- The issues and vulnerabilities involved in autonomous vehicle are often under-studied.
- Researchers have developed a tool for identifying cybersecurity risks in self-driving vehicles.
- The new model presents a blueprint for reducing security threats and make automated vehicle system more secure and safe.
The self-driving cars are still in their infancy phase, and it’s no secret that developers face several problems to be solved before these vehicles can hit the road. These problems involve defining legal issues, creating essential infrastructure, checking weather conditions, testing for safety and much more. The fact is that you can’t ignore such vital issues of cybersecurity in automated vehicles at any cost.
The every next generation of auto technology brings some new security risks, and the issues and vulnerabilities that come along with new techniques are often under-studied.
The present self-driving cars, for instance, are vulnerable to all computer network security threats. This could include hackers who want to access sensitive data like passwords, denial-of-service that could shut down cars, and spoofers who feed fake information to a vehicle.
Researchers at University of Michigan have developed a tool and technique for identifying and analyzing cybersecurity risks in self-driving vehicles. It presents a blueprint for reducing these security threats and make automated vehicle system more secure and safe.
Understanding The Vulnerabilities
Credit: Steve Alvey, Michigan Engineering
Instead of taking you office, you vehicle delivers you to a desolate location. You command your car to pick you from the mall and instead you get a message “send $500 to this account and it’ll be there”.
Well, these are just examples, the threats to self-driving cars can come through any system that connects to car’s sensors, processors and control applications, and also external inputs from the other vehicle on the road, GPS data and infrastructure. We are trying to say that all parameters of autonomous vehicle like speed, braking, steering are exposed to attacks.
In the worst case, hackers could use autonomous vehicles to get into your home, open the garage and control everything that runs on automated system.
We need to develop a unique threat examination system that maps the vulnerabilities and assesses the identified level of risk in each individual automated application.
The New Threat Identification Model
The new model combines the strength of the threat models from the European Commission’s E-safety Vehicle Intrusion Protected Applications (EVITA) and the National Highway Traffic Safety Administration (NHTSA), and adds some extra flavors.
Each threat has attacker (threat agent), one or more module that could be attacked, and one or more attack models for each module.
Threat agents are usually analyzed by their capabilities to state the possible chances of attack. Vulnerable module of autonomous vehicle like sensors or GPS systems are examined as per their characteristics and potential for attack. For third attack method, the system uses classifications developed by Microsoft, which includes Spoofing Identify, Information Disclosure, Elevation of Privilege, Denial of Service, and Tampering with Data.
The attack potential analyzes the difference between systems’ ability to withstand the attack and threat agent’s capability to implement a successful attack. It takes some important factors into account like time need to create and implement attack, financial requirements and attacker’s technical expertise.
Motivation captures both deterrent and motivations for a threat agent to implement the attack. And, the impact analyzes the level of owner’s loss, including his financial data, privacy and safety.
Threat matrix visualization for driverless valet parking
For instance, the study determined that the most common attacks are – an intelligent hacker transmitting fake data to your car’s receiver to turn off remote parking, and a mechanic disabling the remote parking sensors for additional maintenance. Both these cases received 6/10, with 0 being lowest and 10 being highest probability.
Reference: ACM Digital Library | doi:10.1145/2994487.2994499
While the attack that involves an expert spoofing your remote parking signal in order to steal your vehicle would have the most impact – 7 on the scale of 10 (according to the new model).
Thinking Long Term
It’s important to focus on cybersecurity issues at presents to develop solutions that can enhance the levels of automated driving technology. Many giant automakers (including BMW and Audi) have already included semi-automated functions in their cars that offers Level 3 autonomy. While the scope of security risks in semi-automated systems are not as much intense as they’ll be for completely automated vehicles, they do exist.
This should be addressed before upgrading to Level 4 and 5 autonomy that require almost no human involvement. There is a lot to be done to ensure the cybersecurity of mass autonomous vehicles, beyond this starting point.