- November 2, 2017 /
- by Joel Catala
Securing the cars of tomorrow is a concern for car makers, Tier-1 suppliers, and consumers alike. As a matter of fact, a 2015 consumer survey showed that 62% of people questioned feared that cars of the future will be easily hacked. Lawmakers in the US have already passed bills to address and calm these fears, bringing regulatory requirements into the picture as well. To help our customers address these needs, Tuxera Flash File System now ships with automotive security features. But before we go deeper into the new security features, here’s a short overview of how Tuxera fits in to the connected car security framework.
To protect consumer safety and privacy, connected cars must be secure at all levels – from the hardware and software inside, to the connections to the network and cloud. Andy Birnie and Timo Van Roermund of NXP Semiconductors refer to this holistic perspective on automotive security as the 4-layer Security Framework. Their framework illustrates how security must be addressed at each level within the car including the interfaces, gateways, the network, and processing deep within the car.
As an embedded software and services provider, the majority of what we do at Tuxera is situated at the core of this framework, “secure processing.” Tuxera Flash File System and our other file system implementations are embedded into various processing units within the car to provide reliable data storage management.
New security features in Tuxera Flash File System
The latest update of Tuxera Flash File System brings security features that help Tier-1 suppliers and car makers meet regulatory requirements and gives peace of mind to consumers. These file system security features include:
- Verified boot support
- Metadata checksumming
- Secure delete
Here’s a high-level description of each of these security features and why they’re valuable at the file-system level.
Verified or secure boot support is handled through the device-mapper-verity (dm-verity) kernel feature. Initially developed by Google for Android, dm-verity uses a cryptographic hash tree, calculating an SHA256 hash for every data block. Dm-verity ensures that the file system has not changed states – or been hacked – from the last time the car was used.
Encryption is commonly used to prevent unintended access to information. With several people using the same car – think car sharing, lending, or rentals – securing information such as contacts, web browsing, or credit card information is essential.
Encryption as implemented in Tuxera Flash File System follows the existing encryption model used by the Linux file system ext4. Tuxera Flash File System uses AES256 industry standard encryption to encrypt file data, file names, and symlinks.
This security feature is primarily for protecting data integrity. Checksumming is used by the file system to detect if the metadata has been modified between operations. Modifications might mean the storage is corrupted and therefore the metadata is no longer where the file system expects to find it. But it could also imply a malicious attack, for example, where a hacker bypassed the file system and altered something straight on the raw disk. Tuxera Flash File System uses CRC32 algorithm for checksumming.
Quotas allow you to limit the amount of storage space available to a user or group. This is a beneficial deterrent for Distributed Denial of Service attacks (DDoS), for example. If hackers were to get access for one of the users in the system, an assigned quota prevents them for uploading large, malicious files to the car, or blocks the hacker from simply filling the whole system’s storage, rendering it unstable.
Going back to the case of car sharing or rentals discussed above – if a person enters a shared car, they need peace of mind that when they stop using the car, any data collected or exchanged about them will be completely removed. Contrary to popular belief, deleting a file does not remove all traces of the file entirely from the storage. The data remains until the blocks containing it are completely overwritten by other data. Until that overwrite happens, even a novice hacker could successfully recover the deleted files. Secure delete, however, ensures that the data in a deleted file cannot be recovered.
- Verified boot ensures the system has not been changed since the last start-up.
- Encryption guarantees that data is not misused and/or altered.
- Metadata checksumming detects data corruption on disk, during file copy, or possible malicious tampering.
- Quotas ensure that storage space is managed adequately, while also removing the risk of DDoS attacks.
- Finally, secure delete securely removes unneeded user data.
All the features detailed above – when used together – provide the secure processing needed in the cars of tomorrow. Along with these security features, we are continuously rolling out new functionality for Tuxera Flash File System to meet the growing demand for reliable, fail-safe, and secure edge storage solutions in the automotive market.
Car makers and Tier-1 suppliers, find out how Tuxera Flash File System makes connected cars secure down to the core.