Cyber-Security Concept for a secure Onboard Telematics Platform
Connected vehicles offer the the possibility to exchange data with different actors, in particular automotive suppliers, e.g. for remote and predictive maintenance and repair. In order to allow communication with multiple partners, an Open Telematics Platform (OTP) needs to be implemented on vehicles, enabling multiple parties to access the vehicle data. The remote access to vehicle needed to enable such services yield various attack surfaces. For instance, an unauthenticated party may access private vehicle data (e.g. the driver’s route history). In order to address these attacks surfaces, the UNECE WP29 and the ISO/SAE 21434 require OEMs, suppliers and parties accessing the vehicle to establish security risk management supporting the vehicles security lifecycle on technical and organizational level. On a technical level, a set of cybersecurity measures must be implemented to restrict the vehicle access to authenticated parties and to manage this access for the whole lifecycle of the vehicle. On an organizational level, processes to assess risks and treat them according to their severity are required.
This document provides an overview of the open telematics platform and its use cases. In order to address identified threats and risks, current security trends of connected vehicle and relevant security regulations and standards to be considered in the automotive domain, a secure Onboard Telematics Platform is proposed. This document covers technical as well as organizational aspects concerning the definition and the implementation of a secure Onboard Telematics Platform. From a technical point of view, this document provides an overview of existing security solutions that could be used in the definition of the secure Onboard Telematics Platform. The proposed security measures are used to define a generic concept of a secure Onboard Telematics Platform. From an organizational point of view, this document provides a suggestion how to integrate into the vehicle’s security lifecycle and which interfaces are needed between OEMs and stakeholders in the Automotive Aftermarket domain. Both mandated, technical and organizational measures are necessary to provide secured access to vehicles. Standardizing the security of in-vehicle access enables the OTP to strengthen the security of connected vehicles whilst ensuring required access for legitimate and relevant stakeholders. Lastly, the document highlights examples of security solutions applied to some use cases of the open telematics platform.