Ann Steffora Mutschler of Semiconductor Engineering recently wrote an article that takes an in-depth look at automotive security challenges. As Mutschler notes, automakers are “scrambling” to prevent security breaches and data hacks in new vehicles. Concurrently, they are adding new and increasingly autonomous features into vehicles that open the door to new vulnerabilities.
“As with any complex system, nothing is ever completely secure. But even getting a handle on this multilayered issue is a challenge,” she explains. “Vehicle architectures today, and those being developed for future vehicles, are increasingly complex and often beyond the control of any single company.”
This is because vehicle architectures typically involve both hardware and software components, with data generated and processed at multiple levels and locations, such as within a vehicle, between vehicles (V2V), and externally via connected infrastructure.
“Some of that data is critical to the functionality of the vehicle and tightly controlled, but even less-critical data can provide a potential attack vector,” she adds.
Thierry Kouthon, technical product manager at Rambus, concurs.
“We have many challenges with vehicles today because there is an increasing amount of advanced driver assistance systems (ADAS) that require a lot of electronic control units,” Kouthon tells Semiconductor Engineering. “All the functions of the car that in the old days were mechanical or hydraulic are now computerized. Otherwise, you cannot control the car by computer. But this also provides [an attractive] attack surfaces for hackers.”
As Kouthon highlights, infotainment systems are a prime entry point for attacks due to a number of wireless connections to the vehicle. There is also the electrification of vehicles, which multiplies the number of electronic control units (ECUs). And although there are fewer moving parts, there are more electronic components that create a wider attack surface. This is especially true for autonomous vehicles which require even more advanced electronic systems.
Vehicle-to-everything (V2X) adds yet another potential attack vector, as cars and trucks will eventually communicate with traffic lights, other vehicles, and even pedestrian devices. In addition, V2X-enabled cars will communicate with non-V2X-enabled cars—or earlier iterations of the evolving technology.
“[This] means you want to make sure the communication protocols work together. Everything is wireless, and there are two main standards—5G/cellular network-based and DSRC, which is based upon direct radio frequencies between cars,” says Kouthon. “All those are almost interchangeable, and maybe both will work. [However], since you don’t have any physical connection and you are communicating wirelessly with your environment, you [must] make sure that all those messages are authentic.”
According to Kouthon, drivers need to be sure data relayed from traffic lights and stop signs is legitimate—and not spoofed by hostile hackers trying to cause an accident.
“[This] becomes an authentication problem,” Kouthon elaborates. “Authentication means that all the messages are signed with a signature, so the car can verify this message originates from a genuine source, and that it’s not a fake traffic light or rail crossing infrastructure. It needs to be a genuine one that is actually run by the city.”
In addition to potential security issues posed by city infrastructure, vehicle-to-vehicle (V2V) communication is expected to be another complex challenge, making it especially important for manufacturers to agree on a clearly defined set of protocols. This will enable vehicles to seamlessly—and securely—identify and authenticate each other.
“[The issue] of certificate distribution is an old problem that has been very well studied in the context of websites on the internet. [It is] usually pretty complex [because] certificate chains can be very long,” Kouthon explains. “In the case of the car, the challenge is to make sure that the verification sessions are very quick [so a vehicle can] verify up to upwards of 2,000 messages per second.”
Verification, says Kouthon, has implications for automotive infrastructure because it must be rapidly executed.
“[This] also impacts the certificate format, their nature, and it means you cannot design these exactly like websites were designed, where they could authenticate each other,” he adds. “With a website, it’s assumed that the user can wait a couple of seconds, whereas in the car, decisions [must] be made in microseconds.”
As Kouthon emphasizes, anchoring security in hardware is foundational to safeguarding all automotive electronic systems. This can be done by embedding a hardware root of trust in the ICs used in automotive ECUs.
“Rambus offers ISO-26262 ASIL-B and ASIL-D ready hardware root of trust cores tailored for automotive applications. These root of trust cores (RT-640 and RT-645 respectively) protect against a wide range of failures such as permanent, transient and latent faults, and hardware and software attacks with state-of-the-art anti-tamper security techniques,” he concludes.