OnBoard Security Creates Standard for Secure In-Vehicle Network Access Control

Experts at OnBoard Security® with support from the Auto Care Association have created a standard to enable secure access to automotive internal networks, potentially eliminating the need for the vulnerable on-board diagnostics (OBD-II) port.

The new standard, ISO 21177, focuses on Intelligent Transport Systems (ITS) station security service requirements to ensure the authenticity of the source, confidentiality and integrity of application activities taking place between trusted devices. It is designed to achieve secure communication and bidirectional authenticity checks among peer application processes using role or attribute-based access control. This would offer secure access to the in-vehicle network, ensuring the access is being granted to authorized devices. Currently, access to the in-vehicle network is via the OBD-II port, which lacks any secure access control.

“ISO 21177 offers standardized, rigorous access control that lets device owners control exactly who gets access to their platform and how they get it,” explained Dr. William Whyte, Chief Technology Officer at OnBoard Security. “With less concern about intrusion by unauthorized parties, this access control should enable suppliers and OEMs to offer an even richer collection of services and interactions with the outside world.”

There is a growing need for this standard in many ITS applications and services; e.g. diagnostic equipment, automated driving and aftermarket services. Secure access control would also solve the increasingly complex, real-time exchange of time-critical information between ITS stations in close proximity. Users will be able to start and force end sessions, send and receive data, and much more.

“SVI’s internationally standardized design enables a smarter, more efficient global infrastructure where vehicles can ‘talk’ to infrastructure components like roads, traffic lights, emergency vehicles and more,” said Joe Register, Vice President, Emerging Technologies, Auto Care Association. “As a result of SVI’s standardized authentication and security specifications, both new and existing vehicles will be able to adapt to an evolving driving environment.”

The Auto Care Association will be debuting a functioning ISO 21177 application at AAPEX 2018 Oct. 30 – Nov. 1, 2018 in the SVI Booth 31021, located in the Technology of Tomorrow section of the Venetian Ballroom, the Venetian Hotel. Media can sign up to attend an exclusive briefing on SVI during the Auto Care Association press conference at AAPEX on Tuesday, Oct. 31 from 4-5 p.m.

The International Organization for Standardization (ISO) Committee Draft (CD) of ISO/CD 21177:2018(E) Intelligent Transport Systems — ITS-station Security Services for Secure Session Establishment and Authentication between Trusted Devices is currently being reviewed by Technical Committee 204, Working Group 18, and is expected to be approved by the end of 2018. The automobile industry can expect this standard to be fully implemented before the first half of 2019.