per second, and pulled down the newly issued credentials and root.

AUTOMOTIVE IoT SECURITY – AT SCALE

When you’re the one running the line, there’s nothing more meaningful, or more challenging, than securing every product on a global scale. Whether it’s a controlled update, new certificate configuration, or an unexpected breach, it’s critical to stay on top of your entire device fleet down the street or around the world. Effective management of in-field updates can mean the difference between securing a satisfied customer, announcing a costly recall or embarking on a crisis management campaign. Including cybersecurity into device development should not be an afterthought – it should be rooted in the design.

BENEFITS

With Keyfactor Control You Get:

Secure Code Signing

Signing firmware and software updates are a critical best practice to ensure that the software installed in your devices is genuine.

Extended Identity Attributes

Bind custom attributes to device identities without having to modify, revoke or reissue any certificate.

Installation and Identity Provisioning

Installation of Keyfactor Control and provisioning of a secure and unique identity during the device activation process.

IoT Ecosystem Integration

APIs and plug-ins allow the IoT ecosystem to authenticate device identities, and enforce granular access control based on extended attributes.

Extensibility

Keyfactor Control empowers one-step automation of certificate and Root of Trust (RoT) management and is available in native-C and other embedded formats suitable for real-time operating systems.

Mass Scalability

Proven in environments of 500-million devices, running either on-premise, in the cloud, or in a custom architected hybrid mode.

Centralized Root of Trust Management

Certificates, key stores, and trust stores across all devices, applications, servers and services within the IoT ecosystem.

Private and Public Certificate Authority

Includes a fully managed private PKI, and supports both internal certificate authorities as well as public issuers such as Certicom, DigiCert, and Entrust.

SDK & API

Incorporate encryption, authentication, and secure code signing within your IoT devices and applications using Keyfactor Control SDKs and APIs.

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.