March 1, 2013
Car Hackers: Is This The Future?
In this high-tech computerized world where the Internet is mainstream, we have programs and applications to protect our personal information and computers from being accessed by hackers. We protect ourselves and our computers from viruses, identity theft, malware and so on. But, what about the computer in our car? Is that protected? At the moment no, but the technology is being researched.
We have vehicles now that use the airwaves and have networking capabilities. An EU-funded project by the Fraunhofer Institute for Secure Information Technology is explained by Olaf Henniger, “to improve traffic safety and traffic flow, many companies and research organizations are investing a lot of effort into ground-breaking research to develop vehicle communication and networking systems. Europe is really forging ahead in car-to-car and car-to-infrastructure networking.” Part of this research is to find ways of protecting our vehicle‘s computer data from hackers.
Our vehicles come with electronics and micro processing chips that allow the computer through sensors to gather information on engine performance, wear and tear, oil quality and tire pressure. They can even detect a skid or roll before it actually happens and activate an emergency electronic stability control.
Other recent technologic advances in our autos is Car-to-Car (C2C) communication which allows vehicles to ‘talk’ to each other and share information, like road conditions, traffic congestion, and even the weather. Another advancement is Car-to-Infrastructure (C2I) communication, which lets vehicles connect with traffic lights, to help optimize traffic flow, and can also gather data about driving conditions.
Just think what would happen if hackers got into your vehicle’s computer, and were able to change some data. For instance, you start to skid; your vehicle’s computer is supposed to tell the car to correct, but the hacker tells it to turn sharply and a catastrophe can occur.
The ‘E-safety vehicle intrusion-protected applications’ (EVITA) project was one of the earliest EU-funded research activities that focused on in-vehicle-network security. “We focused on the security of the communication networks within the car,” Henniger states, “but we were always thinking about parallel C2I and C2C networks under development. EVITA’s on-board network security would be a cornerstone for all the other vehicle-networking projects out there.”
EVITA partners had many options to choose from. After extensive evaluation and analysis of the security requirements, they decided that hard-wired cryptography was needed. Instead of using software to scramble and decode the data, it would take place within the physical microchip itself, called a ‘hardware security module’ (HSM).
The speed of an HSM can encrypt data packets almost instantaneously, whereas software can have a slight delay. Processing delay could be very dangerous in a vehicle traveling at highway speeds, when even a tenth of a second delay could mean avoiding an accident or being involved in one.
After listening to the demands of the automobile industry and looking at all the technology and protocols available, EVITA decided on the specifications of an HSM. “We investigated all the requirements and carried out a thorough risk analysis for all types of data transfer and connectivity within a vehicle. We specified the HSM to incorporate counter measures to reduce these risks,” said Henniger.
He also stated, “We realized that the automobile sector is very price sensitive, so we had to design our HSM with costs in mind. We made sure that we did not over-specify the security requirements. We identified three levels of security: EVITA Lite, Medium and Full. The Lite version is used to transfer data from a small sensor to a central processing unit; this involves fairly innocuous data which people are unlikely to access and it does not need ‘belt and braces’ protection. At the other extreme EVITA Full offers the asymmetric cryptography, which is used whenever the car connects to outside networks to ensure the integrity and authenticity of messages.”
C2C and C2I are still in the laboratory and cars normally do not have data security features. But, EVITA has opened up a whole new technology to help secure the data and information passed around when our vehicles do get connected.
The design and development of the EVITA HSM was with the combined research of the BMW Group Research and Technology project (preserve), Bosch, Continental, and the security experts including Fraunhofer SIT and EURECOM. There were also software and hardware experts from Fujitsu, Escrypt and Infineon.
The EVITA HSM was put through a series of C2C tests called the European ‘Preparing secure vehicle-to-X communication systems’ project. They used vehicles originally having software-based asymmetric cryptography which was slow and problematic. The software was replaced with the HSM, which dramatically improved speed and performance.
The Preserve project has adapted the HSM with alternative microchip manufacturing techniques and it is now possible to incorporate the HSM into smaller, cheaper ASIC chips.
Henniger stated, “Based on the EVITA specifications, security can be added at minimal cost to data transfers and communication within the car, and as it connects to the outside world by integrating this security via a chip we have made it much less prone to attack and network hacking. As cars get clever and start to converse, I think drivers can rest easy. No one is going to get hold of their data or suddenly start to take control of their car.”
Image Credit: Photos.com