With added connectivity comes added risk of attack.
Vehicles are on track to become highly sophisticated Internet of Things (IoT) devices. With the added functionality that connects vehicles to other vehicles, the infrastructure, and even pedestrians, the opportunity for hacking expands. Challenges like complexity and the burden of legacy systems further complicate the situation. The future of connected and autonomous vehicles (CAV) demands levels of safety and security that are currently unobtainable.
Fortunately, some of the brightest minds are working on solutions. One example is the Innovate UK-sponsored Secure-CAV consortium, which is developing hardware-based security technology that will propel the automotive industry forward. Hardware-based security can tackle the threats of today and the near future and create a strong cybersecurity posture for the as-yet unknown threats.
Secure-CAV consortium is made up of four main players:
Together they created an interactive car hacking demonstration rig (figure 1) that shows the impact of security attacks on real automotive hardware and how the combined hardware/software solution implemented as part of the project can mitigate these attacks.
Fig. 1: The Secure-CAV demonstration rig.
The main drivers for in-car network innovation for CAVs are speed and bandwidth – the ability to push high volumes of video and data for analysis. The addition of Ethernet technology alongside Controller Area Network (CAN) interconnect presents the combined challenges of legacy networking and an increase in complexity. In the short to medium term, the cybersecurity risk to vehicles will likely increase before it settles down. As such, there is a direct requirement on industry to develop measures that can address the legacy, but in as seamless a way as possible.
Practically, this means tackling the two biggest weaknesses of the CAN bus – the lack of integrity protection and the lack of authenticity, i.e., anyone can change a CAN message at any time and also pretend it has been sent from a particular component, with blind acceptance by the receiving component. This is just one example where solutions such as retro-fitted CAN-firewalls provide only limited protection. Other issues exist and, as with other sectors, connecting vehicles to the internet without addressing the long-term legacy is a very big gamble.
CAV development is in its infancy, and the automotive of the future is currently the topic of a vast evolutionary leap. Communications is the key: vehicle-to-everything connectivity is the foundation, which relies on IoT and next-generation in-vehicle networks. Among the tools we’ll need to employ is threat modelling, which isn’t considered terribly useful today, but will need to become easier to perform and give more meaningful insights into real-world ways that systems are attacked at an engineering level. The Copper Horse team working on the Secure-CAV project developed threat models for selected abuse cases in the project, taking a real-world approach based on what is actually happening on the ground and the techniques used, rather than a purely theoretical view of the threat landscape facing the automotive industry now and in the future. Their work is a showcase example of how useful threat modelling can be.
Security for CAVs also depends on advances in the silicon devices used in vehicle systems and sub-systems. Embedded, secure storage, and trusted execution are absolute necessities in modern embedded systems in order to safely use and store the keys and other security-sensitive data. A trusted platform provides the foundation of security for everything else, including being able to validate software updates to a component and provide a secure path to boot with confidence in the integrity of the system and to extend (or deny) trust.
The Siemens IP and software, when integrated into silicon chips, can detect attacks by monitoring device operations, e.g., the latency, duration, bandwidth, counting and timing, and derivatives such as averages and peaks. The Secure-CAV demonstration rig used a Siemens cyber security FPGA platform (figure 2) to monitor and capture on-chip transactions and respond to threats like mileage modification, showing what will be possible in real deployments in the future. The Siemens IP itself sits within a ‘defense-in-depth‘ system.
Fig. 2: Siemens cyber security FPGA reference platform.
The results of the Secure-CAV consortium’s demonstration rig show that that multiple, new lines of defense can be put in place inside existing and future vehicles, giving increased situational awareness to OEMs as anomalies emerge.
The mobile industry has led the way on security; now the automotive industry must follow. The prize for creating an effective solution to exploitation of vulnerabilities in automotive is a big one. We expect and deserve safe and secure transport. The current challenge for the world is one of cybersecurity resilience – there is a lot of legacy and a lot of insecurity, from supply chains through to devices. Secure-CAV has demonstrated that resilience can be achieved through strength-in-depth and that even old, legacy systems can be secured.
To learn more about Secure-CAV’s approach to addressing the challenge of securing connected and autonomous vehicles, download the technical paper by Secure-CAV member David Rogers of Copper Horse.
Leave a Reply