Why Automotive Cybersecurity is Important

Article By : Saumitra Jagdale

Cybersecurity is becoming a fundamental concern for the development of autonomous vehicle (AV) systems, as attacks can have serious consequences and can put human lives at risk.

Cybersecurity is becoming a fundamental concern for the development of autonomous vehicle (AV) systems, as attacks can have serious consequences for autonomous electric vehicles and can put human lives at risk. Software attacks include data-driven decisions negatively impacting the autonomy of EVs and compromising the benefits of autonomous cars.

AVs have seen many recent advances, with the integration of technologies like edge computing, private 5G, and high-performance processing units. In autonomous EVs, edge computing helps process the high volume of data at the edge to reduce latency and help vehicles make data-driven decisions in real time. Edge sensors deployed in vehicles have the scarcity of resources but require high computational power to process data. This data is then migrated to edge data centers and the cloud to serve vehicle-to-everything (V2X) communications and services that have sparked significant interest as a potential element of future intelligent transportation systems.

V2X facilitates communication and interaction between vehicles (V2V), infrastructure (V2I), pedestrians (V2P), and networks (V2N). But these advanced communication systems introduce more surface area for cyberattacks and damage the existing ecosystem, which can lead to serious repercussions.

Cyberattacks in V2X communications

V2X communication system - Automotive cybersecurity
V2X communication system

In the whole AV ecosystem, V2X communication takes care of the transmission of edge data across the various parts of the traffic system and requires multiple communication channels between these edge sensors and other infrastructure. These multiple communication channels expose vehicles to cyberattacks, which can have severe implications not only for the vehicle but other connected devices. An increase in the number of connected devices can make these cyberattacks unpredictable and more frequent.

Many different entry points can be used to infiltrate a vehicular architecture, including vehicular databases, remote communication technologies, and vehicular parts. In recent times, researchers have focused on vehicle ad-hoc networks (VANETs), which use dedicated short-range communication (DSRC) based on the IEEE 802.11p standard for wireless access in vehicular networks. Another communication protocol used within V2X communication is the mobile cellular network that uses the long-term evolution (LTE) technology.

One of the most common V2X-communication–related attacks is the VANET, which has been widely researched since 2008 to analyze the secure problems for wireless communication transmission from outside the vehicular system. Some known VANET attacks include man-in-the-middle attacks, bogus information attacks, DoS, location tracking, malicious code, and replay attacks. The other known attack on AVs due to V2X communication is on the infotainment system and Bluetooth data transmission.

Security challenges in VANET - Automotive cybersecurity
Security challenges in VANET

As explained in the 2020 Vehicular Communication Elsevier journal, a three-layer framework can be used to understand the different parts of AVs and how they can be attacked by hackers:

  • The sensing layer consists of sensors that continuously monitor vehicle dynamics and the environment around it. These edge sensors are vulnerable to eavesdropping, jamming, and spoofing attacks.
  • The communication layer consists of both near- and far-field communication to facilitate communication between other nearby edge sensors and faraway edge data centers, which leads to attacks like man-in-the-middle and Sybil attacks.
  • The control layer at the top of the hierarchy enables AV functionality, such as the automation of a vehicle’s speed, braking, and steering. Attacks on the sensing and communication layers can spread upward, affecting functionality and jeopardizing the control layer’s security.

Integrating cyberdefense

Developing defense solutions to tackle the increasing cyberattacks on EVs have become a focused area of research for security engineers. To bring in technological enhancements of building self-driving software and hardware features, integrating a defense mechanism becomes an important parameter in the design process. Possible cybersecurity solutions are discussed below.

The electronic control unit (ECU) is the heart of the vehicle processing and communicating data, where the information received from ECUs is encrypted to prevent injection and man-in-the-middle attacks. Recent research shows that encryption and vehicle authentication can be used to prevent spoofing, tampering, masquerading, and replay attacks during communication between edge data centers and the vehicle.

A dedicated intrusion-detection system (IDS) is needed to continuously monitor the network systems and detect possible cyberattacks. To detect cyberattacks, a traditional IDS relies on firewalls or rule-based (non-AI-based) systems but is ineffective at detecting sophisticated automotive attacks because time-series vehicular network data does not capture the complex dependencies. AI-based solutions can be used to parse high-dimensional vehicular network data due to the availability of edge sensors in vehicles from communication between ECUs and external systems.

Defense mechanism for AVs - Automotive cybersecurity
Defense mechanism for AVs

Blockchain technology can be used in V2X communication to facilitate the secure transmission of basic safety messages between vehicular systems and the cloud. Blockchain technology provides a decentralized mechanism to allow vehicles to validate data they receive in a trustless manner. The technology can help establish secure connections between the vehicle and payment gateways for the faster purchase of fuels, transactions at toll booths, or even selling sensor data.

As cyberattacks on the automotive industry increase, defensive methods must also be under constant scrutiny. Researchers have been focusing on the security technique of CAN networks, security of authentication protocols, and intrusion-detection systems. The integration of AI and big data analysis will be considered to improve the defense methodologies and propose future-proof security models.

Subscribe to Newsletter

Leave a comment