Connected and Autonomous Vehicles (CAV) are grabbing the attention of industries, consumers, and government alike. Although autonomous vehicles are being designed with features and capabilities that provide increased satisfaction, safety, and comfort, CAV also introduces a number of privacy and security challenges that introduce digital and physical threats.
Researchers at the University of Warwick have been conducting a series of tests that focus on improving the security aspect. Because of the success of these tests, the CAVs can successfully connect with one another, roadside infrastructure, and allow the roadside infrastructure to connect with each other. Their testings focused on four innovations with regards to IoT-enabled Mobility and Transport Demonstrator. The four innovations include:
Priority is given to Authentication Process
For a vehicle to identify another vehicle is an expensive action. Since current CAVs have little computing resources, they can only identify a specific amount of identities in the messages. For instance, on a busy road, there will be not one but multiple cars sending messages simultaneously. This can be overwhelming and will not provide the vehicles with enough time to verify the identities in a quick manner.
In these situations, it becomes more likely for an adversary to send ambiguous messages that prevent the vehicle from identifying the correct identity of the message sender. Therefore, messages can now be verified based on the high or low priority assigned to them. Considering this, a high priority message will be verified first when compared to messages having different priorities.
Group Signatures
CAVs make it possible for vehicles to communicate with one another. But, there should be a way for messages to be identified as coming from driverless cars. However, revealing the identity of the cars allows them to be tracked for longer periods. To maintain security and privacy, group signatures can come in handy which could indicate that a certain CAV is a part of a group.
The group signature policy can be modified in a particular manner which allows it to use and update a timestamp every 10 minutes. For instance, if a car sends a message at 9:00 pm and again at 9:10 pm, each of the signatures would be different from the first one. This will trick the eavesdroppers into thinking that the signatures originated from two different sources.
Decentralized PKI
When a vehicle is on the road, it will meet other vehicles at one point or another. To verify the identity of the vehicles, a public key would need to be downloaded from any available keyserver. However, hosting the keyserver in the local cloud comes with its own limitations as the additional hops of communication further increases the time process of obtaining keys for identity verification. On the other hand, if the key servers are distributed by the Edge infrastructure on the side of the roads, this makes it possible for vehicles to receive public keys on a timely basis.
Decentralized PKI with Pseudonyms
This innovation works successfully based on the workings of other innovations. Through this innovation, new identities could be issued to vehicles on the road as an added layer of security. However, for this innovation to work, it is crucial that group signature works in combination with it.
Each of the innovations was tested in the real world on the university grounds of Surrey and Warwick along with Millbrook Proving Ground. Apart from testing new innovations, this research also made some recommendations to improve the cybersecurity of the CAVs. For instance, investments should be made in new communication infrastructure and researchers should continue to test CAV and roadside infrastructure for new kinds of cyberattacks. But, does this mean that the CAVs ecosystem is protected from cyberattacks? Absolutely not!
Cybersecurity and CAVs
Despite all the innovations and tests, the CAV ecosystem still contains a large number of emerging challenges. The biggest challenge comes in the form of blending the physical realms with cybersecurity. In a dynamic IoT environment, the existing or new technologies can expose any organization or the involved vehicles to security threats of a converged basis.
There is the issue of data security and privacy as well along with the attacker’s sophistication. Protecting consumers or vehicle information requires advanced security protocols. However, due to the IoT and interconnected nature of this entire process, there are so many hidden backdoors or opportunities waiting to be exploited. This combined with the attacker’s sophistication increases the risks and intensity of the cyberattacks.
While the majority of the risks originate from external players, one cannot ignore the insider threats. The latter can cause more damage since they are trusted members, have ample knowledge, and enjoy access to critical CAV infrastructure. Whatever their motivations are, they could be in a strong position to commit fraud, steal data, sabotage functions, or cause physical harm to CAV occupants.
There is also the possibility of cyberattacks through V2X communication channels. When the on-board software needs navigational or security updates, the CAVs connect back to the manufacturers to get real-time access to the software-related patches. If the communication channels are vulnerable, it could result in compromised security and safety of the CAVs and its occupants.
All of this could lead the cyber attackers to hijack the vehicles or gain physical control. Once the vehicles are remotely accessed, the hijackers can steal CAVs or cause physical harm to the vehicles or its occupants.
Cybersecurity threats are becoming sophisticated with time which is having serious repercussions on the ever-growing CAV industry. Consumers are hoping for a better and sophisticated CAV experience, but, in order to provide this, CAVs need to collect more sensitive information about the vehicles and its occupants. To further maintain a better experience, the collected data needs to be shared with an interconnected ecosystem of service providers and manufacturers.
Because of the sensitive nature of this entire process, CAV and its associated industries become a hot target for cyberattacks. Although the industry landscape is rapidly changing, the stakeholders continue to be hesitant since the entire industry heavily relies on trade secrecy.
Currently, CAVs and its related industries are proving itself to be an attractive endeavor with many companies investing in mobile/web app development services. But, until the security aspect of the CAVs is dealt with, researchers need to keep finding new and innovative methods to thwart the cyberattacks for good!
Arslan Hassan is an electrical engineer with a passion for writing, designing and anything tech-related. His educational background in the technical field has given him the edge to write on many topics. He occasionally writes blog articles for Dynamologic Solutions.
Photo attribution: ng Connect Program licensed under the Creative Commons NonCommercial 2.0 Generic (CC BY-NC 2.0).