Take the eighth instalment of the Fast & Furious series, where an evil hacker tries to take control of any device that has a Wi-Fi receptor. While this may seem farfetched, as people place more trust in onboard computers as we move towards fully autonomous driving, this type of scenario seems increasingly credible. With that in mind, we put forward the top ten considerations when it comes to security in autonomous vehicles in 2019.
- In-vehicle security requires a complete system approach, covering the multiple functions and systems that make up a car. Security in such a complex environment needs to be considered up front in the design of the electronics as it is also of the foundations of safety. Cars are expensive and investing in resources to steal one is worthwhile for criminals. They hold a lot of private data on the users and all this information needs to be protected. Through various wireless technologies, they communicate with multiple infrastructure systems: navigation, entertainment, maintenance, autonomous driving and payment.
- Preventing attacks on car systems is a key objective of the design process. Cars have many sensors and engine control units (ECUs) and communications between each of these need to be secure. We can imagine that over time these systems will be aggregated into one chipset that will need to be secured.
- Biometrics will play a key role in systems that track the driver for tiredness and lack of responsiveness. User identity materials will also feed inputs into multiple functions: ignition of the car, configuration of the applications, payment, identity materials of the user will have to be protected to ensure that cars do not get stolen and personal data hacked.
- Highly detailed mapping data will be critical for autonomous vehicles. Manufacturers and map companies spend a lot of time building very detailed maps, with traffic signalling information that is vital to vehicle safety. This data needs to remain protected as if it gets stolen and used without a license it is an economic loss to the company that spent millions of hours building up this data. If the data becomes infected with malicious information the safety of operations is compromised.
- All cockpit information needs to be protected from hacking. In other words, the cockpit data needs to be fully trustworthy for the driver to make the right decisions when operating the vehicle. It is key to ensure that the display cannot be hacked by an intruder pushing erroneous materials.
- As cars become more autonomous, entertainment functions in the car will become more important (for movies, music, books). This data will have to be protected against piracy and theft.
- Autonomous cars have unique security requirements to achieve the security needed for safety of the driving experience. Fast cryptography is going to be very important. To prevent accidents vehicle-to-vehicles (V2V) and vehicle-to-infrastructure (V2I) will require the speedy processing of many messages per second. Consequently, robust and ultra-fast security cryptography will be key. Quantum cryptography will play a role as the technology develops.
- FOTA updates of software functions is a key part of the security infrastructure of the car. Electric cars require limited maintenance. Therefore, a visit to the dealer to fix engines will be rare. The operations performed today by a dealer on a regular basis to upgrade the infotainment or other software functions in the car will not be required anymore. The multiple layers of software in the various car systems will instead be upgraded over the air. However, these "Firmware Over-The-Air" (FOTA) functions will require security and will have to take place within the framework of secure protocols.
- Configuration management of the car will become increasingly software-based, with activation and deactivation of hardware and software features of the vehicle occurring on-demand. Given the value associated with these car features, access to these functions will need to be securely protected with sophisticated mechanisms to prevent hacking.
- Detection of zero-day attacks is a fundamental objective of security and safety of the car. Given the potential risk to the safe operations of the vehicle and the privacy of the users when hackers find a weakness in a car system this attack cannot be allowed to linger in the code. It is important to detect these attacks as soon as possible at the level of the car. At the same time, some attacks may require fleet-level information to be identified. It, therefore, becomes important to track metadata in the car and in the fleet to perform analytics on the operations of the systems and to determine any variations from normal behaviour caused by attacks.
- Tracking genuine parts in a car, especially electronics systems, is a key part of the security mission. Genuine parts in cars tend to be more expensive but they also have specific requirements that were established by the manufacturer and the regulator. Tracking the origin of parts and preventing cheap and unsecure counterfeits from gaining access to the supply chain is a key function of the overall system. In other words, the car needs to have the ability to detect when a part is not genuine and may compromise the overall security and safety of the vehicle. The tracking of genuine parts requires the understanding of the identity of the parts and their authentication by the central security system of the car.
- Ensuring that secure protocols are used over the various interfaces prevents unauthorised access. Connection of the car to outside systems such as smartphones and cloud applications can be a vector of attacks. The injection of commands into an ECU through the various connectivity mechanisms of the car can wreak havoc on the safety and security of the car. Cars have Bluetooth, Wi-Fi, and cellular connectivity. Each one of these interfaces offers a medium to attack a system in the car.
- The intellectual property (IP) in the systems that make up the car need to be protected. Software left exposed can be extracted and stolen by nefarious agents. Cars run large software systems that include millions of lines of code. This code represents a large investment for the developers. The code went through a complex and time-consuming development and test effort. Certification may have been necessary in some cases. The code can be extracted through unprotected debug ports. Closing all loopholes that enable theft of code is an important task of the system designer.
- Security of the software systems is a pre-requisite of the safety of the vehicle and its passengers. Security and safety cannot be handled as separate topics in the cases of cars. A security weakness that becomes an exploit is a safety issue as it may expose the operations of the vehicle to either a nefarious act or a failure of a system. In other words, security is one the building blocks of safety.
It is important to see that security is an ever-evolving game during which new weaknesses get identified and new exploits get created. Countermeasures to known weaknesses and attacks play an important role in the definition of a secure system. Security starts with a very thorough analysis of the possible attack vectors with the potential threats to the system. The analysis is a key input for the system design of the car and the safety objectives to achieve.
Security is a multi-faceted exercise that will cover the counter measures to known weaknesses and attacks, the isolation of tasks in separate execution environments through virtualisation, the ability to update code over the air, the robustness of the provisioning of the various functions, the control of the various connectivity mediums to ensure that they are protected by robust protocols, the detection of attacks as they go from individual systems in the car all the way to the fleet environments.