Karamba Security 

Karamba Security provides industry-leading automotive cyber-security solutions for autonomous and connected cars. Its autonomous security software products, which include 'Carwall' and 'SafeCAN', utilize a security by Design approach to provide end-to-end in-vehicle cyber-security for the endpoints and the internal messaging bus.

Karamba Security's award-winning solutions prevent zero-day cyber-attacks with zero false positives and secure communications, including Over-The-air (OTA) updates, with negligible performance impact. Karamba, with headquarters in Michigan USA is engaged with 17 OEM and Tier-1 customers and has received numerous industry awards. More information is available at http://www.karambasecurity.com/.


"We are impressed with Karamba Security's unique approach, which can be used to provide early warnings of attack attempts and prevent malware from infiltrating the safety controllers of both new existing cars".

- Scott J. McCormick, President of the Connected Vehicle Trade Association.

Technology

Karamba Security prevents cyber-attacks on connected and autonomous cars with zero false positives.
The combination of Karamba Carwall® and SafeCAN delivers end-to-end Autonomous Security® protection: from the externally connected devices where hackers gain entry to the in-vehicle networks where hackers can take control.

As the industry's first autonomous cyber-security for vehicles, Carwall hardens the ECU run-time environment based on factory settings. Carwall analyses the software image and automatically creates a customized security policy that becomes part of the firmware. Using lightweight control flow integrity and binary white-listing, Karamba blocks any illegitimate function calls and malware activation's before any damage can occur.

Solutions

Karamba's software products automatically harden car's Electronic Control Units (ECUs), preventing hackers from compromising those ECUs and infiltrating the car.

Carwall®

Karamba Security's Carwall provides an endpoint security for Electronic Control Units (ECUs) that uses proprietary technologies in multiple layers to harden the ECU software and protect cars against hackers. It secures the ECU by sealing it according to factory settings, detecting and preventing attack attempts, as well as performing forensic analysis on the malware and logging a report on the attack details.

Carwall provides:
  • Automatic security policy generation customized to an ECU's specific factory settings
  • Multi-layeres, real-time detection and prevention capabilities on the ECU
  • Forensic logging and reporting
  • Anti-tampering protection

Carwall seamlessly integrates into the ECU without any further developer resources or interfere with development processes. Once Carwall is integrated into the ECU, it provides run-time sealing of the ECU against hacker attempts.

Karamba's Carwall security solution was designed based on Autonomous Security principles, comprised of the five foundations of criteria for life-protecting cyber defense:

  • Decisions are deterministic, not heuristic, leaving no room for false positives
  • Attacks must be prevented, not merely detected
  • Decisions are made locally with security safeguards that remains always-on, even when the system isn't actively connected to the cloud
  • Built-in anti-tampering and other controls prevent modification of the security layers
  • Provides full control for the system developer while requiring zero developer resources or intervention to maintain reliable operations

SafeCAN®:

Karamba's SafeCAN is the auto industry's first ultra-light network security software to authenticate communication between ECUs without slowing performance. From message-type analysis to message authentication, SafeCAN is designed to maximize protection while minimizing the burden on the vehicle's limited-resource systems.

SafeCAN combines three approaches in its CAN-bus authentication technology: Custom Use of Block Ciphers, Dynamic Re-issuing of Session Keys, and Message Validation Methods.

Advantages of Karamba SafeCAN:

  • Authenticates the sender and data integrity of every message without adding payloads
  • Authenticates cloud-to-vehicle communications to prevent OTA malware downloads
  • Delivers real-time protection, enabling sensors, circuits and motors to share data instantly
  • Blocks malicious messages from face ECUs and unauthorized senders
  • Eliminates the need to exchange keys while the car is running, removing risk and overhead
  • Minimizes cost and effort, requiring no changed to the application code, protocol or chip set
  • Secures any type of serial data bus so mixed ECUs can work together in a mesh system