Karamba security partner logo

Karamba Security 

Karamba Security provides industry-leading automotive cyber-security solutions for autonomous and connected cars. Its autonomous security software products, which include 'Carwall' and 'SafeCAN', utilize a security by Design approach to provide end-to-end in-vehicle cyber-security for the endpoints and the internal messaging bus.

Karamba Security's award-winning solutions prevent zero-day cyber-attacks with zero false positives and secure communications, including Over-The-air (OTA) updates, with negligible performance impact. Karamba, with headquarters in Michigan USA is engaged with 17 OEM and Tier-1 customers and has received numerous industry awards. More information is available at http://www.karambasecurity.com/.

Overview

  • Founded in 2015
  • Offices located in Israel, USA, Europe and Japan
  • Total of $27M raised
  • 40+ employees
  • 17 OEM and Tier-1 engagements as of Q1/18

    • Technology

    Karamba Security prevents cyber-attacks on connected and autonomous cars with zero false positives.
    The combination of Karamba Carwall® and SafeCAN delivers end-to-end Autonomous Security® protection: from the externally connected devices where hackers gain entry to the in-vehicle networks where hackers can take control.

    As the industry's first autonomous cyber-security for vehicles, Carwall hardens the ECU run-time environment based on factory settings. Carwall analyses the software image and automatically creates a customized security policy that becomes part of the firmware. Using lightweight control flow integrity and binary white-listing, Karamba blocks any illegitimate function calls and malware activation's before any damage can occur.

    Unique Customer Benefits:


  • Assured safety
    •      - End-to-end prevention
         - Zero false alerts

    • Automatic hardening (according to factory settings)
      • - Zero-day protection
      - Eliminates the need for continuous software updates
    • Pragmatic solutions
      • - Requires no developer intervention
      - Seamless integration, agnostic to ECU hardware, and to vehicle's networks

    Awards

    2017 

    • Frost and Sullivan's 'Best Product of the Year'
    • TU-Automotive's 'Best Auto Cyber-security Product'

    2018

    • AUTO Connected Car News' Best Automotive Cyber-security Product
    • Gartner 2018 Cool Vendor in IoT Security

    "We are impressed with Karamba Security's unique approach, which can be used to provide early warnings of attack attempts and prevent malware from infiltrating the safety controllers of both new existing cars".

    - Scott J. McCormick, President of the Connected Vehicle Trade Association.

    "Karamba Security's automated sealing approach offers the automotive industry a tool to immediately detect and prevent cyber-attacks".

    - Richard Wallace, Director of Transportation Systems Analysis at the Center for Automotive Research.


    "Karamba's technology doesn't require any developer resources to install or generate the security policy, and its CPU footprint is negligible. We are working with Karamba...to present our automotive customers with a secure out of the box". 

    - Stephan A. Tarnutzer, VP Electronics, FEV North America.


    Solutions

    Karamba's software products automatically harden car's Electronic Control Units (ECUs), preventing hackers from compromising those ECUs and infiltrating the car.

    Carwall®

    Karamba Security's Carwall provides an endpoint security for Electronic Control Units (ECUs) that uses proprietary technologies in multiple layers to harden the ECU software and protect cars against hackers. It secures the ECU by sealing it according to factory settings, detecting and preventing attack attempts, as well as performing forensic analysis on the malware and logging a report on the attack details.

    Carwall provides:

  • Automatic security policy generation customized to an ECU's specific factory settings

  • Multi-layeres, real-time detection and prevention capabilities on the ECU

  • Forensic logging and reporting

  • Anti-tampering protection


    • Carwall seamlessly integrates into the ECU without any further developer resources or interfere with development processes. Once Carwall is integrated into the ECU, it provides run-time sealing of the ECU against hacker attempts.

    Karamba's Carwall security solution was designed based on Autonomous Security principles, comprised of the five foundations of criteria for life-protecting cyber defense:

    1. Decisions are deterministic, not heuristic, leaving no room for false positives

    2. Attacks must be prevented, not merely detected

    3. Decisions are made locally with security safeguards that remains always-on, even when the system isn't actively connected to the cloud

    4. Built-in anti-tampering and other controls prevent modification of the security layers

    5. Provides full control for the system developer while requiring zero developer resources or intervention to maintain reliable operations

    SafeCAN®:


    Karamba's SafeCAN is the auto industry's first ultra-light network security software to authenticate communication between ECUs without slowing performance. From message-type analysis to message authentication, SafeCAN is designed to maximize protection while minimizing the burden on the vehicle's limited-resource systems.
    SafeCAN combines three approaches in its CAN-bus authentication technology: Custom Use of Block Ciphers, Dynamic Re-issuing of Session Keys, and Message Validation Methods.

    Advantages of Karamba SafeCAN:

  • Authenticates the sender and data integrity of every message without adding payloads

  • Authenticates cloud-to-vehicle communications to prevent OTA malware downloads

  • Delivers real-time protection, enabling sensors, circuits and motors to share data instantly

  • Blocks malicious messages from face ECUs and unauthorized senders

  • Eliminates the need to exchange keys while the car is running, removing risk and overhead

  • Minimizes cost and effort, requiring no changed to the application code, protocol or chip set

  • Secures any type of serial data bus so mixed ECUs can work together in a mesh system

    •