Joe Gullo, the senior director for Rambus automotive strategy and development, recently participated in a TU-Automotive panel that explored the importance of securing next-gen autonomous vehicles. Indeed, the number of threat vectors in the automotive sector have exponentially increased in recent years. This is due to a range of factors, such as more complex software code, ubiquitous connectivity, a greater number of components and broader functionality.
Gullo kicked off his Q&A session by observing that automotive security best practices currently fall into three primary categories: authentication, multi-faceted designs, and flexibility.
“Authentication needs to happen in both directions. In other words, the car has to trust the cloud and the cloud has to trust the car,” he told panel participants and conference attendees. “Unfortunately, I think that authenticating vehicles sometimes gets less attention than it should. This is also true for any IoT device, even refrigerators and washing machines.”
As Gullo pointed out, a multi-faceted design approach is required to address a range of threat vectors, including attacks on the cloud-to-car connection, the in-vehicle network and specific ECUs. However, he emphasized there isn’t a “single, simple solution” that offers optimal security.
“For example, the components for V2X security may not be effective for monitoring and protecting in-vehicle networks. In general, security architectures need to be flexible because future threats are unlikely to resemble our current understanding of threat vectors,” Gullo explained. “These architectures need to have the ability to learn, evolve, and improve ‘in the field’ as new threats emerge. We also need to be thoughtful regarding solution complexity so systems can be adapted quickly as new threats emerge. This means relying on the fundamentals, such as proven algorithms, robust key management, secure boot loaders and constant threat detection, for example.”
As Gullo noted, this is precisely why automotive security architecture needs to evolve from static, simple solutions to a more dynamic framework that is self-learning, easily updatable and multi-faceted to address multiple threat vectors. This progression inevitably brings a number of new issues to the fore, including end-to-end secure data storage for autonomous vehicles.
“There are a host of companies whose core competence is secure, cloud-based data storage. OEMs can and should leverage these companies, although they should make it clear that while partners are tasked with securely storing data, they don’t own it,” Gullo opined. “Analyzing the data, generating insights from the information and acting on those insights is solely within the purview of the OEMs. Also, it goes without saying that a robust key management solution is required to secure the data in the vehicle and during transmission to and from the cloud service.”
To be sure, there are expected to be more than 350 million connected cars on the road by 2020. Google’s autonomous vehicles generate about 1 gigabyte of data every second, while Intel says autonomous vehicle are likely to produce about 2 petabytes of data per year. Information generated by connected and autonomous vehicles includes environmental data, as well as vehicle and driver performance.
“Maintaining the integrity of safety-critical and forensic vehicle data, particularly with respect to V2X, driver performance and vehicle performance, is absolutely critical. While some data should be shared for the ‘common good,’ it will undoubtedly be challenging to reach consensus on precise parameters,” Gullo emphasized. “Whether it’s through the Auto-ISAC or some other consortium, the industry clearly needs to agree on a ‘common good’ data set and ensure that vehicle owners are aware of the requirement to share this information.”
Gullo also described current security standards, specifications and guidelines including the ISO 26262 standard for functional safety and SAE’s J3061 Cybersecurity Guidebook (for Cyber-Physical Vehicle Systems).
“There is also SAE’s pending J3101 standard titled Requirements for Hardware-Protected Security for Ground Vehicle Applications, while UMTRI and the Southwest Research Institute are working on a framework for secure OTA software and firmware upgrades. This space is still evolving, although quite a lot has already been accomplished,” he added.