Secure App Platform for Connected Vehicles
Enabling OEMs and developers to securely deliver and managed connected and autonomous vehicles solutions
Making connected and autonomous vehicles unreachable from the networks
The platform from NetFoundry, Capgemini and Arm gives developers, OEMs and solution providers a new art of the possible. The vehicles leverage any connectivity, but are not reachable from those networks. The ultimate in connected and autonomous vehicle security, and the only way to deliver and manage connected and autonomous vehicle applications in a secure by design manner.
Join the Community!Unreachable!?!
Connected vehicles have four times as many lines of code as commercial aircraft, and autonomous is on the horizon. This means that connected and autonomous vehicles are epicenters for new software innovation, as well as targets for cybersecurity attacks. Safety can't be compromised so we built a Secure by Design platform to make connected and autonomous vehicles unreachable from the networks.
Secure identity
To make the vehicles and applications unreachable from the networks, we start with secure identities. The Parsec Service serves as a programmable interface to the Root of Trust, securely managing the keys and cryptographic operations which provide the immutable identities needed.
Unreachable
The NetFoundry platform components do not permit externally-initiated sessions - vehicles are unreachable from the networks. Sessions initiating from the vehicle are permitted only when identified, authenticated and authorized. The sessions are isolated via app microsegmented overlays, e.g. OTA updates and CAN bus telemetry are isolated.
Secure cloud
The security is enforced end-to-end, across any set of edges and clouds. For example, for the first time, OEM, app developers and solution providers can now easily get private, programmable connections from AWS Greengrass to AWS IoT Core. The same security model applies to the use of edge compute, multicloud APIs and B2B services.
Any network
Applications running on vehicles need highly resilient network connectivity, including public LTE, 5G, Wi-Fi, satellite and private LTE). Because this solution decouples secure app delivery and management from the underlying networks, making the vehicles unreachable from those underlying networks, all network providers can be leveraged.
Confidential Computing + Confidential Connectivity
Arm's Confidential Computing uses trusted execution environments (TEE) to secure code and data by isolating it, and preventing unauthorized access or modification of applications. While data is being processed, it’s unknowable to the operating system, hypervisor, and other compute systems.
Confidential Connectivity provides identity-based, least privileged access and app level microsegmentation. This is powered by the NetFoundry Zero Trust Platform and Open Ziti SDKs. The vehicles are essentially unreachable to the networks, minimizing the surface area which cyberattacks normally leverage. Get details in the Security as Code whitepaper.
Zero Trust for Connected Vehicles Arrives!
This NetFoundry, Capgemini and Arm solution solves the key problems in securing in-vehicle systems and applications.
Vehicles use networks without being exposed to the networks! The solution abstracts out infrastructure complexity, and brings cloud-native agility to connected vehicles with a standards-based design and open source components. Developers, OEMs, and solution providers can focus on developing world class solutions, while the platform resolves the secure networking challenges. It is all delivered as a hardware-independent, programmable platform, for ultimate extensibility and flexibility.
Get your copy of the Capgemini whitepaper here.
This design in build on open source and open standards with a key technology being NetFoundry’s Zero Trust Secure Application Delivery Platform. The NetFoundry platform is powered by Open Ziti.
Ziti is a programmable Zero Trust networking developer platform. Build by developers for developers, Ziti provides the tools and community to embed networking into applications. Ziti's SDKs enable mobile (Android, iOS, Windows), cloud, edge and IoT apps embed zero trust, high performance, vendor-agnostic, application-specific networking with a few lines of code. Explore OpenZiti now, getting started is easy with community support and quick start guides.
