Security Considerations for Connected Autonomous Vehicles
Research Engineer, Southwest Research Institute
Harold (Abe) Garza
Goals of this presentation
• Explain the current state of non-autonomous vehicle security,
connected vehicle security, autonomous vehicle security
• Discuss Connected Autonomous Vehicle (CAV) security
• Explain the need for a defense-in-depth mindset
Intro
• Connected Autonomous Vehicles (CAVs) = Modern Vehicles + V2X +
Autonomous Vehicles
• CAVs are beginning to enter the roadways, and vulnerabilities are
already being discovered in themo Will get to these later…
• Look to non-autonomous vehicles to understand the impacts
cybersecurity vulnerabilities have hado 1.4 million recalls in U.S. due to cybersecurity vulnerabilities in 2015
Non-Autonomous Vehicle (i.e. What I Drive) Technology - The “Problems”
• CAN: The backbone of modern vehicle communicationo Used for real-time communication between vehicle-critical electronics
o Designed with responsiveness and reliability in mind
o Wasn’t created with security in mind
• Infotainment Unit: Pandora’s Box for modern vehicleso Added useful features: Satellite radio, GPS/Maps, Cellular connectivity, Wi-Fi for passengers, Display
vehicle statistics, etc.
o This has created a bridge between the Internet and an insecure network
Internet Infotainment CAN
Engine
Brake
Transmission
Connected Vehicles (V2X) - The “Problems”
Connected Vehicles (V2X) - The “Problems”
• How do vehicles talk to its surrounding environment?o Modern vehicles use cellular (2G/3G/4G/LTE)
o Several wireless technologies are under development
• Digital Short Range Communication (DSRC)
• 5G
o Next generation of connectivity will have many safety-critical features
o More connectivity = more attack vectors
• Software Over-The-Air (SOTA) Updates
Autonomous Vehicles - The “Problems”
• Still under development, but several partial-automation technologies
are in vehicles on the roads right now
• Several sensors used by AVso LiDAR
o RADAR
o Cameras
o Ultrasonic
o GPS
• Software/algorithms behind these sensors
• Again, more technologies = more attack vectors
Non-autonomous Vehicles -Solutions
• Isolation (e.g. Gateways)
Infotainment CAN
Engine
Brake
Transmission
Connected Vehicles (V2X) - Solutions• Write standards with security in mind
• Validation
• Isolation (e.g. Gateways)
• (Strong) Encryptiono Don’t use static/non-unique keys! Use Diffie-Hellman or implement Public
Key Infrastructure (PKI)
o Use end-to-end encryption
SOTA Firmware
Server
Vehicle Transceiver
Internal Vehicle
NetworkECU
Infrastructure Transceiver
Encrypt the following data with
ECU public key: 0x123456789A
Encrypted Payload: 0xFA5625871F368BF1B184EA8E432C80E0
Decrypt firmware with ECU private key to
arrive at:0x123456789A
Autonomous Vehicles - Solutions
• Secure the sensorso From internal threats
o From external threats
• Looking aheado The algorithms behind these sensors must also be secured
Connected Autonomous Vehicles (CAVs)
• Combine all of these technologies and you get the picture of what a
CAV might look likeo CAVs will naturally inherit all of the risks and vulnerabilities from enabling technologies
o One compromised/malicious CAV in a sea of other connected vehicles/CAVs…
• These risks and vulnerabilities must be analyzed and mitigated in order
to secure the future of transportationo This is where defense-in-depth comes into play
Defense in depth: approach or mindset?
• Defense in depth should be a mindset, not just an approach
• Defense in depth means that every layer/interface/vehicle is analyzed for its risk and vulnerabilities, and then mitigate those risks
• As usual, don’t just implement security - test it
SOTA Firmware
Server
Vehicle Wireless
Transceiver
Internal Vehicle
Network(s)
ECU
Infrastructure Transceiver
AV Sensors
Conclusion
• Defense in depth mindsetso From the perspective of automotive manufacturers
o From the perspective of transportation management
• Think like an adversary