guardknox’s methodology

Communication Lockdown™

is the safest automotive security method.

 

This unique approach to vehicle hacking protection is successfully deployed for use in Israel’s F-35I and F-16I fighter jets, as well as the Iron Dome and the Arrow III missile defense systems. Now, we have adapted this same approach to security for the automotive industry.

The goal of the Communication Lockdown™ approach to automotive cyber security is to eliminate risks to the safety and security of the vehicle. This goal is achieved by enforcing a formally verified and deterministic configuration of communication among the various networks of the vehicle.

Legend for the SNO™ family of products to improve automotive security in intelligent vehicles and cars

Protecting the connected car of today and tomorrow

The modern connected vehicle has 5-10 different networks and between 100 to 150 ECU’s or automotive computers all communicating using various protocols. These networks inter-connect various sub-systems through a central gateway ECU. The automotive security challenge is to orchestrate network connectivity among the networks, as well as in-between the vehicle and the external environment in the most secure manner possible in order to ensure the safety of the vehicle as a whole and prevent vehicle hacking or tempering.

methodology

A modern vehicle is based on well-structured communication between ECUs. For example, the infotainment system of the vehicle should never be allowed to communicate with the brakes. This is also what enables the safety certification of critical systems. Such certifications rely on verifying structured communication through ECUs.

Our Approach

The Communication Lockdown™ methodology presents an innovative approach to automotive security. The Lockdown methodology enforces the allowed “legal” communication, while being completely agnostic to attacks. The core functionality is deterministic, thus preventing any possibility of attacks causing changes in functionality.

Our approach to vehicle cybersecurity is to provide a centralized solution which locks down all internal network communication. It also includes a local solution to protect single ECUs. The single ECU protection is provided through a simple ‘plug-in’ device that connects to ECU’s that have external connectivity. This way, all external network communication is ‘locked down’. Such implementations lead to consolidation, lower complexity, easier certification and overall cost reduction. GuardKnox Technology and software stack can be implemented in various hardware architectures, and therefore eases the integration process to existing automotive computers.

Integrating
Communication Lockdown™

In order to integrate the GuardKnox Solutions into a vehicle, two readily available documents are used:

  1. Communication Matrix
  2. ECU Specifications

Using automatic tools to create layered protection, a fully deterministic, yet updateable mathematical model that can be formally verified is generated.

This model includes a state machine, that enforces predetermined states, with a dedicated ruleset generation tool developed by GuardKnox.

  • No further integration work is needed
  • No coordination and testing needed with various ECU providers
  • No 3rd party integration
  • 3rd party source code not required!

3 Levels of message qualification

The Communication Lockdown™ framework is based on the communication specifications of the vehicle.

When a message is sent to the vehicle, the SNO™ verifies it on 3 different levels:

How is Communication Lockdown™ different?

  1. No false positives: The Communication Lockdown™ is not a ‘learning based’ mechanism, therefore there are no false positives!
  2. Fully deterministic: No statistical mechanisms nor need for heuristics, Communication Lockdown™ is not reactionary!
  3. Stand-alone operation: No need for constant updates nor configurations
  4. No constant communication: There is no need for cloud connectivity nor on-going need for consistent updates
  5. Seamless integration: Easily incorporates into the vehicle without the need for third party integrations and fits the existing Automotive Tiered Value Chain
  6. Agnostic to both present and future attacks: The Communication Lockdown™ approach is not to look for attacks but to ensure the vehicle continues to function in the way it was designed
  7. Added functionality: The methodology introduces foundations for new revenue streams for OEMs and changes the way end-users interact with their vehicles

Our vehicles are the smallest unit in which our entire family is gathered. When it comes to safety and security of our vehicles there is absolutely no room for error. This is why the automotive industry needs to adopt a deterministic approach to vehicle cybersecurity such as offered by Communication Lockdown™.