Cybersecurity for Vehicle-to-Vehicle Applications
The explosion of connected vehicles, either those that are technologically advanced, self-driving or those that are manually driven and relatively simplistic, brings many advantages including improvements to safety, user convenience, and enhanced sustainability. Connected vehicles are implemented by utilising Vehicle-to-Everything (V2X) networked technologies such as Vehicle-to-Infrastructure (V2I), Vehicle-to-Network (V2N), Vehicle-to-Pedestrian (V2P), and Vehicle-to-Vehicle (V2V). However, these technological innovations come at the expense of cybersecurity attacks on vehicles and the wider networked mobility sector. Cybersecurity is therefore of great interest and should be rigorously tested and enforced to ensure mobility is safe and secure against such attacks.
V2V communication allows vehicles to communicate wirelessly with other vehicles about their velocity, position, heading, etc. Omni-directional signals are typically broadcast at 10Hz creating a 360-degree ‘knowledge’ of other vehicles. Vehicles with the necessary software (or safety programmes) can use messages from nearby vehicles to detect possible collision dangers or traffic as they arise. To warn drivers, the system can provide visual, tactile, and aural cues—or a mix of these alerts. These warnings enable drivers to take steps to avoid collisions and traffic.
V2V communication technology can help vehicle safety systems operate more efficiently and save lives. In 2019, there were an estimated 6.8 million police-reported collisions in the US, with 36,096 people killed and 2.7 million people wounded. Connected vehicle technology will provide drivers with the skills they need to predict possible collisions, lowering the number of fatalities each year.
Why is Cybersecurity required for V2V Communications?
Although V2V technologies offer several benefits, automotive manufacturers have been hesitant to deploy this technology due to the potential for malicious, even life-threatening cyberattacks. There are several significant security problems that could make V2V-equipped vehicles more dangerous than current, non-connected vehicles. Verification of message authenticity is problematic and there is currently no cost-effective and simple method for determining whether the sender’s communications and intentions are hostile or beneficial. This is known as a masquerading attack. Furthermore, eavesdropping attacks affect customer privacy as V2V communications enable tracking of vehicle activities since their position is continuously broadcast to all nearby vehicles.
Injection attacks involve attackers sending counterfeit messages into the vehicle’s bus system. Through On-Board Diagnostic (OBD) connectors, hacked Electronic Control Units (ECUs), or infotainment and telematics systems, attackers can access the in-vehicle network and disrupt ‘normal’ vehicle operation. Replay attacks and Denial of Service (DoS) attacks affect the real-time functioning of the vehicle and allow override of vehicle controls respectively. Finally, vehicle occupants are also rightly apprehensive about their privacy and personal information and want assurances that data breaches can be mitigated through the use of resilient cybersecurity systems.
Innovations in Vehicle-to-Vehicle Cybersecurity
In mid-2020, researchers from Rochester Institute of Technology, New York, USA, began a programme aiming to close the cybersecurity gap in V2V interactions. Researchers constructed a secure V2V communications prototype for the project, which employed software-defined radios to simulate vehicles that can exchange data. To ensure that the messages were legitimate and tamper-resistant while maintaining privacy, the team used the Institute of Electrical and Electronics Engineers (IEEE) industry standards for integrity verification and vehicle authentication. They also created a visual interface that displayed these communications in real-time, allowing researchers to follow each vehicle’s actions in a simulated scenario.
ESCRYPT, an automotive cybersecurity company headquartered in Germany, has developed a V2V platform known as CycurV2X-PKI. It is a regulation-compliant, resilient, adaptable, and scalable credentials management system for registering, enrolling, and managing security services within vehicles. European and North American versions have been developed that adhere to regulatory standards for their respective territories. This software is easy to integrate, deploy, and manage whilst offering key features such as providing secure multi-tenancy solutions for the registration and management of end entities.
In early 2020, computer giant, Qualcomm, USA, released several products aiming to address the complexity of autonomous driving and connected vehicles and in particular the synergies with V2V cybersecurity. The C-V2X system was developed by the 3rd Generation Partnership Project (3GPP) organisation to allow safety systems to be integrated with the latest 5G technologies, whilst exploiting broader 3GPP ecosystems. With its evolution to 5G New Radio, C-V2X is seen as a promising solution to satisfy cybersecurity issues that consumers will face when connected vehicles become common.
AutoCrypt, Korea, offers a complete cybersecurity system for all V2X platforms including V2V. The solution is made up of several subcomponents, including a Software Development Kit (SDK) for securing messages and detecting abnormal activity, a Public Key Infrastructure (PKI) for verifying and signing messages, a Local Certificate Manager (LCM) for storing certificates within the V2V units, and an Integrated Management System (IMS) that allows vehicle manufacturers to access and manage all regional PKI services through a single service interface.
In late 2021, Infineon Technologies AG, Germany, introduced the SLS37 V2X Hardware Security Module (HSM), a plug-and-play security solution that supports V2V communication, to give the highest level of protection against cybersecurity attacks. The SLS37 V2X HSM is built around a highly secure, tamper-resistant microprocessor that is geared to the security requirements of V2V applications within telematic control units. This provides safeguarding whilst maintaining the integrity and validity of the message in addition to the privacy of the sender. The HSM has received Common Criteria EAL4+ certification, which is intended to be made mandatory for European V2X systems.
Continental’s Hybrid V2X solution (which covers V2V) combines 4G and 5G network access, Dedicated Short Range Communication (DSRC), and Cellular-V2X (C-V2X) communication technologies for connected vehicles and associated cybersecurity. This assists vehicle manufacturers in overcoming a significant challenge when deploying V2V globally with some territories preferring the proven DSRC standard, while others preferring the future Cellular-V2X standard. The same hardware and software platform can be utilised to support either of the communication standard with the hybrid V2X solution, decreasing costs and complexity. Continental expects the V2V version of this system to be the most popular amongst vehicle manufacturers.
The Future of Vehicle-to-Vehicle Cybersecurity
The general V2X market is predicted to grow to almost US$3 billion by 2025 with a significant share of this market being taken by the V2V sector. To successfully implement V2V, a multi-faceted strategy is required to integrate cybersecurity with connected vehicles. It must take the form of a graduated process that must be seamless whilst being easy to use and robust. Multiple layers of security are necessary to safeguard these vehicles, with all possible target areas being considered.