Connectivity brings many benefits for vehicle owners, but it creates many challenges for engineers. Security is perhaps the most difficult since stopping hackers is an ongoing task.
Wireless links provide a simple way for hackers to attack vehicles, but security concerns encompass many other aspects of emerging vehicle technologies. Autonomous driving systems will take control of brakes and steering, so they must also be protected, for example.
Panelists at SAE 2014 Convergence's "A Secure Personal Mobility Experience" session set the stage by citing a number of reports that show how various vehicle controls could be hacked. Then they delved into preventive techniques and technologies, noting that security has many aspects.
“We need to be able to store secure information on the vehicle,” said Shawn Slusser of Infineon Technologies Corp. “Some of the elements are cryptography, authentication, and root of trust, which tells you if information is correct. The technology must also provide for revocation, so you can take away authorization, if necessary.”
Moderator Paul Hansen of The Hansen Report noted that connectivity is the primary reason that security has become a hot topic in the industry, likening the increased threat to the challenges that came when standalone personal computers began connecting to the Internet. Security experts from multiple industries agreed that automakers need to add security into their design strategies.
“To get secure devices, companies must build trustworthy programs,” said Roger Seagle, a Cisco Systems programmer who basically tries to hack Cisco’s products. “They have to be able to build security into new products. That’s easier than bolting it on later.”
Protective schemes will have to span the entire architecture for electronic systems. Isolating critical functions from consumer-oriented technologies like infotainment is one critical aspect.
“Security is a guiding factor,” said Lars Reger of NXP Semiconductors. “You need to do things like isolating the powertrain from the infotainment system.”
The broad requirements of security will drive many companies to work more closely with suppliers and specialized consultants. Chip makers will play an important role in protective schemes.
“This is an opportunity for the auto companies to get closely engaged with the CPU companies,” said Liam Quinn of Dell Inc. “There will be challenges around certification and testing. Security requires an ecosystem approach.”
Adding security to vehicle systems won’t be simple. Panelists noted that adding features and protecting systems are sometimes opposing concepts.
“Companies that have security groups will always have battles between the people who want to add features and functions and those that provide security,” Seagle said.
Security isn’t something that can be designed and forgotten. Protection schemes must evolve to meet new tactics used by attackers. Systems will always have some vulnerabilities. Sometimes, they won’t be spotted until vehicles have been on the road a while. That means strategies for software updates will be required.
“First, you need to come up with a security architecture that meets all the threats at this time,” Seagle said. “There will always be a new vulnerability next month; companies have to find ways to protect against the newest threat.
One solution is to offer over-the-air updates. This technique, widely used for cell phones, will let automakers revise programs without requiring action by vehicle owners. However, firmware over-the-air updates will probably be offered only for functions like infotainment.
“Remote updating is a necessity,” said Bently Au of Toyota Motor Sales USA. “For low-security functions, you can do over-the-air updates. But when you look at the powertrain, people will still have to come into the dealership.”
Replacement parts pose another key challenge. Panelists noted that there’s a risk that electronic modules could hold viruses or other malware. Vendors will have to augment existing techniques for component certification.
“We provide circuit board manufacturers with antennas that they can put in hardware,” Reger said. “That helps them detect whether certain parts have been removed.”
Adding all these elements won’t come without costs. Reger said that security could be added to some modules for only a couple dollars. He explained that securing vehicle electronics is analogous with protecting a home. Protection can start with simple locks, progress to dead bolts, then to security cameras, on up to a guard by the door. While he set costs for the low end, other panelists said total costs will be far higher in many areas.
“I think security will cost way more than $10,” Slusser said. “We were talking with NHTSA about security for vehicle-to-infrastructure communications, they were talking about 32 MB of memory. To do engine controls, we only need 8 MB.”
However, automakers don’t have a choice, according to Toyota’s Au. If security isn’t effective, many costly problems could arise. Instead of avoiding costs, companies need to work to keep them in check.
“There will be a fairly large impact, but airbags also added significant costs,” Au said. “Standards will help us keep costs down.”