Protecting connected autonomous vehicles in a smart city

INCREASING automation of passenger and freight vehicles offers potential safety improvements and better traffic performance, however, while the potential is great, there are still many unknowns that decision makers must manage. First among these unknowns is an uncertainty regarding safety impacts and security vulnerabilities that could emerge during increased deployment of automated vehicles, particularly when seen as part of a wider smart city approach. If authorities and companies are caught short by unanticipated incidents during deployment phases for these technologies, public distrust may grow. Furthermore, if these incidents are the result of inherent technology limitations or design flaws, automation in transport may be held back; delaying the delivery of benefits.

A second key point relates to security and privacy of connected and automated vehicles’ systems. This includes ways of defining security-relevant system boundaries considering electronic control units, silicon hardware, software, vehicle systems, infrastructure, network connectivity and more.

Minimum requirements

This may involve developing measurable indicators for the security and privacy of the defined levels of the cyber-physical system. Reliable minimum requirements for baseline values, for indicators at all levels, will also need to be suggested. This includes encryption of data and authentication of user, device and messages which are applicable to all forms of connected vehicles. The level of adoption and integration of social impacts, including roadway deaths, injuries, economic productivity, congestions and emissions, and the uptake by the elderly and people with reduced mobility, needs to be studied, alongside impacts of early-stage crashes and incidents on consumer sensitivity and vehicle adoption rates.

Key issues to be investigated in the context of cyber-security regarding connected and autonomous vehicles, as part of a wider smart city approach going forward, include:

• Systems and technologies for vehicleinfrastructure interaction
• Consideration of specific requirements for hardware components
• Considerations of specific requirements for software components
• Systems and protocols to enable communication (vehicle-tovehicle communication and vehicleto- infrastructure communication)
• The necessary cloud and data storage resources
• The consideration of data encryption techniques
• The definition of system boundaries.

A matter of necessity

Discussing the necessity and benefits of communication and data exchange between vehicles, an increasing level of automation and a range of technology applications (assistants for specific functionalities, shared public transport, urban freight delivery, etc.), has determined the interaction of vehicles with the corresponding infrastructure to be of high importance. This may include the use of urban access control measures and geo-fencing for sensitive infrastructure, potential remote operation by a control centre, the protection of communication and other essential infrastructure, and the consideration of large-scale terrorist attacks (i.e. failsafe option).

Specific consideration will be given to both hardware and software components with the increasing development of vehicles carrying technology hardware. In this context it is necessary, as a starting point, to define roles and responsibilities of the key stakeholders concerned, including vehicle manufacturers, tier two industry, other technology providers, government agencies and regulators. For hardware components, physical separation of individual system components in protected execution environments with tamper resistance is necessary. Technology approaches being developed include integrated security (Hardware Security Module) and discrete security (Trusted Platform Module).

Specific considerations for the software components inside connected and autonomous vehicles include looking at the interfaces to other modules and components, and establishing the necessary trust via so-called keys, distributed ledger or blockchain. Many guideline documents have been developed in this area, with the advice focusing on defining foreseeable vulnerabilities and reasonable protection measures from the early stages of technology development. Another key issue to consider in this context is how to deal, particularly from a regulatory point of view, with over-the-air software updates changing the ‘behaviour’ of the vehicle.

The necessary technology enabling communication between vehicles and the underlying infrastructure is another key issue to investigate further. In this context there needs to be consideration as to whether the communicative systems are currently cyber-vulnerable by design. Specific technological points to be studied for this include the means of communication, for example the frequency bands used, data formats, standardisation of formats and technologies, and the authentication needs. Recommendations for addressing this relate to defining the minimum information requirements, communication technology-specific protection against cyber-threats, government action and regulatory intervention.

Data storage, encryption and access

To enable the safe running of the necessary software modules required for connected and autonomous vehicle operation, specific cloud and data storage resources will be needed. This begs the question of whether edge computing will prevent cloud solutions. Key points to investigate are the data storage model (i.e. public vs. private), capacity and deletion intervals (in the context of accident investigations), the ownership of data sets (including end user, vehicle manufacturers, government), and the principles for data access for third parties. Furthermore, it needs to be decided if we need an aviation-style in-vehicle ‘black box’ for accident investigation, legal and insurance reasons.

In addition, specific data encryption techniques will have to be developed and deployed to safeguard vehicles and essential infrastructure. Existing approaches to be considered here include use of the MIT Media Lab Safe Answers Framework and implementation of Privacy-by-Design principles in all stages of the value chain, from technology development and prototyping, to full commercial launch of a transport service to the wider public in smart cities. In this context, use of the blockchain approach, which is being considered already in other sectors, might be key. Thus, a cross-sectoral approach might be preferable to a stand-alone system, i.e. learning from the aviation, health or banking sectors.

The first demonstration of a car being hacked illustrated the existing cyber vulnerabilities through media systems, which were manipulated to drive the car remotely and proved the need to define the system boundaries. This involved the separation of core systems and core components. The question is where the boundary lies, and the potential need for a tiered approach must be considered, or functional hierarchy needs to be investigated. For connected vehicles to be safe and secure, we must see some degree of international harmonisation and standardisation.

Biography

DR. TOM VOEGE is a Policy Analyst at the International Transport Forum (ITF) at the OECD, coordinating work on vehicle automation and big data. Previous roles include Traffic Safety Expert for the UN, following on from consulting and academia.