A Multifaceted Approach to Autonomous Vehicle Cyber Security

Protecting vehicles will require efforts from ECU vendors, supply chain management teams, car manufacturers and security researchers.
By Manish Dwivedi
Dec 21, 2017

With the big leap in technologies such as deep learning and the Internet of Things (IoT), advancements in the field of autonomous vehicles have been groundbreaking in recent years. Many of the big automakers (like Tesla, Ford and General Motors) and technology giants (like Google and Apple) are rushing against time to bring them to the market. But while the internet is full of advantages and benefits for autonomous vehicles, there is no paucity of threats imposed by cybercrime on these technologically advanced machines.

As connected vehicles are something new to the industry, the threat vectors have not yet been fully identified. While researchers are working to identify the problems and possible solutions, it seems that the challenges and solutions in automotive cybersecurity range from physical security to the defense-in-depth approach, to supply chain management.

Even before autonomous vehicles, much of the research into cyber-attacks on automotive vehicles has shown that they are an easy target for hackers if they can obtain physical access to the vehicles. Many researchers have shown, in the past, that hacking via an onboard diagnostic port, Bluetooth and Wi-Fi has been not so unmanageable. And when ridesharing companies like Uber and Didi talk about using these autonomous vehicles as commercial transportation vehicles, auto manufacturers may need to add some extra layer of security to avoid the attacks caused by this physical access to the vehicles by riders, as we may not know the intention of every commuter who takes a ride.

The possible solutions might include tamper-resistant tapes (to be put on open entry points, such as OBD ports), tamper-resistant hardware (to be used for cameras and sensors) and connectivity options for riders to connect their devices to the cars' IVI systems via Bluetooth or Wi-Fi. As part of one extra layer of security, manufactures should enforce only signed code to be run on vehicles' networks and electronic control units (ECUs). While the tamper-resistant tapes may only help to identify who has tried to intrude in the system, the signed code may help in preventing malicious code from running on the vehicle network.

We will be required to take the defense-in-depth approach to overcome the issue of automotive cybersecurity. The architecture should be laid down by adding a multilevel defense solution across automotive components. The solution may start at the individual ECU level—for example, a car's steering wheel or brakes—by leveraging technologies like secure boot, verified boot, firewalls, mutual authentication, code-signing and secure upgrade capabilities. Next-level defense solutions can be added by monitoring all traffic at the vehicle network level, using intrusion-detection and anti-virus software that can flag any anomalies compared to standard behavior, and help to notify the owner as well as quarantining the malicious software.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations