Communication Lockdown™

The safest automotive security method.

Our patented Communication Lockdown™ methodology for automotive cybersecurity eliminates risks to the safety and security of the vehicle and its passengers while maintaining flexibility and scalability. for the software-defined vehicle and next-gen E/E architectures.

This is achieved by enforcing a formally verified and deterministic configuration of communication among the various networks of the vehicle with a three-layer tiered approach. The Communication Lockdown™ Methodology can be implemented as a centralized solution across all internal network communication, as a distributed and coordinated solution across the network or even as a local solution to protect single ECUs. It leads to software consolidation, lower complexity, easier certification and overall cost reduction.

The GuardKnox founding team are veterans of the Israeli Air Force and bring decades of experience providing secure embedded platforms and solutions in advanced connected systems such as Iron Dome, Arrow and Israeli F-35 fighter jets.

Protecting the connected car of today and tomorrow

The modern software-defined vehicle must enable apps that control the customization of vehicle handling, powertrain performance, self-driving functionality, and more. With so many new and different applications, the E/E Architectures of today need to be revolutionized to provide the high-performance capabilities needed for higher levels of functionality.

We already see this happening in both new-age technology startups such as Tesla and Nio who are challenging traditional hardware-oriented vehicle designs, as well as established OEMs who are making the change to their existing foundational architectures. Software now defines the vehicle whereas the traditional hardware is becoming more of a commodity.

With the amount of software used in today’s vehicles, it is critical that the various systems are locked down to ensure that one ECU (i.e. the infotainment), cannot communicate maliciously with another (i.e. brakes). System-wide communication lockdown enables the safety certification of critical systems without minimizing the software capabilities needed.

Another crucial example for potential vehicle vulnerability is OTA updates. These updates are critical to the software-defined vehicle as they reduce downtime and physical trips to a garage for vehicle updates, but also potentially open the door for malicious actors to access the vehicle. The communication lockdown mechanism here must only allow fully verified updates to pass through.

So, communication lockdown for automotive cybersecurity must orchestrate network connectivity internally among the networks, as well as externally with the manufacturer in the most secure manner possible to prevent vehicle hacking or tempering.

methodology

Our Approach

The Communication Lockdown™ Methodology presents an innovative approach to automotive security. The Lockdown methodology enforces the allowed “legal” communication, while being completely agnostic to attacks. The core functionality is deterministic, thus preventing any possibility of attacks causing changes in functionality. Our approach to vehicle cybersecurity can be implemented as a centralized solution which locks down all internal network communication or it can be distributed and coordinated across the network acting in unison. It also may be implemented as a local solution to protect single ECUs. The single ECU protection is provided through a simple ‘plug-in’ device that connects to ECU’s that have external connectivity. This way, all external network communication is ‘locked down’.

Such implementations lead to consolidation, lower complexity, easier certification and overall cost reduction. GuardKnox Technology and software stack can be implemented in various hardware architectures, and therefore eases the integration process to existing automotive computers.

Integrating
Communication Lockdown™

In order to integrate Communication Lockdown™ into a vehicle, two readily available documents are used:

  1. Communication Matrix
  2. ECU Specifications

Using automatic tools to create layered protection, a fully deterministic, yet updateable mathematical model that can be formally verified is generated. This model includes a state machine that enforces predetermined states, with a dedicated ruleset generation tool developed by GuardKnox.

  • No further integration work is needed
  • No coordination and testing needed with various ECU providers
  • No 3rd party integration
  • 3rd party source code not required!

3 Levels of message qualification

The Communication Lockdown™ framework is based on the communication specifications of the vehicle. When a message is sent to the vehicle, it is verified on 3 different levels:

How is Communication Lockdown™ different?

  1. No false positives: The Communication Lockdown™ is not a ‘learning based’ mechanism, therefore there are no false positives!
  2. Fully deterministic: No statistical mechanisms nor need for heuristics, Communication Lockdown™ is not reactionary!
  3. Stand-alone operation: No need for constant updates, configurations or communication with the cloud.
  4. No constant communication: There is no need for cloud connectivity nor on-going need for consistent updates
  5. Seamless integration: Easily incorporates into the vehicle without the need for third party integrations, fitting the existing Automotive Tiered Value Chain.
  6. Flexible installation from as little as one ECU, to the entire communication network, depending on the manufacturer’s needs
  7. Agnostic to both present and future attacks: The Communication Lockdown™ approach does not look for specific attacks but ensures the vehicle continues to function in the way it was designed.
  8. Added functionality: The methodology introduces foundations for new revenue streams for OEMs and changes the way end-users interact with their vehicles.

Our vehicles are the smallest unit in which our entire family is gathered. When it comes to the safety and security of our vehicles there is absolutely no room for error. This is why the automotive industry needs to adopt a deterministic approach to vehicle cybersecurity by leading Cybertech Tier companies, such as Communication Lockdown™ by GuardKnox.

 

 

Download the Communication Lockdown™ Whitepaper