Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute
Cars are becoming complex (and CAV is only part of it) 1965: No computers No software 2018: http://www.informationisbeautiful.net Up to ~200 computers Consider TPMS are 4 computers and wireless >100 million lines of code Connected to internet
CAV Overview Cooperative system where vehicles communicate: With each other (V2V) With infrastructure (V2I) With pedestrians, bicycles, etc (V2X) Improves: Safety, Mobility, Environmental Impact Example Applications: Emergency Electronic Brake Lights (V2V) Overheight Vehicle Detection and Warning (V2I) Same can be said for C-V2X
CV Environment (Attack Surfaces) For CAV to be successful it must be integrated into the transportation infrastructure
AV Environment (Attack Surfaces) Sensor suite might include Radar Camera imagery Lidar Ultrasonics GPS Electronics also include Electronically controlled actuators Infotainment systems Software Over the Air (SOTA) Updates
Security is a Balance How much do you want to pay for security? Usually not a lot until you are compromised Like all technology solutions, a balance has to be reached based on funding, accessibility and reality Every organization has to decide the level of acceptable risk
Four Major Aspects of Cybersecurity How can someone gain unauthorized access? What could they do if they gained access? How can we detect unauthorized access? What can be done in response to an attack?
How Do Cyber Attacks Occur: Physical Inspection With physical access to ECU, hacker looks for attack surfaces Recovery of system secrets Cryptographic Keys Passwords Intercept communications Network and IP Traffic Internal Signals Modify and inject traffic Serial Cellular CAN
Vulnerability / Penetration Surfaces Types Cellular CB Radio WiFi Bluetooth GPS Approaches Denial of service Device spoofing Traffic injection Software Over the Air updates
Malware Effects Controller Area Network (CAN) Bus CAN bus replaced point to point wiring, all interconnected Messages are broadcast Messages are easily cracked ECU broadcast any message engine electronics, transmission electronics, chassis electronics, active safety, driver assistance, passenger comfort, entertainment systems, electronic integrated cockpit systems, lambda control, onboard diagnostics, cooling system control, ignition system control, turbo charger control, lubrication system control, fuel injection rate control, throttle control, transmission electronics, chassis electronics, anti-lock braking system, traction control system, electronic brake distribution, electronic stability program, passive safety, air bags, hill descent control, emergency brake assist system, driver assistance, lane assist system, speed assist system, blind spot detection, park assist system, adaptive cruise control system, pre-collision assist, passenger comfort, automatic climate control, electronic seat adjustment with memory, automatic wipers, automatic headlamps - adjusts beam automatically, automatic cooling - temperature adjustment, infotainment systems, navigation system, vehicle audio, information access, tire pressure monitoring system (Wikipedia)
Possible Penetration Effects ECU control via CAN bus messages Auto start/stop Brakes Lane assist / collision avoidance Cruise control Steering Impact of these attacks: Erodes public trust Raises awareness improves security practices Financial cost (recalls, lawsuits, etc)
CAV Environment Potential Attacks Injecting bad data that is then communicated over trusted comms Using comms or physical means to hack vehicle and control it or obtain trusted security credentials Flood DSRC safety & control channels Spoofing, jamming, or subtle skew of GPS signal Use roadway infrastructure to infiltrate TMC network Simulate vehicles that will trigger safety apps. Tough to detect if sensors are occluded Hack RSE and alter SPAT/MAP messages Broadcast incorrect messages to/from Vulnerable Road Users
Detection What makes detection hard Open nature of CAN bus Processing costs money People want to work on their cars (custom ROMs) How do you detect attacks CAN traffic profiling It takes processing power Checksums on file systems
Defense / Response Vehicle manufacturers are taking steps to secure their vehicles Progress is being made to harden SOTA updates mechanisms e.g. DHS Uptane Traffic management infrastructure networks are being hardened, e.g. NCHRP Project 03-127
How to Prevent Attacks: White Hat Hacking (Penetration Testing) Discover & patch vulnerabilities before production Methodical approach ensures that most frequent and most damaging attacks are mitigated Helps create and maintain a secure system at an acceptable level of risk
Summary Key takeaways: CAVs are already here and the number of CAVs will increase in years to come DSRC will add another attack surface for vehicles and infrastructure Almost everything is hackable or trackable DSRC standards are designed to make it much more difficult to hack or track than other communication mechanisms in the CV environment What can we do to prepare for DSRC deployment? Extend security and data privacy systems, practices and policies to handle CAV data and infrastructure Small pilot deployments to analyze security and privacy impacts this can inform a larger deployment in the future
Questions?
Robert Heller, Ph.D. Program Director R&D Intelligent Systems Division 210.522.3824 robert.heller@swri.org