Blog

Automotive Cybersecurity | Exploring Data Security in the Automotive Industry

Written by David Close, Chief Solutions Architect | Oct 22, 2019 5:00:00 AM
For many people around the world, driving is an integral part of their daily lives. The automobile industry itself makes up a significant part of many countries’ GDPs, and creates thousands of jobs for workers across the globe. Automobiles open doors previously closed to people living in large cities or places without a comprehensive public transportation system and connect the world together.
 

However, the rise of automobiles has also come with dire consequences. According to a recent study conducted by the World Health Organization (WHO), more than six million crashes occur annually in the United States alone. In addition, another study from the Auto Insurance Center found that the average American commuter loses over 42 hours per year to traffic, or a full work week every year. In addition, distracted driving is the cause of 1 in 5 crashes in which someone was injured. How can we prevent this dangerous and time-draining trend, without losing the convenience and economic resources of the automotive industry?

Autonomous Vehicle Communications

For many, the most likely answer is autonomous vehicles. Autonomous vehicles, more commonly known as self-driving cars, eliminate the human error factor from driving by communicating with the world around them to drive themselves from place to place. They do this through a range of communications over a common network known as the Internet of Things (IoT). The most common types of autonomous vehicle communications include:

Vehicle-to-Everything (V2X): V2X allows cars to automatically transmit data such as speed, position, and direction to facilitate automatic lane positioning, pedestrian detection, and collision prevention. Generally, V2X refers to all vehicle communications with other objects in the city and is something of a blanket term for autonomous vehicle communications.

Vehicle-to-Infrastructure (V2I): V2I allows vehicles to communicate with their operating environment. V2I includes features such as motion sensors that light up sections of roads only when a vehicle is in its zone, embedded magnetic fields that can charge electric vehicles while they are driving, road targeted police drones, weather and traffic detection, congestion-priced toll charges, coordinated traffic light patterns to maximize fuel economy and speed, and intelligently networked highways that can monitor traffic flow. V2I also allows for controlled, autonomous parking, even in busy lots.

Vehicle-to-Pedestrian (V2P): V2P allows vehicles to use small cameras and sensors to identify humans walking near or in roadways. The vehicle can then respond to people obstructing the roadway by stopping or safely maneuvering to avoid them.

Vehicle-to-Services (V2S): V2S allows vehicle service providers to adapt to meet new demands and opportunities. Currently, augmented reality is already being utilized for vehicle maintenance. Vehicles will also be able to communicate a component malfunction to users as well as their dealership.

Vehicle-to-City (V2C): V2C references the new role that cities and the service providers within them will have in car ownership. Ride-sharing companies such as Uber and Lyft will take care of the licensing and maintenance issues of car ownership and will provide transportation services to customers for a small fee each ride. Such a transition would result in reducing the number of vehicles on the roads, a reduction in space requirements for parking, and an associated reduction in carbon emissions.

Using PKI to Protect the Automated Network

While there are many obvious benefits to autonomous vehicles entering the general consumer market, they also pose major security threats. Without a proper system in place for cybersecurity threats, the autonomous vehicle industry risks catastrophic failure and city-wide disruption of services in the event that the IoT is hacked. In order to prevent such an event, it is necessary for automotive manufacturers and city planners to establish a universal standard for encryption and a public key infrastructure (PKI) to protect the IoT.

PKI works by using asymmetric encryption, allowing users to securely transmit sensitive data over insecure public spaces such as the Internet. By using PKI, this data is both encrypted and authenticated, enabling the recipient to be assured of the confidentiality and integrity of the message.

PKI uses public and private key pairs that are generated and distributed by a trusted device known as a certificate authority (CA). CAs, which are often validated by third-party auditors, are used to generate digital certificates and assign them to the electronic devices that make up the PKI. A certificate is made up of two parts: a public key and a private key. The public key is used to encrypt data, and the private key is used to decrypt it. Public keys can be widely distributed without fear of compromise, while private keys must be carefully protected in a secure location such as a hardware security module (HSM). When both parties exchange their public keys, they can send trusted communications between one another.

In the automotive industry, the PKI process would begin with individual component production. This includes a wide range of items such as engine control computers, safety systems, media players within the vehicle, and more. Each of these components would be injected with a private key and digitally signed by a trusted root CA, allowing them to be verified as authentic and trusted components. Once the entire vehicle is produced, it can be digitally assigned to its owner using the same techniques. Because the vehicle would only trust operators signed under that root CA, the process would permanently or, in the case of rentals, temporarily bind the car to the owner.

In this process, both car dealers and drivers would be protected from security threats. Stolen cars could be remotely disabled by the manufacturer or dealer with the root CA, and drivers could develop a personalized profile with their preferences and biometric data on the vehicle for instant authentication. The car could recognize typical driving times, distances, locations, speeds, and more for its owner, requiring multiple additional biometric authentications when suspicious activity is detected to prevent theft.

When an open PKI standard is applied to all vehicle communication systems and the entire IoT, a world of secure self-driving cars and safer, more environmentally friendly highways is within reach. To learn more about PKI and data encryption in general, visit our IoT Manufacturing web page or reach out to a Futurex Solutions Architect for assistance.