Secure Gateway

What Is a Secure Gateway?

A Secure Gateway keeps a car’s internal systems safe from external access. As vehicles become increasingly connected and software-defined, there is a greater risk of unauthorized access to critical data within internal systems. This access could be via a local diagnostic port such as onboard diagnostic (OBD) or remote wireless connectivity. Access via a Secure Gateway protects vehicle diagnostic and update functions by requiring registration and authorization from an approved user and device.

Benefits of a Secure Gateway?

It is possible for someone to hack into a vehicle’s Controller Area Network (CAN bus) and take control remotely, threatening ADAS and emerging autonomous driving capabilities. For example, a security compromise could create unsafe conditions such as automatic emergency braking that fails to operate or self-driving that makes unexpected maneuvers.

A Secure Gateway prevents this type of remote control by blocking non-certified tools from accessing the CAN bus and other connectivity points of the vehicle systems, significantly reducing the possibility of a successful cyberattack. 

In June 2020, regulations R155 and R156 from the United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations set requirements for automotive cybersecurity, making a Secure Gateway a regulatory consideration.

Examples of Secure Gateway Networks

More than 100 electronic control units (ECUs) in a modern vehicle can be connected via various sub-networks. A Secure Gateway interfaces with these to deliver telematics and connected services, e.g., via cloud-based platforms such as BlackBerry IVY® . A Secure Gateway can also provide an onboard diagnostic port interface. 

Buses Protected by Secure Gateways

CAN: a medium-speed (1-5Mbits/sec) interface for ECU-to-ECU communications, which forms the foundation of connectivity within a car

Local Interconnect Network (LIN): a low-speed (20Kbits/sec) serial interface with guaranteed latency for simple controls such as indicators, sunroof operation, and temperature sensors

FlexRay: a high-speed (10Mbits/sec) connection for real-time, safety-critical applications such as active suspension

Ethernet: a high-speed (100Mbits/sec to Gigabit) connection for bandwidth-hungry applications such as infotainment, ADAS, and over-the-air updates (interfacing with mobile data)

How a Secure Gateway Works

A Secure Gateway implementation involves a module in the vehicle that enforces registration and authentication through an approved device before access is granted to networked systems. Initially, Secure Gateways primarily addressed diagnostic tools that can update firmware and change ECU settings, such as calibrating ADAS, coding a new LED headlight, actuating vehicle functions, and adjusting system values.

A Secure Gateway functions similarly to a network firewall, protecting the internal vehicle network from external attack. External access to some functions requires authorization of both the user and their device. However, not all functions will be rendered inaccessible. For example, emissions data must remain accessible in European vehicles so that they can be assessed. “Right to repair” legislation can also prevent access from being purely proprietary to the vehicle manufacturer. Connected infotainment functions will have less strict security so drivers can add their streaming media accounts or deliver entertainment to the car from their smartphones.

As vehicle systems become more sophisticated and the type of data being exchanged with external networks increases, the functions of a Secure Gateway must evolve, too. For example, the QNX® Hypervisor is leveraging Cylance® AI and ML technologies alongside a range of protective measures to ensure the proactive safety of connected vehicle systems.

 

The BlackBerry IVY® platform leverages BlackBerry® QNX® , edge computing, and the cloud to support a future-proof digital ecosystem. It gives developers and automakers a secure, reliable way to share vehicle data, deliver new features and functionality, and fuel both present and future innovation. Backed by BlackBerry expertise, it’s compatible with most OS and cloud platforms, offering advanced personalization and access to our broad development community. 

Check Out Our Other Ultimate Guides

Structural Dependency
Learn about software-defined vehicles, including their benefits and architecture.
READ THE GUIDE
Structural Dependency
Covers topics such as embedded systems protection, security exploits and mitigation, and best practices
READ THE GUIDE
Structural Dependency
Offers key concepts and information on standards for safe system design
READ THE GUIDE
Structural Dependency
Defines autonomous systems and the various levels of autonomy
Read the Guide