[Overview]
Panasonic Automotive Systems Co., Ltd. (Representative Director, CEO: Masashi Nagayasu, Head office: Yokohama City, Kanagawa Prefecture) developed VERZEUSE™ for Runtime Integrity Checker, a cyber security robustness solution to ensure reliability and safety for end users by protecting vehicles from cyber attacks.
The risk of cyber attacks targeting automobiles is increasing every year alongside the development of automated driving technology, the progress of digitalization, and the increase in the number of vehicles connected to networks, which are known as connected cars. The automotive industry urgently needs to create systems to monitor and protect against cyber attacks in vehicles.
In this environment, security monitoring functions are being deployed to monitor cyber attacks in vehicles and to notify of the results. However, if a security monitoring function itself is tampered with or disabled by an attacker while-in operation, it will lose ability detect cyber attacks.
The newly developed cyber security robustness solution, VERZEUSE™ for Runtime Integrity Checker addresses these issues by improving security in two ways. Firstly, in addition to conventional integrity verification at program startup by secure boot, Integrity Monitoring Software continuously verifies that security monitoring functions are operating correctly during execution. Secondly, Integrity Monitoring Software is placed in a trusted area, and the security monitoring functions are verified from the trusted area in a multi-level configuration, improving the robustness of the security monitoring functions in the vehicle. This approach provides an advancement in vehicle safety protection against the cyber attack and will contribute to the development of a safe and secure mobility society. VERZEUSE™ for Runtime Integrity Checker has been highly evaluated by many car manufacturers as a unique solution, and has been adopted as an in-vehicle product ahead of other companies.
[Features]
This solution has the following three features.
- Adding Integrity Monitoring Software to verify operation of the security monitoring functions to improve the robustness of cyber security system.
- Placing Integrity Monitoring Software in a trusted area to establish a trust chain from the trusted area. Both Integrity Monitoring Software and the security monitoring functions reduce the risk of cyber attacks.
- Continuously verifying the proper functioning of the security system’s monitoring and notification functions using Integrity Monitoring Software, and notifying the results of these verifications outside the vehicle as a monitoring log, which enables early attack detection and reduces security risks.
[Sample configuration of in-vehicle system adopting VERZEUSE™ for Runtime Integrity Checker]
[Overview of technology]
(A) Multi-level configuration of monitoring by trust chain
The trust chain is established with a secure execution environment (trusted area) as the Root of Trust (RoT). Integrity Monitoring Software is implemented in the trusted area. Integrity Monitoring Software continuously verifies that the monitoring and notification functions of the security system in the normal execution environment are working properly. Integrity Monitoring Software running in the secure execution environment monitors the security monitoring function, which in turn monitors the monitoring target, forming a trust chain that repeatedly executes a series of tamper verifications on the running program memory. This approach addresses the limitation of existing secure boot technology, which only ensures software integrity at startup, but not the integrity of software during operation after startup.
(B) Heartbeat with digital signature
When Integrity Monitoring Software detects tampering or unauthorized termination of the security monitoring function, it sends the monitoring log to the Security Operation Center (SOC) outside the vehicle. With periodical signed heartbeat, attacks on Monitoring Log Notification Function can be detected due to heartbeat disruption. Verifying signed heartbeats takes measures against fake heartbeats, and ensures correct operation of security system which includes the security monitoring functions and Integrity Monitoring Software.
Panasonic Automotive Systems Co., Ltd. will market VERZEUSE™*1 globally as a brand of cyber security technologies and services that combat cyber attacks, which will increasingly become a social problem as connected cars with advanced driver assist and automated driving systems become more prevalent. At Panasonic Automotive Systems, engineers who worked together in the development of security technologies in various Panasonic Group products, including TVs, recorders, mobile phones, smartphones, payment terminals, and semiconductors, have turned their expertise toward developing cyber security technologies since 2014, drawing on their individual strengths to apply these technologies to automotive products. To benefit society with technologies underpinned by an abundance of knowledge and experiences, Panasonic Automotive Systems will further develop the branding of our security technologies. VERZEUSE™ for Runtime Integrity Checker ensures the safety and security of automated driving functions and network services, following the first release in the series, VERZEUSE™ for Virtualization Extension.
*1 VERZEUSE™ was coined by combining the Spanish word “ver” meaning “look” and the god Zeus. It is infused with the meaning of looking over the safety of society like the god of the sky from high above.
SOURCE: Panasonic
