Securing Hyper-Personalization in IoT: Building a Safe and Secure Platform for In-Vehicle Personalized Experiences
Background:
Dimiour played a crucial role in helping our client, a renowned automotive industry Leader, build a safe and secure platform for in-vehicle personalized and connected experiences, focusing on user privacy and data security.
Challenges:
Our client faced a multitude set of challenges in implementing personalized in-vehicle experiences. These challenges include:
1. Knowledge of user and users’ PII Information:
To provide personalized experiences, the system needs access to user data and PII (Personally Identifiable Information) such as name, address, phone number, etc. However, this creates a challenge in terms of privacy and data security.
2. Establishing trust between vehicle, user’s smartphone, and cloud:
Personalized in-vehicle experiences require integrating different systems, including the vehicle, the user’s smartphone, and cloud services. Establishing trust between these systems is crucial to ensure user data’s security and privacy.
3. Unavailability of cloud services that enable security without compromising performance:
Cloud services are critical in providing personalized in-vehicle experiences, but finding cloud services that provide both high-performance and robust security is challenging.
4. Compliance with data regulations such as CCPA and GDPR:
Personalized in-vehicle experiences must comply with data privacy regulations such as CCPA and GDPR, which adds a layer of complexity to the system’s design.
5. Multi-tenancy to onboard multiple OEMs:
To cater to multiple Original Equipment Manufacturers (OEMs), the system needs to support multi-tenancy, which presents its own challenges.
The client was beset with challenges, as these factors deterred them from providing a seamless, personalized in-vehicle experience while ensuring the security and privacy of user data. That was the juncture when Dimiour arrived as a solution partner.
5. Multi-tenancy to onboard multiple OEMs:
To cater to multiple Original Equipment Manufacturers (OEMs), the system needs to support multi-tenancy, which presents its own challenges.
The client was beset with challenges, as these factors deterred them from providing a seamless, personalized in-vehicle experience while ensuring the security and privacy of user data. That was the juncture when Dimiour arrived as a solution partner.
Solutions:
1. Cloud native micro services (k8s) were architected and developed aligning with the principle of least privilege:
This means that the microservices are designed so that they only have access to the resources they need to function and nothing more. This ensures that if one of the microservices is compromised, the attacker would have limited access to the system, which makes it easier to contain and mitigate the damage.
2. Designed and setup custom gateway with mutual TLS (ECC) and server-side OCSP stapling over a nginx server:
The custom gateway acts as a middleman between the microservices and external clients, providing an extra layer of security. Mutual TLS (Transport Layer Security) ensures that both parties (client and server) authenticate each other using digital certificates, and ECC (Elliptic Curve Cryptography) is a type of encryption that provides better security and performance than traditional encryption methods. OCSP (Online Certificate Status Protocol) stapling is a way to check the validity of digital certificates in real time, reducing the risk of using revoked or expired certificates.
3. gRPC based service with protobuf reducing payload while enabling end-to-end encryption:
gRPC is a modern open-source framework for building fast and efficient APIs. Protobuf is a data serialization format that reduces the payload size and enables efficient communication between microservices. End-to-end encryption ensures that the data exchanged between microservices is always encrypted, protecting it from interception and tampering.
4. Implemented secure authentication and trust cycle with ForgeRock CIAM (Vehicle, Smartphone, Cloud services):
ForgeRock CIAM (Customer Identity and Access Management) is a comprehensive platform for managing user identities, access, and authentication. This ensures that only authorized users can have access to the microservices and that their actions are logged and audited. The trust cycle ensures that the microservices can trust each other and authenticate themselves using digital certificates and other secure methods.
5. Integrated Signal Sciences WAF:
A Web Application Firewall (WAF) is a security solution that protects web applications from various attacks, such as SQL injection, cross-site scripting, and other exploits. Signal Sciences is a cloud-native WAF that uses machine learning and other advanced techniques to provide real-time protection against these attacks.
Overall, these solutions provide a robust and secure infrastructure for our client’s microservices, ensuring that their data and systems are protected from various threats.
Benefits for the Client:
1. 100% Security Compliance:
By delivering an IoT platform that is 100% security compliant, our client ensured that their vehicles of tomorrow are secure from potential cyber threats. This means that the client’s customers can trust that their personal data and driving information are protected, providing peace of mind and trust in the client’s brand.
2. End-to-End Encryption:
With end-to-end encryption for all connected services, our client could well discern that data transmitted between their vehicles and other systems is secure and protected from unauthorized access. This encryption ensures that data cannot be intercepted or manipulated, providing additional layers of security to the client’s vehicles.
3. Efficient and Optimal Algorithms:
By reducing vehicle compute cycles with efficient and optimal algorithms, the client improved the performance and reliability of their vehicles. This means that their vehicles will be able to process information faster and more accurately, leading to better driving experiences for their customers.
4. Personalization Without Compromising Security and Performance:
The client can provide personalized customer experiences without compromising security and performance. By leveraging the efficient and secure IoT platform, the client can offer personalized services and features, such as customized infotainment and driving settings, while maintaining the highest levels of security and performance.
5. Patents on Integration Patterns:
By using the IoT platform to integrate their vehicles with other systems and services, the client benefitted from patents on integration patterns. This means that the client can protect their intellectual property and potentially generate revenue through licensing their integration patterns to other companies.
Dimiour’s services and solutions provided enhanced security, improved performance and reliability, personalized experiences, and potential revenue generation through patents on integration patterns. These benefits ultimately contribute to the success and competitiveness of the client’s brand in the automotive industry.