How can AVs be protected from hackers who want to do harm?
Modern vehicles need cryptographic keys for security. These are the small bits of information that safely determine the functional output of software applications. Automated vehicles will require dozens of these cryptographic keys, and even more as each new feature and function is added. Today, there is no uniform process for generating these digital keys.
Mcity at the University of Michigan, a public-private research partnership focused on advanced mobility, today published a white paper that outlines its proposal to create a single key management system for automakers and suppliers to use across the industry. This standard would define how security keys are manufactured, which party is responsible for generating new keys, and how they are transmitted between automakers and their suppliers.
Mcity’s research prompted SAE International, which develops automotive engineering standards, to establish a standards committee focused on key management. This jump-started what is typically a years-long process to develop a global industry standard. Instead, the key management standard, which the automotive industry agrees is vital to the successful development of secure vehicles, could be adopted within a year after SAE International issues a final specification.
“As cybersecurity is becoming more and more important for vehicles now, it’s requiring developers to find ways to better secure the vehicle. Part of that is making sure that when you download software to a vehicle or one of its components, that it’s the correct software and that it’s coming from the right place. The way to do all of that is using, essentially, digital keys.”Mark Peters, project leader for Mcity’s key management research, and director of business development for OnBoard Security Inc., a Qualcomm company and Mcity Affiliate member
The adoption of a unified, interoperable system to manage crypto keys in self-driving vehicles is a major component in achieving the very high level of cybersecurity needed to make autonomous vehicles successful. The current system of widely varying key management approaches can only add time, complexity and cost to vehicle development, while also creating security risks and threatening the dependability of these vehicles.
The white paper is titled, “Denying Hackers: Unlocking Security Key Technology for Automated Vehicles.”