Bartosz Wojenka Aug 01, 2024 - Interior sensing

Comprehensive Cybersecurity Measures for Autonomous Vehicles: Protecting the Future of Transportation

In the era of digitization and increasing vehicle autonomy, cybersecurity issues have become crucial. Autonomous vehicles are seriously vulnerable to cyberattacks, which threaten user data and road safety. The potential risk of cyber incidents, proven by penetration tests, their scale, and sophistication, requires manufacturers to implement advanced protection measures.

Emerging Cyber Threats:

The New Battleground for Autonomous Vehicles

Despite their advanced technological nature, autonomous vehicles are susceptible to various cyberattacks, posing a serious threat to their safe operation. Hackers can exploit vulnerabilities in these vehicles’ operating systems, potentially leading to dangerous situations on the road. A notable example is the infamous 2015 attack on a popular US brand specializing in SUV vehicles, where researchers remotely took control of the vehicle by manipulating its infotainment system. Such incidents highlight the need for enhanced efforts to secure the software of autonomous vehicles.

Similarly, not only the software might be vulnerable, but physical components of the vehicles can also be targets of sabotage. Damage to sensors such as LIDAR or radar can disrupt the proper functioning of autopilot and safety systems, potentially leading to catastrophic consequences. Attacks on these critical infrastructure elements underscore the importance of securing both the software and physical components to ensure road safety.

Simultaneously, electric vehicle (EV) charging stations are becoming a new battleground for cyberattacks. Hackers can target these stations to access users’ personal data or disrupt energy supplies, leading to significant problems in the charging network.

Telematics and infotainment systems are also susceptible to cyberattacks. Attacks on these systems can lead to access to sensitive user data, such as vehicle location, travel history, and even financial information. In 2023, a significant increase in such attacks was observed, emphasizing the need to strengthen the security of these systems to protect the privacy and safety of future autonomous vehicle users. [1]

The threats associated with software control takeover, physical damage, attacks on charging infrastructure or telematics, and infotainment systems highlight the broad and complex challenges of cybersecurity in the context of autonomous vehicles. Modern vehicles must be equipped with advanced security measures to effectively counter these threats and ensure safe and reliable operation.

Cutting-Edge Defenses: Ensuring Hardware Security

To effectively counter increasingly advanced cyber threats, autonomous vehicle manufacturers are implementing advanced hardware solutions. A key tool in this field is an isolated processing environment. For example, autonomous processing systems that act as independent defense systems within the vehicle can ensure the security of the vehicle’s critical functions even if the initial layers of security are breached. Such solutions allow for the safe and reliable operation of autonomous driving algorithms in a completely isolated environment. [3, 4]

Equally important is the security of communication and data protection within the vehicle. Modern approaches to cybersecurity in autonomous vehicles involvethe use of self-aware architectures that introduce system-level accountability. This architecture enables real-time monitoring, analysis, and decision-making regarding security, both within the vehicle and remotely. These systems implement a multi-layered structure that allows for precise tracking and management of data, which is crucial in countering man-in-the-middle attacks. This approach allows for dynamic adaptation to changing conditions and threats, ensuring the integrity and authenticity of transmitted data. [2]

Hardware Security Modules (HSM) act like safes storing the most valuable treasures – cryptographic keys. These dedicated security devices not only store keys but also perform complex cryptographic operations, ensuring the integrity and authenticity of data exchanged in vehicles. HSMs are installed in electronic control units (ECUs) and include their own processor, cryptographic technologies, and dedicated memory, allowing them to perform security operations independently from the ECU. Although their implementation can be costly, they are essential in modern automotive systems. [3, 4]

Lastly, Trusted Execution Environments (TEE) create a secure enclave within the vehicle’s main processor, where critical operations can be performed without the risk of disruption. TEE enables secure over-the-air (OTA) updates and cryptographic key management, which is crucial for maintaining the integrity of vehicle systems. These solutions provide a high level of security for the vehicle’s internal operations. [3]

Together, these technologies form a comprehensive defense system that allows autonomous vehicles to operate safely in a world full of cyber threats. Thanks to these measures, our cars become not only smarter but also significantly safer.

Photo credit: Kaique Rocha on Pexels – https://www.pexels.com/pl-pl/zdjecie/widok-z-lotu-ptaka-czarnego-suv-na-drodze-108152/

Regulations and Industry Standards

Cybersecurity regulations for autonomous vehicles are rapidly evolving to meet growing challenges and threats. The United Nations Economic Commission for Europe (UNECE) is actively working on new regulations under the World Forum for Harmonization of Vehicle Regulations, the results of which is the UNECE WP.29 framework. Simultaneously, new standards such as ISO/SAE 21434 and ISO 24089 establish guidelines for cybersecurity at every stage of the vehicle’s lifecycle, from development to post-sale.

ISO/SAE 21434 focuses on road vehicle cybersecurity, requiring manufacturers to implement comprehensive cyber risk management strategies. These include regular penetration tests, vulnerability assessments, and real-time threat monitoring. As a result, vehicles are better protected against attacks, and security measures are continuously updated according to the latest threats and technologies.

Once the vehicle is on the road, it is equally important that its software is updated securely and authentically. ISO 24089 ensures that each software update is thoroughly tested for security before deployment. Additionally, manufacturers must have the ability to quickly withdraw or correct updates in case of any issues. This protects vehicles from potential system failures caused by malicious updates or bugs in new software. [6]

WP.29 regulations encompass a wide range of guidelines on cybersecurity and vehicle emission standards to protect vehicle communication systems from unauthorized access and ensure that the data stored and transmitted by the vehicle is secure. WP.29 requires vehicles to comply with the latest technological standards and be capable of defending against constantly evolving cyber threats.

All these regulations and standards together create a complex security system designed to ensure that autonomous vehicles are not only innovative but also safeand reliable. Thanks to them, we can be confident that our future journeys will be secure in the face of growing cyber threats.

Future Directions

The automotive industry will continue to invest intensively in cybersecurity, with the market expected to grow from $4.9 billion in 2020 to $9.7 billion in 2030.

A key element of these investments will be adopting a layered security approach, combining both hardware and software solutions to effectively protect vehicles against new threats. [8]

Through these efforts, the automotive industry will be able to ensure that autonomous vehicles are not only technologically advanced but also safe for users.

Sources:

[1] Upstream’s 2024 Global Automotive Cybersecurity Report​

[2] MDPI’s article – „Self-Aware Cybersecurity Architecture for Autonomous VehiclesSecurity through System-Level Accountability.”, University of Turku, 2023

[3] AUTOCRYPT’s article – “In-Vehicle Cybersecurity: A Closer Look at HSM and TEE”, 2023

[4] Infineon – „AURIX™ Hardware Security Module for automotive Cyber Security”

[5] KPMG Global’s report – “Cybersecure vehicles.​”, 2024

[6] ENISA’s report – “Cybersecurity Challenges in the Uptake of Artificial Intelligence in Autonomous Driving.”, 2021

[7] McKinsey&Company’s publication – “Cybersecurity in Automotive. Mastering the challenge.”, 2020

Author:

Bartosz Wojenka, AV/ADAS Engineer at Robotec.ai