From AI and deep learning to IoT and “connected” cars, digital transformation is making waves in the automotive industry. For every opportunity presented by these disruptive technology trends, a slew of challenges still exists for OEMs and automotive industry players. Blockchain overlay networks, one trend that has moved beyond the buzzword, as well as related blockchain technology, has the potential to revolutionize the automotive industry even as it bolsters strategic initiatives to better leverage AI, IoT, and other digital innovations that are shaping today’s connected car market.
As internet of things (IoT), electronic control units (ECUs) and wireless connectivity rapidly expand into the automotive market, software cost based recalls are growing rapidly from just over $2B a couple of years ago to over $35B by 2022 depending on whose research data you look at.
The fact is that the cost of software recalls can go well beyond the cost of repair, involving expensive litigation, brand damage and lost revenue. For instance, one global automotive OEM spent over $2B to compensate for lawyers, brand issues and a 3% drop in sales which led to a very expensive ad campaign to recover. In addition, the cost and hassle of incentivizing customers to visit a dealership for a fix costs over $100 per recall. In 2018, close to ten million cars in North America were recalled for software fixes. Clearly, Over the Air (OTA) updates are the way forward for many manufacturers looking to avoid these overhead costs.
Unfortunately, security (especially over the air) becomes a major concern as hackers can infiltrate the vehicle’s operating system due to multiple ingestion and extraction points as software moves from software supplier to OEM to the cloud (potentially multiple clouds) and then over the cellular network before being routed to the vehicles. Hardware vendors who provide the technology installed in these cars are working furiously to build security at the chip level. That said, security is quickly evolving into a chief concern for manufacturers as malicious code is continuously evolving.
Some OEMs currently perform OTA updates using VPN tunnels between the OEM server infrastructure and the vehicle itself. Although this approach is suitable to protect the transferred data, it also requires a dedicated point-to-point link between the OEM and the vehicle which can potentially generate privacy concerns for the driver. Other automotive security architecture uses certificates to establish trust within the network. However, these centralized approaches are not suitable for highly distributed scenarios encompassing millions of vehicles around the globe. The most prevalent issues we find with centralized approaches are ones of security, privacy, auditability, authenticity, tamper resistance, scale and immutability. As an alternative, blockchain presents a distributed solution to automotive security and privacy issues.
Blockchain, as an overlay technology, is incredibly well suited to address these issues and work in tandem with traditional security solutions to guarantee safe delivery of OTA solutions for both software (OTAS) and firmware (OTAF).
Exploring a blockchain-based automotive security architecture
A suitable automotive security architecture must ensure that a vehicle can receive the latest software for its ECU without exposing unrelated personal information about the vehicle and its users. Furthermore, the ideal architecture must protect the exchange of data at any time to:
i) Keep required (authorization) keys, mainly required to unlock the ECU, secret
ii) Maintain the confidentiality of the software image
iii) Ensure the integrity of the transferred data to avoid manipulation
iv) Validate that the update was complete and successful
These requirements are valid for the entire software distribution chain. First, the image is sent from the software provider to the OEM, second the software image is forwarded to concerned vehicles and local software update providers, and third the image is installed on the ECU (e.g., using a local wireless network in a service center).
Leveraging Blockchain Overlay Networks for the Automotive Industry
The key to leveraging blockchain overlay networks is to implement an overlay blockchain architecture sitting above the OTA delivery process.
In this example, during manufacturing, the OEM will store its public key (PK) on each assembled vehicle, and the vehicle will generate a secret key pair. The OEM’s PK and the key pair will both be securely stored on the WVI (wireless vehicle interface) in a tamper-resistant storage. During assembly, a ‘genesis transaction’ can be created as an initial transaction required to participate in the blockchain. This transaction, which is signed by the OEM, could include information about the vehicle type or, as an alternative, a dedicated token including the aforementioned data and the signature of the OEM may be created at this point in time. This transaction/token later facilitates a request for new software stored in the cloud.
A software distribution process is triggered by the software provider when a new image is created due to a necessary bug fix or a feature upgrade. Once the new software is developed, the software provider will create a store request including the signature of the software provider and send it to the cloud storage. The latter will verify the request, locally initialize the process, and send a store response including the signature of the storage and a file description required as reference for the data upload process back to the software provider. Alternatively, the software can be created by the OEM itself. In this case, the OEM would upload the software to the cloud. This process is similar to what was described above, except that the OEM will take over the tasks performed by the software provider. Since the data is stored in the cloud, the software provider creates an update transaction with information about the location of the image on the cloud storage, adds the PK of the OEM, signs the transaction with its private key, and finally broadcasts the transaction to the overlay network.
This transaction won’t be valid yet since the second signature is still missing. In the next step, the OEM receives the update transaction, verifies it, validates and if required, changes the software image stored on the cloud, and finally signs the update transaction. The transaction, which is now valid, is again broadcasted to the overlay and locally stored by cluster heads. The cluster heads then send the transaction to all vehicles in its cluster to inform them about the new software.
Finally, the valid transaction is received by the target vehicles. After validating the transaction and parsing the metadata, the vehicular interface will send a signed download request including the token signed by the OEM (e.g., stored on the wireless vehicle interface (WVI) when a vehicle was assembled) to the cloud to receive the new software version. The request will be validated, with the token used to verify that the vehicle is applicable for the new software, and sends the image to the vehicular interface, where the software is installed.
By putting the security process in the overlay blockchain architecture, the security, privacy, auditability, authenticity, tamper resistance, scale and immutability can be delivered. Blockchain overlay networks are incredibly well suited to address these issues and work in tandem with traditional security solutions to guarantee safe delivery of OTA for both software (OTAS) and firmware (OTAF). Ultimately, blockchain technology has the potential to save the automotive industry billions of dollars, improve the safety of drivers, and ultimately save lives.