PERFORMING SECURITY FUNCTIONS FOR AN IN-VEHICLE INTERNET OF THINGS (IOT) NETWORK

Abstract

In some implementations, a device of an Internet of Things (IoT) network may receive, from a host associated with the IoT network, information associated with the IoT network. The device may store, via a memory controller of the device, the information in a memory with an embedded hardware security module of the device, wherein the device serves as a root of trust for the host using the information stored in the memory. The device may receive, from the host, a request to perform a security function. The device may perform, based on the request, the security function using the information stored in the memory. The device may generate an alert based on an outcome of the security function. Numerous other implementations are described.

Description

Claims

1. A device of an in-vehicle Internet of Things (IoT) network, comprising: a memory with an embedded hardware security module;a memory controller; andone or more components configured to: receive, from a vehicle host associated with the in-vehicle IoT network, a registration configuration during an initial provisioning of the device that configures the device to serve as a root of trust for the vehicle host;receive, from the vehicle host, information associated with a node of the in-vehicle IoT network or a user of a vehicle associated with the in-vehicle IoT network;store, via the memory controller, the information in the memory with the embedded hardware security module, wherein the device serves as the root of trust for the vehicle host using the information stored in the memory; andperform a security function for the in-vehicle IoT network in conjunction with the vehicle host using the information stored in the memory.

2. The device of claim 1, wherein the one or more components are further configured to: receive the information associated with the node during the initial provisioning of the device, wherein the information indicates a true node identity associated with the node;receive, from the vehicle host, a request to perform the security function of a node verification, wherein the request indicates a candidate node identity associated with the node;determine, during the node verification, that a tampering with the node has occurred based on a comparison of the true node identity, as stored in the memory, with the candidate node identity indicated in the request; andgenerate a security breach flag to indicate the tampering with the node.

3. The device of claim 1, wherein the one or more components are further configured to: receive the information associated with the user of the vehicle as user data, wherein the user data indicates a true user credential associated with the user of the vehicle;receive, from the vehicle host, a request to perform the security function of a user authorization for the user of the vehicle, wherein the request indicates a candidate user credential associated with the user;determine, during the user authorization, that the user is not authenticated based on a comparison of the true user credential, as stored in the memory, with the candidate user credential indicated in the request; andgenerate an alert to indicate that the user is not authorized.

4. The device of claim 3, wherein the user authorization is a prerequisite for: a modification to the node of the in-vehicle IoT network, a new node inserted into the in-vehicle IoT network, or a replaced node of the in-vehicle IoT network.

5. The device of claim 4, wherein the modification to the node involves one or more of: an adjustment to one or more parameters associated with the node, a configuration change for the node, or a firmware change for the node.

6. The device of claim 1, wherein the one or more components are further configured to: store, via the memory controller, a unique device identification for the node, wherein the unique device identification is based on a maker code associated with the node, a model code associated with the node, and a serial number associated with the node; andprovide, to the vehicle host, a reference associated with the unique device identification for storage at the vehicle host and for an identification of the node.

7. The device of claim 1, wherein communications between the device and the vehicle host are based on a public key infrastructure framework.

8. The device of claim 1, wherein the vehicle host is directly accessible to the device, and wherein the node is not accessible to the device.

9. The device of claim 1, wherein the node is one of: a dumb node capable of performing a function;an intelligent node having a computation and decision-making capability;a sensor node capable of reporting sensory data on-demand or in accordance with a defined periodicity; ora control node capable of controlling the dumb node, the intelligent node, or the sensor node.

10. The device of claim 1, wherein the one or more components are further configured to: store the information in the memory based on an authenticated write command from the vehicle host; orretrieve the information in the memory based on an authenticated read command from the vehicle host.

11. The device of claim 1, wherein the one or more components are further configured to: store a security key for the vehicle host that enables secure communications between the vehicle host and a remote end point.

12. A method, comprising: receiving, at a device of an Internet of Things (IoT) network from a host associated with the IoT network, information associated with the IoT network;storing, via a memory controller of the device, the information in a memory with an embedded hardware security module of the device, wherein the device serves as a root of trust for the host using the information stored in the memory;receiving, from the host, a request to perform a security function;performing, based on the request, the security function using the information stored in the memory; andgenerating an alert based on an outcome of the security function.

13. The method of claim 12, wherein the information associated with the IoT network is: a true node identify associated with a node of the IoT network, or a true user credential of a user associated with the IoT network.

14. The method of claim 13, wherein: performing the security function comprises comparing a candidate node identify with the true node identify stored in the memory; andgenerating the alert comprises generating a first alert that indicates the candidate node identity does not correspond with the true node identity or a second alert that indicates the candidate node identity does correspond with the true node identity.

15. The method of claim 13, wherein: performing the security function comprises comparing a candidate user credential with the true user credential stored in the memory; andgenerating the alert comprises generating a first alert that indicates the candidate user credential does not correspond with the true user credential or a second alert that indicates the candidate user credential does correspond with the true user credential.

16. The method of claim 12, wherein the request to perform the security function is based on one of: a modification to a node of the IoT network, a replacement of the node of the IoT network, or a newly added node to the IoT network.

17. The method of claim 12, wherein receiving the information associated with the IoT network comprises receiving the information during an initial provisioning of the device.

18. The method of claim 12, wherein the IoT network is an in-vehicle IoT network.

19. A system of an Internet of Things (IoT) network, comprising: a vehicle host associated with the IoT network;a plurality of nodes in communication with the vehicle host; anda device in communication with the vehicle host, wherein the device includes a memory with an embedded hardware security module, and wherein the device comprises logic to: receive, from the vehicle host, information associated with the IoT network;store the information in the memory with the embedded hardware security module of the device; andperform a security function for the plurality of nodes in conjunction with the vehicle host using the information stored in the memory.

20. The system of claim 19, wherein the device is only accessible to the vehicle host and is not accessible to the plurality of nodes.

21. The system of claim 19, wherein the device comprises logic to: receive, from the vehicle host, a request to perform the security function; andgenerate an alert based on an outcome of the security function.

22. The system of claim 21, wherein the request to perform the security function is based on one of: a modification to a node of the IoT network, a replacement of the node of the IoT network, or a newly added node to the IoT network.

23. The system of claim 19, wherein a node of the plurality of nodes is one of: a dumb node capable of performing a function;an intelligent node having a computation and decision-making capability;a sensor node capable of reporting sensory data on-demand or in accordance with a defined periodicity; ora control node capable of controlling the dumb node, the intelligent node, or the sensor node.

24. The system of claim 19, wherein communications between the device and the vehicle host are based on a public key infrastructure framework.

25. The system of claim 19, wherein the IoT network is an in-vehicle IoT network.