Bench Talk

With the commercial rollout of driverless cars, cybersecurity is becoming a key concern for developers. Autonomous cars and trucks rely on external links for a wide range of applications, from Over-The-Air (OTA) software updates to real time maps, traffic information, data from signs and roadside servers, and even data from other vehicles. This opens up many different “attack vectors,” from a simple USB stick to the Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) links, potentially making a driverless car vulnerable to hackers and compromising the safety of the passengers and other road users.

The challenge for the developer is to reduce the attack surface of the hardware and software in the system. This has to be considered as an integral part of a safety development process such as ISO 26262.

One of the most basic attack scenarios is a wireless link to the On-board Debug (ODB) port, or even a simple USB stick. For example, researchers from Uber’s driverless car lab have hacked a Jeep Cherokee, taking over the steering and braking via the ODB port.

As cyber-attacks on vehicles need to be mitigated in real-time, cyber security solutions must recognize malicious messages and prevent their propagation over the in-vehicle network. As cyber threats are constantly changing, the security solutions need to be updated over the air in order to help vehicle fleets stay immune to the latest threats and attack methods. This in itself opens up potential vulnerabilities. Protecting wireless communications against attack has implications for the system developer.

These communications links between vehicles and roadside infrastructure use the Dedicated Short Range Communication (DSRC) standard at 5850-5925MHz in the US, 5855-5925MHz and 5470-5725MHz in Europe, and 5770-5850MHz in Japan.

Of course, all the V2V and V2I links are encrypted, but there are key architectural choices around that encryption. The data packets can be decrypted when they are received, which takes more processing power in the transceiver, but allows the data to be acted on immediately. Or they can be forwarded to a central server before decrypting, which adds latency for sensor data but allows for more analysis of the data. There may be a compromise where some packets are flagged for immediate decryption and others flagged for forwarding, but this opens up another attack vector where malicious packets could be flagged for immediate decryption to compromise the vehicle.

All this also needs a layer of secure authentication to ensure that the data is coming from a trusted source, which will be other carmakers or other infrastructure equipment providers.

Infineon has been working with Israeli company Argus on an integrated cyber security solution based around its AURIX multicore microcontroller. This combines the Argus Intrusion Detection and Prevention System (IDPS) with a remote cloud platform to create a secure central gateway to protect the vehicle's internal network. The IDPS uses context-aware heuristic and learning algorithms to detect attacks, and uses the remote cloud platform to provide car makers with situational awareness about their fleets’ cyber health via a cloud-based intuitive dashboard as well as with the means to analyse attacks and take preventive action. The IDPS supports different communication protocols, operating systems and deployment options.

In the US, cyber defence software developer Mission Secure worked with autonomous car software provider Perrone Robotics on a pilot project testing the capability of MSi’s Secure Sentinel platform. The two companies had identified several vulnerabilities in cars with wireless technology including the inability of auto manufacturers to monitor previous hacking incidents, a lack of security procedures to prevent cyber-attacks and compromised privacy due to data collection. 

Component suppliers are also positioning themselves to provide integrated solutions. In August, Analog Devices bought the Cyber Security Solutions (CSS) business of Sypris Electronics to add cybersecurity to its devices for driverless cars. This forms the core of ADI’s new Secure Technology Group (STG), to be led by the former president of Sypris, to provide secure radio communications with more secure system hardware and software-based cryptographic technologies, and adds a cybersecurity software and services business.

Cyber security is an essential part of the development of all aspects of autonomous vehicles. If a vehicle is not secure, it is not safe, and there are many more ways of attacking a driverless car than today’s models. This means that considering the system as a whole, from the roadside infrastructure through the wireless links into the control units in the vehicle, is essential to providing a safe and secure development process.