The University of Warwick Trials Cybersecurity Research Projects for Connected Autonomous Vehicles

2 months ago by Luke James

With autonomous vehicles expected to become more and more widespread as manufacturers work hard to bring their own designs to market, the security of the connected systems that power them are a major concern for researchers.

In the not so distant future, connected autonomous vehicles (CAVs) are expected to become a common sight on roads across the UK and, indeed, the world. 

To ensure smooth and safe deployment of different types of CAVs from different manufacturers, researchers from Warwick Manufacturing Group (WMG) from the University of Warwick, funded by Lloyd's Register Foundation, have undertaken real-world testing of four academic research projects in their IoT-enabled Transport and Mobility Demonstrator project. 

The four research project systems that have been developed by 12 UK universities as part of the PETRAS consortium intend to improve the security, privacy, and safety of vehicle-to-vehicle communications and infrastructure. 

It is not only researchers that appreciate the potential cybersecurity risks. In December 2018, the UK Government released their own cybersecurity standards for CAVs

 

A vehicle used during a University of Warwick study.

A vehicle used during testing. Image credit: University of Warwick.

 

CAV Driver Safety Risks

Project lead, Professor Carsten Maple, said, “The cybersecurity of CAVs is key to make sure that when the vehicles are on the roads, the data is trustworthy and that vehicle communications do not compromise privacy. We tested four innovations developed in the PETRAS Project, and being able to apply them to the real world is the first major step in testing security of CAV systems…”

With CAVs, the stakes are high. If a vehicle's systems are to be attacked and compromised by, say, a hacker, the potential for devastating results don't bear thinking about. Furthermore, hacking could be motivated by several reasons. A disgruntled ex-lover seeking to take control in a domestic dispute, a terrorist taking control of a vehicle to guide it into a crowd, or a hacker simply demanding ransom. 

Presently, there are two main risks that researchers are considering:

 

A Third-Party Taking Control of a Vehicle or External Smart City Infrastructure

What if a vehicle is hacked and driven into traffic, pedestrians, or made to stop in a dangerous area such as the middle of a train crossing? What if a smart city's infrastructure is hacked and used to control a group of cars, resulting in a major collision? What if a vehicle is taken over and made to return to or drive to a specific location so the perpetrator can cause further harm? These are all realistic possibilities when it is a computer and other electronics in the driving seat. 

 

A Third-Party Accessing Personal Information

We're not just talking data, biometrics have applications to CAVs, too. Locking and authentication systems that use facial recognition could be compromised and stolen, used by hackers to compromise that person further by accessing their online banking, for instance. 

 

Risk Mitigation: WMG's Testing

Testing looked at how CAVs will connect to one another as well as roadside and smart city infrastructure, and how this infrastructure will connect to one another, too. To do this, three innovations were tested that included:

 

University of Warwick testing edge infrastructure.

Edge infrastructure used during testing. Image courtesy of the University of Warwick.

 

1. Group Signatures

For CAVs to communicate, the messages it sends must contain proof that the vehicle is what it claims to be. By revealing its identity, though, the vehicle can be tracked over time. To provide privacy, a group signature can be used that indicates whether a vehicle is part of a group, not that it is a specific, identifiable, and trackable vehicle. 

Group signatures can include a timestamp that refreshes every 10 minutes to eliminate the ability for an eavesdropper to link multiple messages to one vehicle.

 

2. Decentralized PKI

A moving CAV may meet multiple others during a journey, particularly on a busy or major road. To check the identity of these vehicles, the public key of the other vehicle must be downloaded from a keyserver. 

Hosting this in the cloud, however, has limitations due to communication hops increasing time before the vehicle receives the necessary keys. If the keyserver sits next to the road and distributed via Edge infrastructure, though, vehicles can receive these much faster.

A decentralized PKI can be extended by supporting the periodic issuing of new identities to vehicles on the road to bolster privacy.

 

3. Authentication Prioritization

CAVs have limited computing resources and so verifying the identity of other CAVs is both tasking and expensive; they can only verify a certain number of identities per second. In busy traffic, there may be more vehicles sending messages than can be verified quick enough. 

A potential solution is to assign certain messages a priority to decide which messages are read and verified first—the higher the priority, the more important the message will be viewed by the CAVs receiving it. 

All the above tests were carried out live on the campuses of the Universities of Warwick and Surrey and the Millbrook Proving Ground. 

Comments