A new security architecture for networked embedded devices

July 06, 2017 // By Jan Tobias Mühlberg
Road vehicles today are typically managed by networks of control processors that interpret sensor readings and operate actuators to control the car’s behavior and safety. They intervene for braking, steering, light switching, actuate airbags, and optimize the powertrain operation. The crux is: all these networks are connected and open to the outside world, which renders them vulnerable to malicious interferences.

To establish an effective mitigation against such attacks, Imec has devised a new security architecture for networked embedded devices, called Sancus. It was carefully laid out to fit the usual automotive electronics environments, and is intended as a general solution to secure not just vehicles, be they smart or autonomous, but also for other critical infrastructures, such as medical equipment, smart buildings or power grids.

CAN: island of smart electronics

Complex industrial equipment is monitored and steered by networks of sensors, actuators and control processors that continuously exchange essential up-to-date messages. In automobiles this real-time interaction usually is organized via the CAN bus (Controller Area Network). The problem here is: CAN was laid out about 30 years ago as a closed network with no consideration of obvious access points for intruders. The CAN bus specs offer a convenient way to integrate the growing number of heterogeneous sensors and control processors, which send and receive reliable and timely messages without any central computer. Most important: CAN connects the rotation sensors in the wheels with the anti-lock braking system (ABS) and the drivetrain.

Design category: