Could Your Car Be Hacked? Smarter Auto Computers Pose Cybersecurity Concerns
RENO, NV… While the next generation of cars will usher in new embedded computers that offer exciting comfort, performance, safety, economy and infotainment applications, cybersecurity engineers are challenged to retain reliability and defend against cyber attacks that could directly impact physical safety and dependability.
University of Nevada, Reno electrical and computer engineers presented, at the IEEE Consumer Communications and Networking conference in January, a design for smart cars that improves security, dependability and energy efficiency. The research project is halfway into a two-year development plan.
Arslan Munir, assistant professor of computer science and engineering and director of Parallel and Distributed Computing and Embedded Systems Laboratory, developed a new architecture for electronic control units, or ECUs, that tested 48 times faster while using two-and-a-half times less energy than existing architectures. It also paves the way for more fully automated driverless cars. And it also ups the ante for dependability, since ECUs in automobiles must operate in harsh environments with zero-tolerance for failure in safety-critical systems such as steering and braking.
It’s a timely innovation – as consumers demand ever-smarter cars, the modern automobile has come to be defined by hundreds of ECUs, which can control everything from your music to your brakes.
“If there is some small error when you’re listening to music, it’s not a big concern,” Munir, a member of the University’s Cybersecurity Center, said. “But when you go to these safety critical systems, then it becomes life threatening.”
That connectivity has also introduced significant security risks, Munir said. Last year, a group of government agencies warned consumers that their vehicles were increasingly vulnerable to hackers, with points of entry ranging from phones connected via Bluetooth or Wi-Fi to devices plugged into onboard diagnostic ports to tire-pressure monitoring systems. Once inside a vehicle, a hacker can gain access to critical functions such as brakes and steering, as an article in WIRED in 2015 demonstrated in harrowing detail.
Munir, who received a $175,000 grant last year from the National Science Foundation to study security and dependability in cyber cars, has been working on developing both software and hardware solutions that can make cars more secure.
“Modern cars are vulnerable to security attacks, so our goals are to make them secure and dependable,” Munir said. “Automotive systems have a challenge because steer-by-wire, brake-by-wire are real time, so whatever you are doing you are expected to get a response within milliseconds. So that is the real challenge and we target this issue.”
Munir’s approach combines an encryption standard to ensure confidentiality with a hash-based messaging system to ensure message integrity. A quick error detection system regularly checks the computations to detect and repair problems in real time. He has successfully tested his approach on industry-standard prototyping boards.
The architecture Munir has developed would need car manufacturers to integrate it into their vehicle designs before consumers could benefit from the speed and energy efficiency, but Munir’s software could be applied in existing vehicles to improve security and dependability.
“Our solution is meant for existing vehicles to make them secure and dependable,” Munir said. “We also proposed a new architecture that has built-in hardware security and dependability features, and by using that we show that we can achieve the same or more security and dependability while doing it in a less time and energy.”
Now, Munir is turning his focus to key generation, devising a system that enables real-time, on-vehicle generation of encryptions keys, instead of the current method of manufacturers generating a key when the vehicle is manufactured and then storing it in a separate, potentially vulnerable, location.
“When you integrate security into the vehicles you have secret keys,” Munir said. “Right now, we assume that the keys are stored in secure, tamper-resistant memories of participating ECUs by the original equipment manufacturer. What we are looking into is to generate the key at the run time using hardware-based security techniques instead of storing it somewhere, because once it’s stored it’s more susceptible to tampering and is less secure.”
Despite the unsettling implications of a hacker gaining control of your automobile, Munir doesn’t think drivers need to be nervous.
“Security and dependability in computers has started to gain importance in the automotive industry and they are making it better and better,” Munir said. “The automotive industry is realizing security and dependability are issues, and they are integrating it, and there are standardization efforts there.”