Securing the connected, smart and increasingly autonomous cars of tomorrow against hackers and criminals will only get harder as the computerized and constantly communicating ecosystem for connected vehicles expands to take in smart road infrastructure, smart homes and smart cities.
That’s the warning in “Observations and Recommendations on Connected Vehicle Security,” a new paper from the Cloud Security Alliance, a tech-focused industry group that studies security issues and promulgates best practices. The authors were lead by Brian Russell, who is the chairman of CSA’s Internet of Things Working Group and the chief engineer for cybersecurity solutions at Leidos.
They note that a connected vehicle’s attack surface only gets larger as automakers add more navigation, engine-control and entertainment systems inside the car, and society adds more smart devices and connected infrastructure outside of it.
“Within a system-of-systems such as the CV ecosystem, there are many points of interconnectedness. A compromise of any one of these points potentially offers attackers the ability to move laterally throughout the entire ecosystem to compromise other points,” the report says.
CVs are already interacting with smartphone apps and with smart home systems like Amazon’s Echo, the authors note. “Adding additional connectivity means additional security risk,” they state.
For instance, a hacker might be able to gain access to the in-car stereo system through an insecure Bluetooth connection. But the stereo may be connected to safety-critical systems like the accelerator and brake “to allow raising or lowering sound volume based on the speed of the vehicle.”
“It is important to secure even a simple use case like this one,” the authors conclude.
Another issue is that as the use of smart navigation or autonomous driving systems grows, “vehicles will quickly become reliant on messages received from other vehicles, infrastructure and mobile applications. It is therefore crucial to be able to trust that these messages will be delivered as expected, have not been tampered with, and have not been sent by unauthorized entities.”
Sending spoofed messages could mislead autonomous cars or even human-driven ones with anti-collision safety software — causing accidents.
“The provenance of [messaging] data must be trustworthy, including data flows obtained from or processed through cloud-based applications,” the authors conclude, recommending the use of asymmetric encryption employing public key infrastructure, or PKI.
They favor the use of a system backed by the major automobile manufacturers and developed by federally funded scientists at the University of Michigan and called the Security Credential Management System, or SCMS. They call its role “critical.”
But SCMS has come under fire as too unwieldy, because privacy concerns rule out the traditional PKI certificate structure, in which a digitally-secured certificate associated with your identity proves who you are. Such a system for cars would enable them to be tracked, so SCMS uses random certificate identifiers that rotate frequently so that a single car or driver can’t be followed by watching their certificate.
But above all, the authors of the report stress the need to incorporate security and secure design at every stage of the development process of all the technologies involved in the CV ecosystem — especially as it grows to include crowd-sourced traffic data and smart road infrastructure.
“For a safe and secure transportation system,” they conclude, “the [connected vehicle technology development] community must take a fresh look at the larger picture, and develop the policies, designs, and operations needed to incorporate security throughout the design.”