The importance of identity in a connected car

Written by on April 22, 2016 in Guest Blog with 0 Comments

carAn increasingly diverse range of connected objects has joined the Internet of Things (IoT) in recent years. According to IDATE, 420 million drivers will generate a connectivity market amounting to €9 billion by 2020.

However, with cars increasingly becoming computing platforms rather than simply a means of travelling, they are also becoming more attractive targets for hackers. This is backed up by the FBI recently publishing an advisory on car hacking, naming connected cars as one of the biggest cyber-threats of tomorrow, says Simon Moffatt, director Advanced Customer Engineering, ForgeRock.

An accelerating sector, but…

Digital transformation is having a significant impact on all industry sectors, but nowhere more so than the automotive sector. Today’s motor companies are likely to look very different in ten years time as they continue evolving from manufacturers to complex service providers.

Why? Because having the ability to record and analyse all manner of data generated by a car (such as distance travelled, speed, fuel efficiency) means manufacturers can deliver more personalised driving experiences, whilst also collecting valuable product data.

There are an estimated 40-60 million connected cars throughout the world currently. Within the next five years, Gartner predicts this will increase to over 250 million. At present, the average security level within these vehicles is equivalent to that of IT systems and computers from the ’80s, with limited encryption, data protection and identity management.

Connected cars are vulnerable

More and more evidence is coming to light that demonstrates the vulnerability of connected cars. Just recently, Nissan was forced to suspend the functions of its smart car companion app after researchers found it could be used to access control systems in its electric cars.

Perhaps more notably, last year two security researchers were able to take control of a moving Jeep via its infotainment system. Once they had gained access, they were able to control the steering, transmission and even the brakes. This served as a stark warning to both car manufacturers and owners.

Identity in the driving seat

In terms of security, this relationship must be established, so that only the vehicle’s authenticated operator can control the various on-board connected devices. If a hacker tried to take control remotely, they would simply be blocked, as their identity wouldn’t be recognised. In order to do this, an effective identity management platform must be deployed that can link together all of the relevant identities in the correct context. Identity is becoming a critical element in the connected car journey; the identity of the user, of the car, its connectivity system, and that of the smart devices that connect with the vehicle. The problem is that there is currently no connection between the identity of the driver and the identities of the smart devices within the car.

Of course, a vehicle does not have to be dedicated exclusively to one person. The identity of a vehicle or device can be linked to numerous individuals interacting with it. For example, a family car’s identity could be linked to the identities of both the driving members of the family and that of the younger, non-driving members. In this case, the kids would have access to the on-board entertainment system, but no access to any of the driving controls.

The multi-layered security solution

In the future, multi-layered security approaches will almost certainly be used to protect connected cars. Indeed, various physical authentication methods such as fingerprint, voice and facial recognition are already being tested.

These would work in tandem with on-board identity management systems to increase the security of the vehicle. Manufacturers will surely continue to surprise us with more state-of-the-art features, but the end goal remains the same; protecting the legitimate owner and occupants of the vehicle.

For automotive companies, the connected car is both an exciting and a risky prospect. Consumers want to trust the technology before they put their lives in the hands of the manufacturers.

Clearly, the connected car has a long way to go – cases such as Jeep and Nissan haven’t done the industry any favours. And yet, the connected car undoubtedly represents the future of the industry, so the sooner a more robust approach to identity is adopted, the sooner we will see consumer trust increase.

This article first appeared on IoTNow and is reproduced with kind permission.

Tags: ,

About the Author

About the Author: Simon is a technology leader with a strong focus on technical to business translation, industry evangelism and solution design. He has been working in the technology areas of identity and access management, the identity of things and devices, consumer identity management and digital transformation for nearly 15 years. For the last 8 years he has been working for venture capitalist and privately backed US start-ups, helping to develop new business within EMEA. .


If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: