Connected cars: The road to security and flexibility

Nov 25, 2017

Connected cars are driving the IoT revolution. BI Intelligence expects 381 million connected cars to be on the road by 2020, up from 36 million in 2015. Total revenues generated throughout the same period are estimated to reach $8.1 trillion.

With such opportunity, however, comes the prospect of unprecedented security and logistical challenges. This article explores the development of the connected car market alongside these emerging challenges, before introducing a technology which is already delivering enhanced security and significantly reduced complexity across the globe.  

5G as an enabler

While mainstream technology and applications can already connect a single vehicle to an external cloud or server to deliver in-car services, it will be the emergence of new enabling communication technologies such as 5G that drives the exponential growth of connected car use cases. Offering higher bandwidth, ultra-reliable networks, lower latency and much faster connection speeds, 5G will be influential in bringing autonomous driving – alongside other diverse connected car applications – to the mass market.

Autonomous driving uses cases create new communication requirements for vehicles. Since human lives are at risk, autonomous vehicles must be consistently aware of, and able to interact with, their surroundings. This form of technology is called V2X (Vehicle to Everything) and encompasses V2I (Vehicle-to-Infrastructure), V2V (Vehicle-to-Vehicle), V2P (Vehicle-to-Pedestrian) and V2N (Vehicle-to-Network) communications.

Security challenges

For all connected car use cases, both ultra-reliable network connectivity and security – encompassing authentication, data integrity/authenticity and privacy – are critical success factors. Diverse and constantly evolving security challenges must be fully considered.

The threat posed by remote hijacking, for example, is profound - not least because of the increasing use of vehicles as a threat actor in terrorist attacks. Consequently, the need to authenticate the identity of the user, the car’s own network connection and devices connecting with the car is, quite literally, a matter of life and death.

Similarly, the adverse implications of data tampering, manipulation and spoofing cannot be overstated, particularly in the context of automated mobility where the transmission and receipt of inaccurate data could result in collisions and fatalities. For the same reasons, it is imperative that the authenticity and integrity of the software and firmware within a connected car is not compromised, and that both can be updated regularly – sometimes even immediately - to counter attacks in a rapidly evolving threat landscape.

Consideration must also be given to protecting the sensitive data collected and communicated by connected cars against interception by malicious third parties. In addition, the growing consumption of premium content via in-car entertainment systems presents the need for conditional access policies and systems.  

Overcoming logistical complexities

Besides these and other security considerations, car manufacturers are also faced with significant logistical complexities presented by connected car use cases.  Of critical importance is continuous network coverage, which enables a vehicle to continually interact with its environment at all times. 

Remote management capabilities are also required. The average age of a car on the road is currently 11.6 years, during which it will have approximately four owners. The result is that beyond the initial personalisation process, when a car is first sold, various updates and upgrades to mobile network operator profiles, software, firmware and applications will be necessary during its lifespan. 

With the rise in sensitive use cases and the growing volume of data generated and transmitted by connected cars, car manufacturers will increasingly need to navigate a complex and evolving regulatory landscape. A successful connected car ecosystem will require security solutions which can provide the necessary certifications and assurances to ensure compliance with regulation covering aspects such as data protection, safety and payments. In parallel, solutions must ensure continued alignment and compliance with existing quality control standards such as ISO/TS 16949, which applies to the design, development, production, installation and servicing of automotive-related products.

Finally, and for obvious reasons, connected vehicles must withstand a range of challenging environmental factors and demonstrate resilience against high-speed, high-force collisions without the loss of critical functionality, such as emergency calling.

The eUICC – a proven solution

While UICCs, also known as SIMs, are most commonly associated with mobile phone connectivity, the embedded UICC (also known as the eUICC or eSIM) is already being deployed in – and successfully delivering security and logistical benefits to - connected car deployments in various global markets. Offering an advanced, dynamic security solution, the eUICC also brings logistical advantages associated with remote provisioning and management and a soldered form factor. 

An eUICC refers to an embedded Universal Integrated Circuit Card (UICC) which is capable of hosting multiple network connectivity profiles (as defined by GSMA, an industry association representing mobile network operators). It supports secure over-the-air (OTA) remote SIM provisioning as well as updates to the operating system (OS), keys, application and connectivity parameters, according to GSMA and GlobalPlatform (the standard for secure digital services and devices) specifications.

With 5G set to play a vital role in enabling future connected car use cases, the automotive industry is increasingly looking to leverage evolutions in cellular technology. The eUICC provides an instantly available, interoperable infrastructure which is already well established globally. It offers huge efficiencies in development and deployment costs and time to market.

The eUICC delivers the advanced security required by connected car deployments. It is built on the UICC platform, which is the most widely distributed and secure application delivery platform in the world (certifiable and specified by the GSMA). The eUICC is a tamperproof physical hardware SIM product with its own isolated processing power and data storage. The eUICC can either be soldered to the device or removed and it securely executes sensitive services.  Conforming to Common Criteria Evaluation Assurance Level (CC EAL) 4+, it offers the highest level of security assurance available. 

The inherent security of the eUICC is coupled with the significant advantages associated with OTA remote provisioning and management. As the mobile network operator profiles, software / firmware, and application updates and upgrades required over the course of a vehicle’s lifetime can be managed remotely, emerging security threats can be addressed in real-time, and significant logistical efficiencies can be found.

The growing role of the eUICC for connected cars

As car manufacturers and associated OEMs look to address the challenges posed by connected car use cases, the eUICC should be considered as a proven, highly secure solution which is available for immediate deployment. The eUICC is set to gain further prominence as the market continues to evolve, as from 2018 every new car in Europe will be connected to the mobile network via an eUICC to enable the mandatory eCall service.

For more detailed insight into the challenges facing the connected car market, and the value that eUICC technology can bring, download the SIMalliance eBook: ‘eUICC for: Connected cars’.

Read more: Autonomous vehicles: Three key use cases of advanced analytics shaping the industry

Other news