Telematics Cybersecurity: Paving Way for Secure Data Transmission in Automobiles

Data is at the epicentre of the connected revolution transforming the automotive industry. Today, cars, buses, trucks, and other commercial vehicles are equipped with telematics systems, including IoT sensors for data collection. Data is transmitted to the cloud facility using WiFi cellular networks.

Whenever data is generated, concerns over it being safely transmitted follows suit. So how are automobile owners and fleet managers assured that the data generated in the telematics infrastructure is securely transferred? It is through Telematics Cybersecurity.

Through this article, we’ll unravel the objectives and terminologies linked to telematics cybersecurity. We will also analyse the mechanisms involved in securely transmitting data between a telematics device and its cloud components.

Objectives of Telematics Cybersecurity

The aim of any telematics cybersecurity solution is threefold:

• Establish a secure connection between the device and the cloud.
• Securely transfer data between the device and the cloud, protecting it from third parties and hackers who might attempt to intercept or manipulate it.
• Safely transmit data between different modules of the telematics device. This involves the concept of Secure DevOps, which is beyond the scope of this study.

This article will focus on the terminologies and mechanisms used to achieve the first two objectives.

Components of Telematics Cybersecurity

First, let’s look at the components of the telematics cloud that are critical to telematics cybersecurity from the perspective of this study.

Here are the components:

• Telematics Control Unit (TCU) – A device-side component which consists of multiple modules. Let’s call the individual modules as clients. With respect to this study there are 3 clients:
  • Public Key Infrastructure App – Generates and Manages Public key to initiate device on-boarding and authentication in the telematics data cloud.
  • Message Queuing Telemetry Transport(MQTT) App – Device side module that communicates with the telematics data cloud.
  • Over-The-Air (OTA) App – Device side module that communicates with the target repository for OTA update download.
• Cloud Components – The cloud-based components with respect to this study can be split into two parts:
  • Telematics Data Cloud (Directory Repository): Receives and processes incoming data from the MQTT app. Meta data for OTA bundle download is present here.
  • Target Repository: Remote storage unit that contains the files for OTA updates for all the components.

Important Terminologies in the Telematics Cybersecurity Glossary

Device Onboarding – The process of registering a new device with the server using one-way SSL authentication. This is a one-time process. During this process, key information such as certificates and public keys are shared.

• Keys – In cryptography, two types of keys are used to encrypt and decrypt the data.
  • Private Key – The data generating component (TCU) is the sole owner of the key. Data can be decrypted only using the private key.
  • Public Key – A string of characters in combination with numerical values are used to alter the data while transmitting it. These characters are called the public key.
• Encryption – It is the process of altering the data into an unrecognisable form using the public key. This altered form of text is called ciphertext. Data is converted to ciphertext using cybersecurity algorithms. The ciphertext is the encrypted data.
• Decryption – When the encrypted message (ciphertext) reaches its destination (device), the private key is used to decrypt the data. The process of decryption brings the data back to its original, understandable form.
• Encoding – Encoding is a keyless process. As the name suggests, the data is written in a coded manner. Using algorithms, certain data is hidden. This also results in the reduction in the size of the data. Data encoding is done to maintain its integrity.
• Decoding – The encoded data is then brought to its original form using the process of decoding.
• Distributed Environment – In a distributed environment, when a client requests for data, the cloud triggers a response to the client’s system. This response is used to access data from another cloud module. Basically, a distributed environment is one where multiple modules/components linked to one system are working on specific objectives.
• Secure Socket Layer (SSL) – How do devices recognize if they are communicating with the right cloud server? It is through SSL Authentication. SSL is a data authentication protocol that is used to establish a secure communication channel, to share encrypted data. In the SSL method, the sender and the receiver have authentic server certificates.

  There are two ways to establish communication channels using SSL; they are:

  • One-Way SSL Authentication: This authentication technique is used by the TCU device to verify the telematics data cloud’s server identity.
  • Two-Way SSL Authentication: This is regarded as the safest authentication technique for telematics cybersecurity. To establish a secure communication channel using this technique, both the sender and receiver must exchange the authentication certificates. Two-Way SSL Authentication is also called Mutual Authentication and Handshake Mechanism.
• MQTT: A data communication protocol used for transferring telematics data payload of any size, either compressed or uncompressed. This requires minimal resources and can work in resource-constrained environments. Using this protocol, the sender and receiver stay connected until it is manually disconnected.
• Hypertext Transfer Protocol (HTTP): The communication protocol that establishes a dedicated connection for a short period of time. A connection established using the HTTP protocol helps in the continuous transfer of data from the device to the cloud in a secure manner.
• Digital Signal Verification (DSV): The process of checking the integrity and making sure OTA bundle is not tampered with when it is transferred from target repository to the device.

Telematics Cybersecurity Mechanisms between TCU and Telematics Cloud

Now that we have defined the critical terminologies with respect to Telematics Cybersecurity, let’s see how the interaction between the TCU and the cloud component (telematics cloud) happens.

To begin communicating with the telematics cloud, the TCU first undergoes the process of device onboarding. During this process:

• The public key infrastructure app in the TCU sends in a request in combination with on-boarding information and public key to the telematics data cloud. The request is with respect to sending a certificate to uniquely authenticate the device.
• The telematics cloud encrypts a device-specific certificate using the public key provided by the device and sends it to the TCU.
• The TCU decrypts the certificate using the private key.

We can either follow one-way SSL or two-way SSL during device on-boarding process.

Data is securely transmitted between the Telematics Control Unit (TCU) and the telematics data cloud through a series of encryption and authentication steps.

• Authentication: Both the TCU and the Telematics Cloud authenticate each other using two-way SSL to ensure secure communication.
• Data Generation: The TCU generates the data to be sent.
• Encryption: The TCU encrypts the data using a shared public key before sending it to the telematics cloud.
• Data Transfer: The encrypted data is transmitted to the telematics cloud.
• Data Processing: The telematics cloud processes the received data.
• Response Encryption: The telematics cloud encrypts its response using encryption.
• Response Transfer: The encrypted response is sent back to the TCU.
• Decryption: The TCU decrypts the response to retrieve the original data.

This process ensures that data is securely exchanged and processed between the TCU and the telematics cloud. The communication protocol used may vary between MQTT and HTTP based on the information generated and shared.

Telematics Cybersecurity Ensures Secure OTA Update Downloads

The concept of transferring firmware or software updates to the TCU wirelessly is called OTA. Let’s understand how secure OTA updates happen.

First, the OTA module in the TCU i.e., OTA app receives the meta-data from the cloud’s telematic component i.e. Directory repository in an encoded format. The meta data includes information on the type of update, size, the module the update is addressed to, etc.

The transfer of meta data from the directory repository happens via the combination of MQTT protocol and mutual authentication.

Along with the meta data, the OTA app also receives a dynamic HTTP URL (uniform resource locator) that contains the address of the firmware update on the target repository. This HTTP URL is an example of session token. By dynamic, we mean that the URL will change based on the update bundle’s file location in the target repository and will have an expiry time attached.

Using the session-token the OTA app will download the OTA Bundle from Target Repository in a secured way and perform DSV process over the downloaded bundle.

What’s Next for Telematics Cybersecurity?

As the automotive industry advances, telematics cybersecurity must continuously evolve to address emerging threats.

Ongoing innovation in security protocols, such as encryption and secure OTA updates, is essential to protect data integrity and user trust.

Additionally, OEMs must navigate varying regional compliance requirements to ensure their systems meet diverse regulatory standards.

By staying on par with technological advancements and adhering to global compliance norms, OEMs can enhance the safety and reliability of telematics systems. This ensures robust protection for users and increased confidence in connected automotive technologies