Overcoming automotive adversaries in the age of automation

By 2030, it is expected that there will be over 4.5 million self-driving cars on US roads, with the majority of these unlikely to be for personal use. Instead, ride-share companies such as Uber and Lyft are expected to introduce electric car services, which could decrease the need for private car ownership. If car manufacturers are to maintain their customer base, they must explore new business models.

Subsequently, navigation and infotainment systems may soon be tied not to specific vehicles, but to the user instead. Once a customer has successfully authenticated with a car that they’ve been granted access to, personal features will be activated and made available to them. However, security incidents relating to these systems are becoming increasingly prevalent, with cybercriminals looking to access these and obtain sensitive data. They even have the capacity to steal the entire vehicle, making security the top priority for automotive manufacturers.

With smartphones now intrinsic to modern life, they have provided the perfect gateway for companies like Uber to flourish. The mobile connectivity now prevalent across the globe enables users to register with multiple ride-share companies through applications. When paired with GPS, users can use their phones to identify nearby cars and transmit their location to its driver. With the rise of automated vehicles, these applications will be able to interact with driverless cars and enable access to the infotainment features users have grown accustomed to within their own vehicles.

This is not the technology of the future; it’s a concept is already coming to fruition across the globe. In December 2022, Uber, alongside its partner Motionrail, announced it would provide customers in Las Vegas with the option to hail self-driving taxis, with plans for a fully driverless service expected to be available across the US by the end of 2023. It is becoming apparent that time is running out for manufacturers to revamp their offerings if they are to stay competitive within the automotive market.

Covering your vulnerabilities

There is a clear link between autonomous vehicles and the race to fully automated cars. However, as more cars become connected, the number of attacks being levelled against in-car features continues to increase. Through weak ciphers required to unlock a car and deactivate the immobilizer, hackers are able to quickly gain access to the vehicle and steal it within a matter of seconds. Furthermore, attacks against the in-vehicle networks can weaponise the technologies designed to protect the user, with criminals able to reprogram key systems of the vehicle. If an attacker gains access to these, they can quickly disarm airbags, remotely control the steering, and locate, unlock, and remotely start the car. Attacks like these can not only cost manufacturers millions in financial and reputational damage but can also result in significant physical harm to the user.

At the Pwn2Own conference that took place March 2023, security company Synacktiv was able to execute a successful exploit of a Tesla Model 3, gaining root access to the vehicle’s infotainment system through Bluetooth and giving them the opportunity to take over the entire car. This was not the first time vulnerabilities had been found within Tesla vehicles, as in 2020, whitehat hacker Jason Hughes was able to gain access to ‘the Mothership’, the company’s home server used to communicate with its customer fleet. Using his own vehicle’s connection to the Mothership, Hughes found a bug which enabled him to authenticate as any car within the fleet, only requiring a vehicle’s registration number. These could be found within Tesla’s database, giving Hughes access to information about any car within the fleet, and even allowed him to send commands to those cars. Once this vulnerability was unearthed, Hughes reported this back to Tesla, but other potential hackers may not be as considerate.

Driving future security advancements

Security measures that can help overcome automotive attacks are essential, and to this end, standards bodies such as the Trusted Computing Group (TCG) are devising new strategies to ensure a strong line of defense for manufacturers and users alike. Through a new secure role and rights management system, the organisation is striving to develop the concept of ‘trusted computing’ within automotive vehicles. Taking into account existing security measures presently available, the secure access and feature activation mechanism proposed includes both online and offline delegation of usage rights and roles, with capacity for online revocation.

The system revolves around the use of a hardware Root-of-Trust (RoT) called the Trusted Platform Module (TPM) 2.0. This is a hardware-based security feature designed to create and maintain a secure environment for the storage and processing of sensitive data. Through the TPM, over a billion devices around the world are able to store cryptographic information while attesting the identity of software, firmware and any other elements found within a device. Within this system, the keys used to enable certain vehicular features will be securely stored in the TPM 2.0, with usage bonded to an inherent access policy mechanism called ‘Enhanced Authorisation’. Adopting this system provides hardware-level security guarantees while maintaining a high level of flexibility for the manufacturer.

Essential elements of feature activation, such as data confidentiality and Intellectual Property (IP) protection are examined to provide functional security requirements that ensures adequate vehicle security. The system is able to map vehicle requirements to the inherent commands and features found within the TPM 2.0. In turn, this provides detailed access policy concepts directly to the vehicle. These are requirements which specify how access to the vehicle is managed, and who has the permission to do so.

Smartphones not only come in handy for booking driverless cars but are also an essential tool for authentication. Within the system, an authentication token can be stored within the device which enables users to store a signature key within an isolated environment. This key attests the identity of the user, communicating with the vehicle and the backend system responsible for managing the roles and rights of a user and enables feature activation.

During testing, a proof-of-concept prototype was implemented within the system to mirror current electronic control units (ECU), infotainment systems and Android smartphones to efficiently evaluate performance. This meant TCG could review comparable results to real-life use cases and establish better authentication and access control, alongside stronger security measures for the vehicle.

Trusted computing for the automotive industry

Using the TPM 2.0 as a trust anchor – an authoritative entity that enforces strong security policies for accessing stored keys – enables vehicles to withstand software and hardware attacks. Within the car itself, the TPM 2.0 acts as the endpoint for all internal and external communications, conversing with the ECU and the owner’s authentication token (often a smartphone) through secured end-to-end channels over the internet or internal bus system. This helps to prevent malicious, unauthorized entities from gaining access to the vehicle or its key systems.

Through systems like the one devised by the TCG, manufacturers can trust the keys used within the in-vehicle network remain symmetric, meaning the existing protocols and architecture of the car remain untouched. This is because the keys used in the protocols can now be safely stored and accessed within the RoT. Applicable to general car or fleet sharing applications where it can be used to authenticate the immobilisers of non-autonomous vehicles, the system allows users to start the engine when required, empowering the autonomous ride-sharing concepts of the future.