OnBoard Security’s Chief Technology Officer, Dr. William Whyte, has been involved in Vehicle-to-Everything (V2X) communications security for nearly 20 years. He is the editor of the IEEE 1609.2 security standard and has consulted for numerous automaker, the US Dept. of Transportation (DOT) and transportation organizations around the world. He is frequently asked to explain V2X security and give insights on potential vulnerabilities in the system.
At the Automated Vehicles Symposium (AVS) 2017, I addressed a plenary talk to the ~1,500 attendees, stating that even though it is unanimously considered as paramount, cybersecurity is still an after-thought. Or at least it still feels like it. Indeed, for the last two AVS editions, the cybersecurity breakout session reported similar open challenges, but no real changes have been seen since. In order to move the security needle, we took a different approach and didn't organize a cybersecurity breakout session. Instead, we identified that the missing components were the lack of inputs coming from the community of experts. To be able to build a more resilient system, cybersecurity experts should know about the limitations of each subsystem, and possible "nightmare scenarios".
Topics: NTRU, Cyptography, Quantum Computing, Automotive, Privacy, Internet of Things, V2X, Embedded Security, Autonomous Vehicles, Regulation, Cyber Security, TPM, TSS, Trusted Computing, V2V, BCAM, SCMS, Research, Connected Vehicles, IoT,, DSRC
Car makers use cryptographic keys for a variety of purposes, including Over-The-Air (OTA) software updates, security immobilizers, inter-module communications, and Vehicle-to-Everything (V2X) communication security. Key Management Systems (KMS) are very complex, as the manufacturer has to manage dozens of keys for each car model, both at production and when new components are introduced during repairs, and they must maintain these keys over the long lifetime of a car. Key Management is a daunting task.
On Friday October 21, 2016, Dyn was subjected to two large Distributed Denial of Service (DDoS) attacks against their internet-address lookup Managed DNS infrastructure. The attackers used Mirai botnets launched from over 100,000 endpoints including cameras, DVRs and baby monitors to generate the significant volume of attack traffic. Affected services included Amazon, Spotify, Netflix and the New York Times.
Toyota recently sent a letter to the Federal Communications Commission (FCC) urging them to protect the 5.9 GHz band for Dedicated Short Range Communications (DSRC), the technology behind Vehicle-to-Vehicle (V2V)communications. Toyota noted that “The market leaders in Japan (Toyota), Europe (Volkswagen), and the United States (General Motors) have now either begun deployment of DSRC technology or announced a specific deployment plan for the technology.”
Tesla is the only major automaker that offers over the air (OTA) updates of both software and firmware. This allows Tesla to add new features like new voice commands, driver profiles or blind spot warnings that weren’t available when the car was purchased. It also allows them to fix bugs that were either causing the car to not function as intended or to discourage potential hackers by patching vulnerabilities soon after they are discovered.
Recently, the UK government released "The key principles of vehicle cyber security for connected and automated vehicles." This guidance document provides key cyber security principles for use by the automotive industry and its suppliers. This follows the US Government's guidelines that were issued last fall.
In September 2016, the U.S. Department of Transportation (USDOT) awarded three Connected Vehicle (CV) Pilot Deployment Programs: New York City (NYC), Tampa and Wyoming. The CV Pilot Program will test and operationalize cutting-edge vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) technologies, including in-vehicle wireless, mobile devices, and roadside equipment that have the potential to reduce accidents, save lives, improve productivity, enhance mobility, and lessen the environmental impact of city traffic. The NYC CV pilot will feature an estimated 8,000 vehicles outfitted with V2X equipment, including 5,850 taxis, 1,250 MTA vehicles, 400 UPS trucks, and 500 city vehicles. There will be approximately 350 roadside units installed at Manhattan and Brooklyn intersections and on FDR drive. Additionally, 100 vulnerable road user (pedestrians and bicyclists) devices will be deployed to study the effectiveness of V2X technology in reducing NYC's high rate (5 times the national average) of crash fatalities involving pedestrians.