Why building security into connected vehicles is so difficult.
Talk about security in autonomous vehicles seems to have subsided. It shouldn’t, because the problem is far from solved.
In fact, it’s not just one problem. It’s layers upon layers of problems spread out across all roadways, technology design houses, IP developers, network infrastructure, and the entire supply chain. And even though one vehicle’s security may be bulletproof, it may be no safer than the completely unsecured vehicle traveling next to it or toward it.
There are three main issues here, and lots of ancillary ones. First, much of what is being planned for Level 4/5 vehicles includes very complex electronics. In the case of the central brain/AI technology, no one is quite sure at this point how harsh environmental conditions or time will degrade performance, or what that degraded performance means from a safety standpoint. This is partly because no vendor can make all of the pieces, and partly due to the fact that everything is being developed as fast as possible because no automotive OEM wants to be left behind.
How secure the supply chains are for these devices, or the parts or IP in those devices, isn’t clear to anyone involved. While automotive OEMs and Tier 1s are very good at managing supply chains for mechanical parts and even some of the MCUs and actuators, the supply chain for things like LiDAR, vibration sensors and software involves a slew of startups with no history in the automotive industry.
Autonomous vehicles will include systems of systems, and any part in any of those systems can contain vulnerabilities, most due to design flaws. And the risk goes up as counterfeit or aftermarket parts begin filtering into the market.
This leads to issue no. 2, which is the communications system. The first involves signals sent through the vehicle, which can send an alert that there is an object in the road ahead or that tire pressure is low in one or more of the tires. Securing this system is vital, because it can determine whether a car will swerve to avoid a boulder that just dropped down onto the road or whether the car will adjust its speed because the car next to it has just skidded on ice. But vehicles also need to communicate with other vehicles in an increasingly automated automotive world, and the accuracy of those communications is vital. A wrong signal, regardless of whether it was purposely sent or not, could result in an accident for another vehicle.
Third, it’s not just about the vehicle. It’s also the communications infrastructure that will carry signals between vehicles, and between vehicles and the cloud. What happens if a car is reliant on communication over 5G to the cloud, and the cloud is suddenly frozen by a distributed denial of service attack, like the one at Dyn.
In many cases, communications will involve the same unsecured wireless networks that warn us everytime we log on in an airport that we are in public and that others may be able to see what we’re doing. Virtual private networks can obscure the user’s identity, they don’t protect the data.
Will 5G really be more secure than 4G, especially when signals require arrays of antennas to reconstruct data? And will communications within a car really be kept secret from neighboring vehicles or ground monitoring?
It’s one thing to build enough intelligence into vehicles to make them aware of their surroundings and behave within a pre-defined distribution of acceptable behavior. It’s quite another to make sure they can do that securely.
Related Stories
Security Holes In Machine Learning And AI
A primary goal of machine learning is to use machines to train other machines. But what happens if there’s malware or other flaws in the training data?
Designing Hardware For Security
Most attacks in the past focused on gaining access to software, but Meltdown and Spectre have changed that forever.
Building Security Into RISC-V Systems
Emphasis shifting to firmware, system-level architectures, and collaboration between industry, academia and government.
Making Autonomous Vehicles Safer
What needs to be tested, and what’s the best way to make that happen?
IoT Device Security Makes Slow Progress
While attention is being paid to security in IoT devices, still more must be done.
Leave a Reply