Cyber Security for the Vehicles of Tomorrow

Connected and autonomous vehicles are set to revolutionise our transportation and re-shape our cities. They will prevent accidents, reduce parking space requirements, lower congestion and pollution. But in order to achieve this, they need several sensors and wireless interfaces which connect them with other vehicles, consumer devices, infrastructure and the Internet. This connectivity adds great functionality but it also introduces a myriad of security and privacy threats. Safety critical functionality in the vehicle is controlled by a multitude of Electronic Control Units (ECUs) which are fully programmable. As vehicles become more programmable, complex and interconnected, they also become more vulnerable to cyber attacks.


The main goal of this fellowship is to secure connected and autonomous vehicles, making them resilient to this type of attacks. We will achieve this goal by developing techniques to secure each component of the vehicle's electronic architecture: ensuring that each ECU only executes code that is suitably authenticated; using model learning techniques to develop a framework for automated security testing of ECUs in a way that it scales; securing the vehicle's sensors such as radar, lidar and optical cameras against signal spoofing, tampering and denial of service attacks which would cause them to output inaccurate readings; and improving the communication protocols between vehicles and between the vehicles and the infrastructure in order to provide authenticity, non-repudiation and privacy while complying with stringent real-time constraints.

The frontiers are shifting in the automotive industry with the rapid emergence of next generation connected and autonomous vehicles and manufacturers are competing to be a market leader, with new technologies and business models. Whilst this engineering revolution shows no signs of abating, cyber security concerns are a primary inhibitor to widespread delivery and consumer adoption of the technology. In order to effectively tap into the \$1.5 trillion extra revenue per year that the connected and autonomous vehicles are predicted to generate (McKinsey report), the automotive sector needs to address the cyber security challenges that the future generation vehicles pose.

This fellowship will address the key issues in automotive security: how robust are the memory protection mechanisms on automotive ECUs and Hardware Security Modules (HSMs); how resilient to attack are the vehicle's sensors and their underlying data fusion algorithms; how can we automate security testing of ECUs in a way that it scales; and what are the trust anchors and cryptographic primitives for V2X communication that will enable secure and privacy-friendly collective sensing.

The immediate beneficiaries of the research in this fellowship are our industrial partners: ZF TRW and Security Innovation. They will be able to improve the security of their products based on the newly developed memory protection mechanisms; implement side-channel and fault-injection countermeasures in their security critical components; use our automated methods for testing the security of their ECUs; improve their sensors making them more robust against active attacks and adopt the key management and protocols for V2V and V2I communication. But the whole automotive industry will benefit as well as we mature these ideas and develop methodology for automotive security testing that is reproducible. Whenever we find new vulnerabilities in deployed products we will engage in responsible disclosure with the respective product manufacturer. By doing so we will help raising the bar for security practise across the whole sector, both in the UK and elsewhere.

This fellowship will also bring academia insight on the current state of automotive security and the challenges it faces. Researchers and practitioners in the area of automotive and hardware security and applied cryptography will benefit from our analysis methodology and our contributions to language-theoretic security. The tools that will be developed and released as open source will aid security analysts from both academia and industry, automating and systematising the difficult task of security testing of a specific implementation. Furthermore, having a robust, well-studied open source over-the-air firmware update implementation will be beneficial to the whole sector.

Society will benefit from this research as well. Securing ECU's memory will lead to less mileage fraud and car theft (given that a popular way of stealing cars is to program a new blank key to the car which is then used to drive away). But more importantly, it will lower the risk of cyber attacks targeting large number of vehicles or VIPs. Citizens will also benefit from enhanced privacy in V2X communication while having non-repudiation when false information is given to them. In emergency situations, every millisecond saved by our low-latency cryptographic protocols could make a critical difference.

This programme of research is cross-disciplinary in nature as it will integrate techniques from several domain areas such as cryptology, electrical engineering, physics, signal processing and radar. Some of the techniques from WP1 and WP2 will also be relevant to mobile phone and IoT security. The low-latency MAC from WP4 is of interest in its own and also has a myriad of applications in other areas such as military, avionics and wireless sensor networks.