site-logo

Secure IDS Logging Using Trusted Applications in Vehicle Infotainment Systems

Contact Us

About the Customer:

Our customer is the software division of a global automotive group focused on developing integrated technology and software platforms for software-defined vehicles (SDVs).

As part of their SDV platform projects, they wanted to implement a secure event logging mechanism for the Intrusion Detection System (IDS) within their virtualized in-vehicle infotainment environment.

Given our ample experience in developing Trusted Applications (TAs) within a Trusted Execution Environment (TEE) for automotive embedded systems, they partnered with us.

Business Challenges:

The customer’s infotainment stack is built on a hypervisor-based architecture consisting of multiple isolated virtual machines (VMs). The need was to implement a centralized and secure IDS event logging mechanism that could:

  • Be accessed by multiple VMs with controlled read/write permissions.
  • Ensure log integrity and confidentiality, even when accessed from potentially less trusted domains.
  • Ensure compatibility with standard security testing and validation frameworks
  • Maintain compliance with internal security review and process policies.

Embitel’s Solution:

Our team at Diconium Germany followed a consultative approach to help the customer achieve the most optimised solution. We analysed their business case and suggested the most appropriate method to develop a solution that integrates with their existing setup with minimal disruption.

To fulfil the requirement, our team designed and implemented a Trusted Application (TA) to execute within the Trusted Execution Environment (TEE).

Solution Architecture

The system architecture of the infotainment system comprised of two virtual machines (VMs) running on Android (AOSP) and SYS Linux OS over a hypervisor. As part of the system’s Intrusion Detection functionality, both VMs are monitored for suspicious activity.

In normal operation, when no security incident is detected, both VMs generate fragments of system data such as logs, kernel messages, and network activity. This data is stored in a circular buffer, which automatically deletes older fragments when needed.

In the event of a detected security incident, the Trusted Application (TA) initiates a snapshot of the circular buffer. At this point:

  • The TA captures and preserves the buffered data at that instant, including relevant logs and context around the incident.
  • Simultaneously, it notifies the non-compromised VM and enables it to request its own buffer snapshot, which is securely transmitted to a centralized server for secure storage and forensic analysis.

This architecture ensures isolation between the virtual machines and allows each VM to communicate independently with the TA. Additionally, it also restricts any attacker’s ability to erase traces or manipulate logs post-compromise.

With such functioning, if a device is found to be compromised, the system marks it accordingly but allows the remaining functions to continue operating safely.

To ensure that our deliverables meet the client requirements, various teams seamlessly coordinated to design and develop this robust TA. It was thoroughly tested by our in-house cybersecurity validation teams.

Following this, the TA was successfully integrated into the customer’s production environment. Since then, we continuously support the solution with operational assistance, to ensure smooth performance, reliability, and security.

Embitel Impact:

As a result of this secure IDS logging mechanism, the customer was able to:

  • Deploy a secure IDS logging service, tested extensively in the OP-TEE environment.
  • Ensure secure, tamper-resistant storage of critical data.
  • Ensure data protection and audit integrity across the logging process.
  • Significantly reduce the development time and cost due to our team’s familiarity with the setup and hardware.
  • Receive full ownership of the TA source code, enabling them to maintain, extend, or integrate the solution independently.

Tools and Techniques:

  • OP-TEE and QEMU for testing
  • Trusted Application (TA) development in C
  • Supporting test applications developed in C++
  • Android AOSP IVI and custom Linux VM
  • Hypervisor-based Virtualization
  • Global Platform APIs
Scroll to Top