As connectivity advances, protection of vehicles against attacks from cyberspace is becoming ever more important. The only way to assure such protection is with a comprehensive cybersecurity concept, integrated into the development process right from the start.
Autonomous vehicles are nothing other than mobile computers with innumerable communications interfaces – exchanging data with infrastructure or other vehicles, updating on-board software, or accessing real-time navigation maps. However, the increasing number of interfaces aboard vehicles also means there are more potential vulnerabilities for cyber-attacks. “Hundreds of articles on autonomous driving appear in the media every day, but almost none mention the elephant in the room: auto-makers do not yet have a reliable defence against cyber-threats. Period. One serious hack could immediately halt progress in automated driving. But we have the remedy,” says David Uze, Trillium’s CEO. Consequently, the Japanese company founded in 2014 is planning to launch a software-based, multi-layer security solution onto the market in 2018 – at a tenth of the cost of existing solutions. “Since defence must continually evolve, our infrastructure will deliver Security as a Service (SaaS) via real-time-update platforms that auto-makers or insurers can on-sell to car owners.”
There is no wonder-weapon
Whether a purely software-based add-on cybersecurity solution is enough on its own to protect a vehicle against the highly sophisticated attacks of modern-day hackers is questionable, however. “There is no wonder-weapon capable of protecting cars against sophisticated dynamic cyber-attacks,” stresses Ofer Ben-Noon, co-founder and CEO of Israeli vehicle cybersecurity company Argus. “Our customers need protection on multiple levels, so as to be prepared for any conceivable scenario.” The company offers a multi-layer security solution for connected vehicles: it starts with the infotainment and telematics devices, encompasses the internal network communications, and also extends to selected electronic control units (ECUs). ECU security protects vital systems such as the brakes, assistance systems and other key units against attack.
Cybersecurity as part of the development process
Cybersecurity should be integrated into the development process for an autonomous vehicle right from the start as a matter of policy. That principle is affirmed in a manifesto published by FASTR, stating that cybersecurity should begin at the very foundation of the vehicle’s architecture and be coordinated throughout the supply chain. In that way, a connected vehicle can be made “organically secure”. FASTR – which stands for Future of Automotive Security Technology Research – is a neutral, non-profit consortium established in 2016 by three companies: Aeris, Intel Security and Uber.
The provision of such all-round protection should be approached according to the bottom-up principle: the security concept starts with a high-security core (root of trust), implemented by a physically secured cryptographic device such as a Hardware Security Module (HSM). It securely holds cryptographic keys and algorithms, protecting them against being read, modified or deleted. The keys are in turn used to detect and prevent manipulation of the ECU firmware. This then also ensures that the software-based security functions in the firmware can be used safely for on-board communications. At the same time, it means on-board networks on different security levels are reliably isolated from one another – preventing access to the engine management system via an entertainment interface, for example. The secure on-board network this creates then also in turn permits secure communication with other vehicles or infrastructure.
Autonomous vehicles are protected against the many types of cyber-attack by multi-layered security concepts.
Hardware security module
More secure E/E architecture
Secure on-board communication
Secure vehicle IT infrastructure
Secure control unit
Secure V2X communication
Security systems must be updateable
The challenges of cybersecurity are changing continually, however. Security experts are continually having to confront new conditions and methods of attack. That means a vehicle’s on-board security systems must be capable of being regularly updated throughout the product life-cycle. Consequently, a security solution for autonomous vehicles should be designed right from the start in such a way that vital security parameters and functions are held in modifiable storage devices (such as HSMs with firmware update facilities). Also, available IT resource capacities should not be fully utilised right from the start – leaving adequate spare storage space, for example. With appropriate update mechanisms, new security patches can then be downloaded “over the air” – and the vehicle can stay protected against attacks from cyberspace even ten years down the line.
“Car hacking is a very real threat that will continue to increase as we move towards greater connectivity and autonomous vehicles, with more and more new technologies becoming part of the Internet of Things,” says Saar Dickman, Vice President, Automotive Cyber Security at Harman. “Automotive cybersecurity is an increasingly critical piece in enabling connectivity and autonomous driving.”