Security Issues & Solution's

Identisafe offers the following Automotive Cyber Security solution.

1) Real-time In-Vehicle Protection. 2) Cloud-based IDS & Trusted Mobility. 3) Threat Intelligence & Cloud Analytics Platform. 4) Secure OTA. 5) Secure External Interfaces and Communication. 6) Secure In-Vehicle Network. 7) Secure ECUs. 8) Risk Assessment Services like Threat Intelligence & Vulnerability Analysis.


Prevent malicious inbound or outbound traffic. Traditional stateful packet filter rules. Protection based deep packet inspection. Secured Bluetooth framework. Network behavior learning-based real-time detection/prevention. Protection from diagnostic message-based attacks (CAN). Deep packet inspection-based detection with attack contextual info. Provide trusted vehicle data to use within the Fleet Management services. Trusted mobility platform (secured communication) between the fleet and backend system. Analytics platform to provide intelligent insights and trends. Cloud-based analytics solution that can be deployed in a Security Operations Center (SOC) for live monitoring and data correlation. Protection from memory-based attacks on ECU (e.g., buffer overflow attack, memory corruption)


Theft

While fire is normally an accidental event, theft is an intentional human act which requires motivation on the part of the criminal, the means to accomplish,an opportunity to act, and the assurance of escape, or to remain undetected.To counter the act of theft,these variables must be controlled, eliminated,or reversed.


When the bad guys see you have a Identisafe-09 security system in your car, they will move away to steal an easier target.


image

Amateur Thief
The traditional car thief is motivated by the prospect of a ride home, a joyride, or perhaps to use the car during the commission of a crime. When the casual thief needs a car, and the motivation and opportunity is there, he will steal any car, classic, specialty, or modern. To him a car is a car. He will totally destroy the car he steals, likely in resentment.


Professional Thief
The professional thief is motivated by financial gain. His cars are usually stolen on order, and may be sold whole, or parted-out. Why, and when this thief steals, is defined by the economics of the market that he serves, and the degree of opportunity that you provide him with.


Why buy a car security system?
Protecting yourself and your family, as well as your vehicle and your car stereo are all excellent reasons to invest in a car security system. Additionally, most insurance companies offer lowered rates for vehicles equipped with an security system - it'll pay for itself!
A good security system not only makes your car more difficult to steal, it also makes it easier to live with. The Identisafe-09 security system is convenient and easily lets you arm and disarm the alarm, switch on & off the ignition system, lock & unlock your doors, and even zap open your trunk.
When you order your Identisafe-09 security system, you can also count on the exclusive toll-free Customer Care Support we offer our customers to help them protect their car even better.


Why Fingerprint system Identisafe-09 is a better choice than any other form of car security system or RFID car security system.
Gone in 60 seconds--the high-tech version

Let's say you just bought a Mercedes S550, a state-of-the-art, high-tech vehicle with an antitheft keyless ignition system. After pulling into a Starbucks to celebrate with a grande latte and a scone while checking your messages on a BlackBerry, a man in a T-shirt and jeans with a laptop sits next to you and starts up a friendly conversation: "Is that the S550? How do you like it so far?" Eager to share, you converse for a few minutes, then the man thanks you and is gone. A moment later you look up to discover your new Mercedes is gone as well. Now, decrypting one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car--making the hack tempting for thieves. The owner of the code is now the true owner of the car. And while high-end, high-tech auto thefts like this are more common in Europe today, they will soon start happening in America. The sad thing is that manufacturers of keyless devices don't seem to care.

Now, one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car.

Antitheft systems get more sophisticated Wireless or contactless devices in cars are not new. Remote keyless entry systems, those black fobs we all have dangling next to our car keys, have been around for years. While still a few feet away from a car, the fobs can disengage the auto alarm and unlock the doors; they can even activate the car's panic alarm in an emergency. First introduced in the 1980s, modern remote keyless entry systems use a circuit board, a coded Radio-Frequency Identification (RFID) technology chip, a battery, and a small antenna; the latter two designed so that the fob can broadcast to a car while it's still several feet away. The RFID chip in the key fob contains a select set of codes designed to work with a given car. These codes are rolling 40-bit strings, meaning that with each use, the code changes slightly, creating about 1 trillion possible combinations in total. When you push the unlock button, the keyfob sends a 40-bit code along with an instruction to unlock the car doors; if the synced-up car receiver gets the 40-bit code it is expecting, the car performs the instruction. If not, car does not respond.
A second antitheft RFID use is for remote vehicle immobilizers. These are tiny chips embedded inside the plastic head of the ignition keys, and they are used in more than 150 million vehicles today. Improper use prevents the car's fuel pump from operating correctly. Unless the driver has the correct key chip installed, the car will run out of fuel a few blocks from the attempted theft. (That's why valet keys don't have the chips installed; valets need to drive the car only short distances.) One estimate suggests that since their introduction in the late 1990s, vehicle immobilizers have resulted in a 90 percent decrease in auto thefts nationwide.

Unfortunately, the companies making RFID systems for cars don't think there's a problem.

But can this RF system be defeated? Yes

Is Fingerprint security for cars the solution? Yes

Like vehicle immobilization, keyless ignition systems work only in the presence of the proper chip. Unlike remote keyless entry systems, keyless ignition systems are passive, don't require a battery, and have much shorter ranges (usually six feet or less); instead of sending a signal, the keyless ignition system relies on a signal emitted from the car itself. Keyless ignition systems allow you the convenience of starting your car with the touch of a button without removing the chip from your pocket or purse or backpack.

Given that the car is more or less broadcasting its code and looking for a response, it seems possible that a thief could try different codes and see what the responses are. Last fall the authors of a study from Johns Hopkins University and the security firm RSA used a laptop equipped with a microreader. They were able to capture the code sequence, decrypt it, then disengage the alarm and unlock and start a 2005 Ford Escape SUV without the key; they even provided an online video of their "car theft." But if you think that such a hack might occur only in a pristine academic environment, with the right equipment, you're wrong.

Real-world examples Meet Radko Soucek, a 32-year-old car thief from the Czech Republic. Using a laptop and a reader, he is alleged to have stolen several expensive cars in and around Prague. Soucek is not new to auto theft; he has been stealing cars since he was 11 years old, but he recently turned high-tech when he realized how easily it could be done. Ironically, what led to his downfall was his own laptop, which holds evidence of all his past encryption attempts. With a database of successful encryption strings already stored on his hard drive, he's now able to crack cars he's never seen before in a relatively short amount of time.
And Soucek isn't an isolated example. Recently, soccer player David Beckham had not one but two custom-designed BMW X5 SUVs stolen, the most recent theft occurred in Madrid, Spain. Police believe an auto theft gang using software instead of hardware pinched both of Beckham's BMWs.

Gone in... a few minutes? How a keyless car gets stolen isn't exactly a state secret; much of the required knowledge is Basic Encryption 101. The authors of the Johns Hopkins/RSA study needed only to capture two challenge-and-response pairs from their intended target before cracking the encryption. In an example from the paper, they wanted to see if they could swipe the passive code off the keyless ignition device itself. To do so, the authors simulated a car's ignition system (the RFID reader) on a laptop. By sitting close to someone with a keyless ignition device in their pocket, the authors were able to perform several scans in less than one second without the victim knowing. They then began decrypting the sampled challenge-response pairs. Using brute-force attack techniques, the researchers had the laptop try different combinations of symbols until they found combinations that matched. Once they had the matching codes, they could then predict the sequence and were soon able to gain entrance to the target car and start it.

In the case of David Beckham, police think that the criminals waited until he left his car, then proceeded to use a brute-force attack until the car was disarmed, unlocked, and stolen.


Hear no evil, speak no evil To remediate these hacks, the authors of the Johns Hopkins/RSA study suggest that the RFID industry move away from the relatively simple 40-bit encryption technology now in use and adopt a more established encryption standard such as the 128-bit Advanced Encryption Standard (AES). The longer the encryption code, the harder it is to crack. The authors do concede that this change would require a higher power consumption and therefore might be harder to implement, nor would it be backward compatible with all the 40-bit ignition systems already available. The authors also suggest that car owners wrap their keyless ignition fobs in tin foil when not in use to prevent active scanning attacks, and that automobile manufacturers place a protective cylinder around the ignition slot. This latter step would limit the RFID broadcast range and make it harder for someone outside the car to eavesdrop on the code sequence.
Unfortunately, the companies making RFID systems for cars don't think there's a problem. The 17th annual CardTechSecureTech conference took place this past week in San Francisco, and I had an opportunity to talk with a handful of RFID vendors; none wanted to be quoted nor would any talk about 128-bit AES encryption replacing the current 40-bit code anytime soon. Few were familiar with the Johns Hopkins/RSA study I cited, and even fewer knew about keyless ignition cars being stolen in Europe. Even Consumer Reports acknowledges that keyless ignition systems might not be secure for prime time, yet the RFID industry adamantly continues to whistle its happy little tune. Until changes are made in the keyless systems, my next car will definitely have an ignition key that can't be copied by a laptop.

Which one is better for car security? Biometrics or RFID Technology?