Intel Corporation has signed a Partnership Framework Agreement, joining forces with the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust (SnT). As autonomous vehicles gain in complexity, it becomes increasingly difficult to secure them against hackers. Through this agreement, SnT and Intel will therefore work together to make such vehicles more resilient, allowing them to neutralise attacks automatically, and even ‘self-heal’ before an attacker can compromise too many essential functions.
The agreement follows SnT’s involvement in the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS), with the work being carried out by researchers from SnT’s Critical and Extreme Security and Dependability Research Group (CritiX). Their research will focus in particular on solving security issues impacting safety, caused, for example, by the need for self-driving cars to ‘collaborate’ with one another.
Two pairs of eyes are better than one
Powerful on board computers capable of handling driving functions, such as parking and lane keeping, are already a reality. In the move towards fully autonomous cars, however, less attention has been given to the need for such vehicles to collaborate with one another; in order to drive safely these cars will need to share information about their environment, from roadworks and weather conditions to pedestrians stepping out into the road.
Unfortunately, the complex software and extensive connectivity necessary for such collaborative autonomous driving makes these systems more vulnerable to attack. For example, hackers could interfere with sensor devices or communications between vehicles to take control of several cars and block an emergency route, or to appropriate police and military vehicles. Driving control systems could even be hacked to cause accidents.
Using current methods, this would be prevented by ensuring that systems are free from the software faults and vulnerabilities that hackers exploit, but this is no longer feasible. “We can realistically aim to verify only 15,000 lines of code in a piece of software – the equivalent of 13 experts working fulltime for a year,” says Research Scientist Dr Marcus Völp. “To give that some context, Windows 10 has around 50 million lines of code. Therefore we need to accept that attackers will find vulnerabilities and hack into cars, meaning that we need systems capable of real time response and rejuvenation while under attack.”
Research towards self healing cars
Using the methods currently being developed by CritiX, any one system within a car – for example the engine control system, responsible for fuel injection and air calibration – will be made up of multiple independent software components, rather than just one. More than a third of these components would need to be compromised in order for a hacker to manipulate the system. Further, with CritiX’s approach we can imagine that each component is like a labyrinth, and in order to compromise it a hacker needs to find the way to the heart of that labyrinth. While this is happening, however, any previously compromised components will self-heal and ‘re-design’ themselves, so a hacker would constantly be faced by an array of new labryinths.
‘This isn’t only a theoretical challenge, but also a practical one’, says FNR PEARL Chair Prof. Paulo Esteves-Veríssimo, head of CritiX. ‘One of the major difficulties here is to ensure that the rejuvenation can happen in real time without overheating critical systems.’ Similarly, the team must guarantee that while individual components rejuvenate the remaining components remain operational and safe.
The team’s work on autonomous driving has already borne fruit – in 2016 their paper Towards Safe and Secure Autonomous and Cooperative Vehicle Ecosystems identified significant gaps between the measures taken to ensure that cars are safe and those taken to ensure that they are secure. Through their current work they are developing the methodologies, protocols and solutions necessary to address this gap, moving towards the ultimate goal of automatic resilience against attack.
Photo: © University of Luxembourg