Panasonic and Trend Micro, announced a partnership to jointly develop cybersecurity solutions to detect and prevent cyber-attacks against against autonomous and connected cars. The partnership aims to achieve high security of autonomous and connected cars by developing a solution to detect and prevent intrusions into Electronic Control Units that control driving behavior. This includes acceleration, steering and braking, in-vehicle infotainment devices including automotive navigation systems, and telematics devices.
The risks of hackers taking control of steering and braking systems in connected cars are real. New security vulnerabilities are discovered every day and they pose a risk for remote exploitation. It is therefore more important than ever to not only implement security measures in each vehicle but also to analyse new attacks by constantly monitoring in-vehicle systems from the cloud and utilise the results to implement countermeasures against cyber-attacks to all vehicles.
This partnership will leverage Panasonic’s Control Area Network intrusion detection and prevention technology and Trend Micro IoT Security. Panasonic’s technology will be able to detect any unauthorised commands sent to Electronic Control Units that control driving operation, while Trend Micro IoT Security, which utilises Trend Micro’s global security intelligence and expertise such as malware analysis, will be implemented on in-vehicle infotainment devices such as automotive navigation systems to detect attacks that seek to exploit vulnerabilities through the Internet.
Through this partnership, events identified by both technologies will be collected and sent to an analysis platform in the cloud to detect and block suspicious traffic. The overall development will enable the provision of solution including in-vehicle and cloud systems to prevent cyber-attacks against autonomous and connected cars. Panasonic and Trend Micro will be working jointly on the development and aim to launch commercially after 2020.
Technical features
In-vehicle device-type host intrusion detection technology
This technology detects intrusions from the Internet, which is an early stage of the attacks, and can be installed and used with Internet connected devices. In addition to clearly identifying the attacks from the obtainable logs from an OS like Linux and other various security functions, the system can also detect the attacks by combining multiple behavioral information.
In-vehicle device-type CAN intrusion detection technology
This technology detects intrusions to CAN communication systems, which is a second stage of the attacks, and can be installed and used with CAN connected devices. There are two types of CAN monitoring usages, which consist of CAN filter that filter unauthorised CAN commands received by the installed ECU, and CAN monitoring that detects unauthorised commands by monitoring all CAN bus systems that are connected by the installed ECU.
Unauthorised commands are judged by taking into consideration various conditions of the vehicle, so it is possible to reduce the number of false positive under specific conditions. Detection of unauthorised commands can be made for each single command, resulting is real-time prevention after detection.
In-vehicle device-type Ethernet intrusion detection technology
This technology detects intrusions to Ethernet communication systems, which is a second stage of the attacks, and can be installed and used with Ethernet connected devices. There is an Ether filter that filters unauthorised Ether frames that are received or intercepted by the installed Ethernet Switch. The system consists of the overlook method, which can lightly determine unauthorised commands by analysing the frame headers and a detailed method, which has a high-load operation, but can accurately determine unauthorised commands. Flexible detection is possible by combining these methods.
Cloud-type vehicle intrusion detection technology
This system analyses a large amount of logs collected from in-vehicle devices of multiple vehicles through machine learning and can be used by placing it in the cloud. As for the usage, in-vehicle network model that has conducted prior learning, will automatically narrow down the logs that may become potential security risks. After that, the attack analysts will analyse only the selected logs. By linking with various in-vehicle device-type intrusion detection technologies, it is possible to grasp signs of attacks before they are identified as true security incidents.
Architecture to be jointly developed
- Electronic Control Unit: Computers that control actuators such as engine or steering
- In-vehicle infotainment: Entertainment and information applications available in vehicles
- Telematics: A service that sends, receives information to, from vehicles
- CAN intrusion detection and prevention technology: Technology that monitors Control Area Network, which allows communications between Electronic Control Units, to detect unauthorised commands and processes them as invalid commands
- Trend Micro IoT Security: A security solution for embedded devices connecting outside the vehicle with IP communications on general purpose operating systems such as Linux
