Client’s Story: automotive solution
As the ability of everyday objects to connect to the Internet and to send and receive data, IoT will get even bigger in coming years and so will its attendant risks especially for the automotive industry.
Solving real world problems
By 2020, Internet of Things (IoTs) devices are expected to explode. Figures from Gartner estimates that 5.5 million new things get connected every day while the BI Intelligence’s IoT Ecosystem Research Report puts it that there will be 34 billion devices connected to the internet by 2020 — IoT devices will account for 24 billion while traditional computing devices (e.g. smartphones, tablets, smartwatches, etc.) will be 10 billion.
However, while it is dubbed “the next Industrial Revolution” because of the way it will change the way people live, work, entertain and travel, as well as how governments and businesses interact with the world, there is an imminent downside to the spread of IoTs. It presents criminals with a great opportunity for holding connected devices to ransom and have serious consequences for their providers and users.
Some of its potential security risks to consumers include granting unauthorized access and misuse of their personal information, facilitating attacks on other connected systems and causing risks to personal safety as quite obvious in the case of some of the IoT devices particularly modern cars with internet connection as easy targets for cyberattacks.
About the Client
Infopulse, part of Nordic IT group EVRY A/S, is an international vendor of services in the areas of Software R&D, Application Management, IT Operations, and Information Security to SMEs and Fortune 100 companies across the globe. Founded in 1991, the company employs 1,400+ specialists in eight offices across Europe and the Middle East.
Infopulse is trusted by world leading brands: BICS, Bosch, British American Tobacco, Credit Agricole, ING Bank, Gorenje, METRO Cash & Carry, Mondelēz, OTP Bank, VimpelCom, Vodafone, and many others. Over the course of years, Infopulse successfully adopted and extensively provided R&D within Blockchain and other technologies, such as IoT, Big Data, AI, VR/AR for automotive, banking, finance, telecom, and other industries.
- payment-safe system for typical everyday scenarios: gas/electric station, service center, toll roads, fast food drive-in, etc.;
- management of different access-zones of a car;
- trustworthy feedbacks about POIs from clients (feedback is anonymous but checked by automotive Blockchain technology);
- safe and encrypted usage of other cars sensors information;
- organization of mesh-network between cars with the help of Blockchain.
REMME core uses well implemented X.509 certificates for standardized communication and interaction within the ecosystem.
Separate hardware crypto-module for encryption and key storage should be added to the car system, e.g. this module can be installed on a CAN bus.
- The system cannot be hacked or broken from outside: without the master key, rights cannot be obtained.
- The System does not overuse the Private Key to lower the risks. The Private Key is used only once, while signing the certificate, and is not transferred through the internet.
- The System is autonomous. No need for constant access to a server to check if a key has rights — all required information is stored encrypted in the car module.
- Management of certificates is possible from any point of the mesh network. This allows the car owner to securely control the car from any place.
We propose to use Rootstock* system (open-source) as a basis for the Client’s Blockchain system.
Naturally, it should be modified to suit the needs of automotive project:
- Relying on federative nodes (those under control of Company).
- Federative nodes should have master power in the system.
- No need for mining processes — trust and protection of the system is given through the reliability of Company and its Blockchain solution itself.
- Using multi signature of >75% federative nodes to create a checkpoint — the system is truly distributed.
- Every block is signed by a predefined minimal number of federative nodes; Company controls the system and shows transparency of transactions
- Number of side chains can be used to distribute different types of information in the system with its counterparts
*Solution can be also implemented with Hyperledger (Linux Foundation) and any cloud provider can be used to set up and run the nodes.
A Federated Node is a self-contained system that runs the entire Automotive Blockchain software stack via Docker.
The technology allows the car owner to securely control the car from anywhere through a certificate in a hardware key which could be used to create mesh connection to control the car remotely through SSL/TLS in the event of a zero-day exploits.
“REMME allows us to build sophisticated systems for car-to-car mesh networks, owner identification, rights management while providing outstanding security against the remote control of the vehicle,” says Infopulse VP of Marketing, Jan Keil.