To enable autonomous driving, driver assistance systems need a lot of information from different sources. Data from the immediate vicinity of the vehicle together with information provided via the Internet is processed in the operational control of the car. For example, route planning of e-vehicles must be adapted according to information about charging infrastructure. Currently, a subset of this information is already available offline in the vehicle. Another example of the necessary integration of a vehicle into the Internet are over the air software updates. In order to close vulnerabilities in the control software, these must be regularly supplied with updates. Time-accurate updates must be recorded online and linked to the appropriate hardware components. The integration of vehicles into the Internet requires its own security concepts.
The goal of the SecVI project is to develop a robust and low-complexity network architecture to ensure the security of message flows. Considering vehicle-specific communication characteristics, the network of a vehicle is monitored at various levels and shielded against attacks.
Even though this robust network architecture already leverages many attack patterns, an additional detection of vulnerabilities before a possible attack is a central security mechanism. Only if security gaps are recognized early, appropriate security updates can be carried out in time to prevent an attack. For this purpose, new additional functions, such as a key and firewall management, are developed that build on the existing vehicle-specific components. These new features will be added to the vehicle manufacturer’s cloud infrastructure in order to be able to apply updates to an entire vehicle fleet in the short term. Based on real application data, the concepts of the SecVI project are developed and evaluated in a demonstration vehicle that makes autonomous driving secure.
Innovations and Perspectives
With the increasing connectivity of vehicles and infrastructure, new attack vectors are created which enable unauthorized access to data and programs. Even today, vehicles are getting more and more targeted by attackers. Security solutions are in a permanent race with attack technologies, which are characterized by a growing professionalism of the attackers and an increased quality of the attacks. Defending such attacks is not just about avoiding economic damage, but above all about protecting human lives.
The uniform network architecture developed in SecVI project supports the protection of the entire communication system in the vehicle. This includes the verification of online updates as well as the permanent monitoring of communication between ECUs and between software components. This monitor mechanism is a good candidate to prevent cyber-attacks on the vehicle in a robust way without having to change all existing components of the vehicle. This secures the investments of the automotive industry into established and proven subcomponents of vehicles.