Researchers trial four ways to improve autonomous vehicle cybersecurity
Today’s cars are vulnerable to hacking, and that’s not great news. But when autonomous vehicles inevitably hit our blacktop, that vulnerability presents itself as a problem ten-fold.
If successfully exploited, attackers could be able to access or intercept the information sent to and from autonomous vehicles.
Because of the amount of data they require to function, IoT infrastructure and connected systems use to provide vehicle information could provide countless entry-points for their compromise.
Given that consumers themselves are not won over by the technology— concerned that it will be deployed before its safety has been tested rigorously— adding cybersecurity threats to the mix certainly won’t allay those fears.
The cybersecurity of autonomous vehicles is the focus of researchers at Warwick Manufacturing Group (WMG), part of the University of Warwick, who claim to have demonstrated a number of innovations that could enhance the safety and security of autonomous vehicles.
The WMG, which provides research and knowledge transfer in engineering, manufacturing, and technology, launched an IoT-enabled Transport and Mobility Demonstrator project. This comprises innovations aimed at demonstrating how autonomous vehicles and roadside infrastructure can connect more securely.
Innovations were trialed at the Universities of Warwick and Surrey, and the 5G-enabled Millbrook Proving Ground which TechHQ covered recently, and comprise four different areas;
# 1 | Group signatures
When communicating, autonomous vehicles must send proof that the vehicle is that which it claims to be, via a digital signature.
Group signatures comprise a secure form of communications for vehicle platooning (vehicles are identified as only belonging to a group) that restricts the amount of data shared from a vehicle and makes it harder for an attacker to track over time.
This can be extended to use a timestamp, updating the signature every 10 minutes.
# 2 | Authentification prioritization
Limited computing resources will make it costly and time-consuming for autonomous vehicles to verify every other vehicle’s identity that it receives messages from, to ensure information is correct.
This approach prioritizes the messages a vehicle receives based on verified sender information, so those with higher significance will be prioritized by the on-board computing system.
# 3 | Decentralized PKI
A decentralized Public Key Information (PKI) is an edge computing approach that allows vehicles to verify the identity of other vehicles more rapidly than existing methods, which relies on downloading from the cloud.
# 4 | Decentralized PKI with Pseudonyms
Builds on Decentralized PKI by periodically issuing new identities to vehicles on the road to provide privacy.
A summary of the work carried out recommended the deployment of more communication infrastructure and the need to test other types of cyberattacks, as well as the need to involve 5G within the testing phase.
“The cybersecurity of autonomous vehicles is key to make sure that when the vehicles are on the roads, the data is trustworthy and that vehicle communications do not compromise privacy,” said WMG’s project leader Professor, Carsten Maple.
“We tested four innovations developed in the PETRAS Project, and being able to apply them to the real world is the first major step in testing the security of autonomous vehicle systems.”
YOU MIGHT LIKE
The right way to get ‘hacked’, according to Volvo
A paper from Dartmouth College earlier this year entitled Counter-Mapping the Spaces of Autonomous Driving emphasized the need for autonomous vehicle developers to be “absolutely sure they are as secure as they can be.”
However, the paper’s author also said achieving this will require “input from parties of the corporations who are building those very systems, such as government, advocacy groups and civil society at large.”
In other words, the paper suggested ethical hacking could be key in ensuring autonomous vehicle systems are secure, highlighting flaws in systems that may have otherwise been missed.
28 June 2022
27 June 2022