Millions of over-the-air (OTA) software updates are taking place in the Internet-of-Things (IoT) every day. This is set to skyrocket in the near future. The systems by which these updates take place, however, are centralised and work based on digital certificates. Digital certificates are digital documents that allow people, machines and organizations to prove they own a public key and thereby exchange data using public key infrastructure (PKI). Digital certificates come with several security risks though and the recent SunBurst attack - where the US treasury, Microsoft and others were hacked - is an example of what can happen when the digital certificates vulnerabilities are exploited.
To ensure that hackers cannot wreck havoc on autonomous vehicles, cybersecurity is to be included as an integral part of type approval from 2022 as per the United Nations World Forum for Harmonization of Vehicle Regulations (UNECE WP 29). In addition to establishing a legal framework for OTA updates, the UNECE regulations also require manufacturers to introduce a cybersecurity management system (CSMS) into their vehicles, and from 2024 on these regulations will apply to all new vehicle registrations.
asvin and peaq are combining their technology to address these challenges, asvin as the solution provider and peaq as the Distributed Ledger Technology (DLT) provider. As part of the partnership and proposed solution, asvin will run its Platform-as-Secure-Solution on peaq’s Distributed Ledger Technology to manage software product life cycles for networked devices used in the Internet of Things, beginning with vehicles. This will support supply chain tracing of software, enable secure OTA updates and detect IoT and IIoT security vulnerabilities in order to mitigate risk and ensure uninterrupted business processes. All of this will be verified by peaq’s Distributed Ledger Technology, creating a trusted basis for all stakeholders.
“At asvin we are convinced that decentralized technologies will enhance the resilience of cybersecurity in the Internet of Things. Distributed Ledgers are an important building block building defense technology layers for preventing malicious cyberattacks on the software supply chain in critical infrastructures and industries. Together with peaq we are looking forward to introducing strong decentralized solutions for cybersecurity in the automotive supply chain and car software lifecycle.”
Mirko Ross, CEO, asvin
Asvin and peaq are taking a two step approach. The first step will see the two companies offer cybersecurity management system (CSMS) update monitoring for entire vehicle software supply chains. This will make it possible to track and monitor the integrity and security status of software throughout the production process as well as its operation in vehicles. In the second step, the partners will implement a mechanism that stops supply chain attacks. This will be done by matching the state of the software that vehicles receive with the state of the software on peaq’s DLT.
“We are delighted to be working with a company as exciting and innovative in the field of IoT as asvin. We have known Mirko for some time and are very impressed by how much value asvin has created with its solution for its customers. This collaboration is another great example of how peaq’s DLT infrastructure can create real, tangible value for business. Together with asvin we are addressing an issue which is critical to solve if we are to ensure the future of mobility and the Internet of Things as a whole are secure and prosperous.’’
Leonard Dorlöchter, CPO, peaq
The two companies are working to prevent malicious and manipulated updates in accordance with the UNECE WP 29 as part of the first stage of the partnership. The first implementation areas have already entered the planning phase and are now addressing the challenge of complying with UNECE WP 29 guidelines of the United Nations Economic Commission for Europe for the automotive industry.
Founded in September 2018, Stuttgart-based asvin GmbH provides a platform-as-secure-solution based on Distributed Ledger Technology (DLT) for managing the software product life cycles associated with networked devices used in the Internet of Things. The applications and services support trace software, enable secure Over-the-Air updates and detect security vulnerabilities in IoT and IIoT to mitigate risk and ensure uninterrupted business processes. asvin was awarded the Best Cybersecurity Startup in Central Europe in 2020 by it-sa.