EE Times Europe – Why automotive cybersecurity matters
Cybersecurity is becoming a fundamental concern for the development of autonomous vehicle (AV) systems, as attacks can have serious consequences for autonomous electric vehicles and can put human lives at risk. Software attacks include data-driven decisions that negatively impact EV range and undermine the benefits of self-driving cars.
AVs have seen many recent advances, with the integration of technologies such as edge computing, private 5G, and high-performance processing units. In autonomous electric vehicles, edge computing helps process the high volume of data at the edge to reduce latency and help vehicles make decisions based on real-time data. Edge sensors deployed in vehicles have few resources but require high computing power to process the data. This data is then migrated to edge data centers and the cloud to serve communications and vehicle-to-everything (V2X) services that have garnered considerable interest as a potential part of future intelligent transportation systems.
V2X facilitates communication and interaction between vehicles (V2V), infrastructure (V2I), pedestrians (V2P) and networks (V2N). But these advanced communication systems introduce more surface for cyberattacks and damage the existing ecosystem, which can lead to serious repercussions.
Cyberattacks in V2X communications
Across the AV ecosystem, V2X communication supports the transmission of edge data across different parts of the traffic system and requires multiple communication channels between these edge sensors and other infrastructure. These multiple communication channels expose vehicles to cyberattacks, which can have serious consequences not only for the vehicle but also for other connected devices. An increase in the number of connected devices can make these cyberattacks unpredictable and more frequent.
Many different entry points can be used to infiltrate vehicle architecture, including vehicle databases, remote communication technologies, and vehicle parts. Recently, researchers have focused on vehicular ad hoc networks (VANETs), which use dedicated short-range communication (DSRC) based on the IEEE 802.11p standard for wireless access in vehicular networks. Another communication protocol used in V2X communication is mobile cellular network which uses Long Term Evolution (LTE) technology.
One of the most common attacks related to V2X communication is the VANET, which has been the subject of much research since 2008 to analyze the security problems related to the transmission of wireless communication from outside the vehicular system. Some known VANET attacks include man-in-the-middle attacks, fake information attacks, DoS, location tracking, malicious code, and replay attacks. The other known attack against AVs due to V2X communication concerns the infotainment system and Bluetooth data transmission.
As explained in the Vehicular Communication Elsevier 2020 review, a three-layered framework can be used to understand the different parts of AVs and how they can be attacked by hackers:
- The sensing layer consists of sensors that continuously monitor the dynamics of the vehicle and the environment around it. These edge sensors are vulnerable to eavesdropping, jamming, and spoofing attacks.
- The communication layer includes both near and far field communication to facilitate communication between other nearby edge sensors and distant edge data centers, leading to attacks such as man-in-the-middle and Sybil attacks.
- The control layer at the top of the hierarchy enables audio-visual features, such as automating a vehicle’s speed, braking, and steering. Attacks on the detection and communication layers can propagate upwards, affecting functionality and compromising the security of the control layer.
Integrating Cyber Defense
Developing defense solutions to combat the growing cyberattacks on electric vehicles has become a priority research area for security engineers. To bring technological improvements to autonomous building software and hardware features, the integration of a defense mechanism becomes an important parameter in the design process. Possible cybersecurity solutions are described below.
The Electronic Control Unit (ECU) is the heart of the vehicle that processes and communicates data, where information received from ECUs is encrypted to prevent injections and man-in-the-middle attacks. Recent research shows that vehicle encryption and authentication can be used to prevent spoofing, tampering, masking, and replay attacks when communicating between edge data centers and the vehicle.
A dedicated Intrusion Detection System (IDS) is required to continuously monitor network systems and detect possible cyberattacks. To detect cyberattacks, a traditional IDS relies on firewalls or rule-based (non-AI-based) systems, but it is ineffective in detecting sophisticated automotive attacks because the data from the vehicular network in time series do not capture complex dependencies. AI-based solutions can be used to analyze large-scale vehicle network data due to the availability of on-board sensors in vehicles from communication between ECUs and external systems.
Blockchain technology can be used in V2X communication to facilitate the secure transmission of basic security messages between vehicle systems and the cloud. Blockchain technology provides a decentralized mechanism for vehicles to validate the data they receive in an unreliable way. The technology can help establish secure connections between the vehicle and payment gateways for faster purchase of fuels, transactions at toll booths or even the sale of sensor data.
As cyberattacks against the automotive industry increase, defensive methods must also be constantly monitored. The researchers focused on the security technique of CAN networks, the security of authentication protocols and intrusion detection systems. The integration of AI and big data analytics will be considered to improve defense methodologies and provide future-proof security models.