Semiconductor Engineering’s Ann Steffora Mutschler recently penned a detailed article about the future of autonomous vehicles. As Mutschler observed, autonomous driving and other advanced features will require far more complex software than what is found in cars today.
“To make this all work will require complex algorithms as well as co-designed hardware, which can make real-time decisions to avoid accidents and adjust to changing road conditions,” she explained.
“Automobiles already take advantage of sophisticated software executed by a variety of microcontrollers, but while these software designs are quite complex, cars are still considered to be standalone and self-contained systems. Interaction with the outside world is quite limited.”
To more efficiently and safely perform new complex operations, future vehicles will increase their interaction with the surrounding environment, other vehicles (V2V), as well as roads, traffic lights and signs (V2I).
According to Asaf Ashkenazi, senior director of product marketing in the security division at Rambus, the comprehensive interaction of the car with its environment will allow vehicles to exploit valuable data generated by external sources – and to share that information with others.
“[However], the benefits of sharing information comes at great risk. V2V and V2I will expose the car to hackers and malicious payloads, manipulating the external communication channels,” Ashkenazi told Semiconductor Engineering.
To ensure the security for future cars, says Ashkenazi, automotive software will require a transformation.
“First, the car’s different software components will have to authenticate external systems it interacts with and trust the data it receives,” Ashkenazi elaborated. “This can be done with cryptography and keys, backed by a hardware root-of-trust. Second, a car’s software quality will have to be improved to reduce the number of bugs and vulnerabilities. This can be done by adopting secure coding methods and practices, as well as tighter code quality reviews.”
In addition, says Ashkenazi, various software systems in the vehicle will have to be separated and contained.
“[This] assures that a compromise of one software system does not spread and compromise other systems in the car— similar to how ships use compartments to contain torpedo damage,” he added.
As Ashkenazi previously noted, the complexity of connected and autonomous vehicles presents a unique challenge for the automotive industry.
“People tend to see the car as a mechanical machine, [so] they don’t understand the amount of electronics that gets into a car these days. In the average car, there are more lines of code than in some commercial aircraft,” he observed. “The number of electronic components, the chips, that are running in a car is huge. The potential for an attack as you have more lines and more devices—what we call the attack surface—is much bigger.”
Ashkenazi also emphasized that chipmakers should embed a root-of-trust in appropriate hardware.
“[Because] in reality, there is not enough security in chipsets going into automotive [systems and components]. Nobody thought of it in advance and [that is why] we have some problems today,” he added.