Cybersecurity in Automotive: How to Protect Vehicle Network Systems?
In the final part of this series, I will describe security measures and solutions dedicated to the higher layers of the ISO/OSI model that can effectively protect network communication in vehicles.
Our expert, Krzysztof Labuda, a Certified Ethical Hacker, writes about solutions that support cybersecurity in the automotive industry.
DPI – A Comprehensive Solution for Network Security in Vehicles
One system that can meet this challenge is Deep Packet Inspection (DPI). DPI systems are well known from “regular networks” and, when combined with IDS/IPS, help secure the entire network stack, including layer 7 (data), in real time.
When considering this technology in the context of automotive applications, it is essential to remember that all data-transmitting elements in a car can generate up to 25 GB of data per hour (source: McKinsey). In the near future, this data volume is expected to increase by an order of magnitude. Such an enormous amount of data requires security systems with not only high computational power but also efficient analysis algorithms capable of real-time decryption and traffic classification.
4 Key Pillars of DPI in Automotive Communication Security
Advanced DPI systems dedicated to automotive applications are based on four main functionalities:
- Traffic Identification – analyzing protocols and transmitted data up to layer 7 of the ISO/OSI model.
- First Packet Classification – enables the identification of the first packet in a data flow using DNS buffering or specific elements of the QUIC protocol.
- Metadata Extraction – malicious actors can use metadata for unauthorized access or infrastructure enumeration.
- Encrypted Traffic Recognition and Processing – ensuring effective protection and control of data transmissions.
Updating DPI Libraries – The Key to Effective Protection
Only a regularly updated DPI signature library ensures precise traffic classification. The threat landscape changes drastically, even by the second, so update frequency directly impacts the effectiveness of network performance and security reports.
“Hardening” Automotive Systems – Additional Security Technologies
Automotive systems can also be “hardened” using technologies familiar from standard computers. Secure Boot and firmware verification before startup prevent compromised software from running by verifying its integrity.
Physical Security Measures – Eliminating Weak Points
In terms of physical security, it is crucial to ensure that debug/diagnostic ports are not accessible under any circumstances. Their presence provides cybercriminals with an excellent opportunity to conduct reconnaissance and launch an attack on the vehicle.
Are Automotive Systems Fully Secure? Conclusions and Future Challenges
I conclude this series with a somewhat pessimistic summary. It is important to acknowledge that in the automotive environment, a malicious actor has access to the system. Unfortunately, this means that under certain conditions, almost all security measures can eventually be bypassed, especially if the system undergoes thorough reverse engineering or sophisticated offensive techniques.
However, it is crucial to maximize the attacker’s ROI (Return on Investment) destruction while also complying with mandatory standards from UN R155 and R156 resolutions. Cybersecurity is a continuous race, and investing in the best solutions is essential to ensuring the safety of both vehicle users and manufacturers.
Author: Krzysztof Labuda,
Security Testing Consultant
A participant in the Certified Ethical Hacker CEH v11 program, which teaches the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals.
