'Hello car, what is the password?'

Mar 01, 2013
'Hello car, what is the password?'
Credit: Shutterstock

As cars get clever - bristling with computer chips and networking capabilities - an EU-funded project makes sure that your car's data stays safe and the networks are secure from hackers and tampering.

If you ever wanted proof that we live in a computerised, data-hungry and networked world, just disassemble your car. There is more gadgetry, electronics and microprocessing power on board an average car than most people would ever image. All over the vehicle sensors gather information on engine performance, wear and tear, oil quality and tyre pressure. They can detect the first signs of a skid or roll and activate emergency systems such as .

'To improve traffic safety and traffic flow, many companies and research organisations are investing a lot of effort into ground-breaking research to develop vehicle communication and networking systems,' explains Olaf Henniger from the Fraunhofer Institute for Secure Information Technology. 'Europe is really forging ahead in car-to-car and car-to-infrastructure networking.'

Car-to-car (C2C) communication allows vehicles to 'talk' to each other to share information, perhaps about congestion on the roads or indicating their presence in fog or around blind corners. Car-to-infrastructure (C2I) communication lets vehicles connect with traffic lights, or other , which can help to optimise traffic flows, incident management and gather critical data about .

But just as with any ICT system, this data and the on-board communication networks must be kept safe and secure. Data privacy extends to personal data captured by your car - think what someone could discover about your driving skills and habits! Similarly, hackers could create havoc, and potential tragedy, if they gained control of a car's electronic systems.

The 'E-safety vehicle intrusion-protected applications' (EVITA) project was one of the earliest EU-funded research activities to really concentrate on the issue of in-vehicle-network security. 'We focused on the security of the within the car,' explains Mr Henniger, the project's coordinator, 'but we were always thinking about parallel C2I and C2C networks under development. EVITA's on-board network security would be a cornerstone for all the other vehicle-networking projects out there.'

Hard-wired security

There were many options for the EVITA partners to choose from. But after extensive evaluative studies and analysis of the security requirements, the team decided that the vehicle networks needed hard-wired cryptography. In other words, the scrambling and decoding of data would take place within a physical microchip - called a 'hardware security module' (HSM) - rather than via software.

One of the main benefits of using an HSM is its speed - it can encrypt data packets almost instantaneously, whereas software often involves a slight lag phase. Any processing delay cannot be tolerated in a vehicle travelling at over 100 kilometres per hour (kmph) - where even a 10th of a second interval could be the difference between life and death.

The EVITA team agreed on the specifications for the HSM, after looking at all the technology and protocols available and listening to the demands of the automobile industry. 'We investigated all the requirements and carried out a thorough risk analysis for all types of data transfer and connectivity within a vehicle. We specified the HSM to incorporate counter measures to reduce these risks,' says Mr Henniger.

'We realised that the automobile sector is very price sensitive, so we had to design our HSM with costs in mind,' Mr Henniger continues. 'We made sure that we did not over-specify the security requirements. We identified three levels of security: EVITA Lite, Medium and Full. The Lite version is used to transfer data from a small sensor to a central processing unit; this involves fairly innocuous data which people are unlikely to access and it does not need 'belt and braces' protection. At the other extreme EVITA Full offers the asymmetric cryptography, which is used whenever the car connects to outside networks to ensure the integrity and authenticity of messages.'

Industry implementation

At present, while C2C and C2I remain in the laboratory, cars still do not typically incorporate data security features. But EVITA has paved the way to help make sure that the information will stay secure once cars get connected.

The EVITA HSM was designed through the combined research and expertise of the car manufacturer BMW Group Research and Technology, automotive suppliers such as Bosch and Continental, security experts including Fraunhofer SIT and EURECOM, software experts such as Fujitsu, and the hardware experts, Escrypt and Infineon.

The EVITA HSM has already proved its worth during C2C tests within the large-scale European 'Preparing secure vehicle-to-X communication systems' (Preserve) project. The vehicles under test originally deployed software-based asymmetric cryptography, but this proved slow and problematic. Replacing the software with the HSM led to a dramatic rise in speed and performance.

Cheaper chips

Since the EVITA project finished, the Preserve project has adapted the HSM design to alternative microchip manufacturing techniques. It is now possible to incorporate the HSM into smaller, cheaper ASIC chips.

'Based on the EVITA specifications, security can be added at minimal cost to data transfers and communication within the car, and as it connects to the outside world,' Mr Henniger concludes. 'By integrating this via a chip we have made it much less prone to attack and network hacking. As cars get clever and start to converse, I think drivers can rest easy. No-one is going to get hold of their data or suddenly start to take control of their car.'

Explore further: Printing the metals of the future

More information: 'E-safety vehicle intrusion protected applications' project website
'Preparing secure vehicle-to-X communication systems', Preserve, project website

add to favorites email to friend print save as pdf

Related Stories

When cars talk to one another

Feb 08, 2011

Networking vehicles with one another and with the infrastructure gives the driver information on the situation beyond his or her field of vision and warns the driver about accidents or traffic jams. Researchers ...

Beware of Hackers Controlling Your Automobile

May 18, 2010

(PhysOrg.com) -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to ...

Secure updates for navigation systems and company

Oct 05, 2011

At the push of a button by the driver, control units download the car manufacturer's new software -- such as enhanced map material for the navigation system. To ensure that this data channel is protected from hacker attack, ...

Tire-pressure monitors vulnerable, researchers say

Sep 02, 2010

(PhysOrg.com) -- Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at ...

Recommended for you

Printing the metals of the future

13 hours ago

3-D printers can create all kinds of things, from eyeglasses to implantable medical devices, straight from a computer model and without the need for molds. But for making spacecraft, engineers sometimes need ...

3D printing helps designers build a better brick

16 hours ago

Using 3-D printing and advanced geometry, a team at Cornell has developed a new kind of building material – interlocking ceramic bricks that are lightweight, need no mortar and make efficient use of materials.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Chromodynamix
not rated yet Mar 01, 2013
Maybe an ignition activation system that can detect slurring of words?