Security becomes a key concern whenever anything is connected to a network and especially including connected and autonomous vehicles (CAVs).
Earlier in 2023, TechRadar reported that “major security flaws were found in Mercedes, Ferrari and other top luxury cars”. The seriousness of these security weaknesses could lead to hackers to steal the private data of a vehicle’s driver, track the vehicle, remotely unlock, start cars, and potentially to take control of them.
The article also claimed the other brands affected by the security flaws include BMW, Rolls Royce, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota and Genesis. This issue doesn’t just affect automakers. Automotive technology companies such as Spireon and Reviver were also affected.
SiriusXM Connected Vehicle Services were affected too. Cyber-security specialist Sam Curry discovered a flaw in this system latter in December 2022. It allowed threat actors to access connected vehicles. In the case of BWM, security flaws could have permitted potential hackers to gain access to “internal dealer portals, car VIN numbers, as well as sales documents with sensitive owner details”.
Given that the end goal is to move towards fully autonomous vehicles, with Level 5 autonomy, it’s no wonder that the security failings are being highlighted in the press. Increasing autonomation could lead to incidents whereby hackers remotely take total control of a vehicle, and it could lead to not just remotely co-ordinated theft but also potentially life-threatening incidents that could cause death.
Current threats
According to NXP Semiconductors, current threats range from “attacks on keyless entry fobs to compromising navigation systems using USB sticks”. The company says automotive industry insiders are concerned about the move to more, not less, software “in the vehicle and the risks that arise if security practices common in IT aren’t followed”.
That said, they point out that quantum computing is making significant progress. This poses the challenge of keeping data secure because NXP says researchers consider it to be only a matter of time before “these machines are powerful enough to break existing cryptography IT systems relied upon for banking, secure web access, and messaging services”.
Semiconductor specialist, NXP, says that it is actively addressing these two fronts. So, TU-Automotive spoke to two of its spokespeople, Brian Carlson and Joppe Bos, to find out how automakers, and automotive technology providers, can fight off the hackers.
Architecture weaknesses
Carlson, global marketing director of automotive processing, explains why the electronic systems in today’s vehicles so easily attacked. He said that the issue is often created by today’s automotive architectures, which have evolved over time. To add new functions, automakers have been adding more electronic control units (ECUs) which define the functions.
He adds: “In these boxes, the devices are microcontrollers that typically don’t have a full complement of security capabilities. A key aspect of that is support for public key infrastructure (PKI) which uses asymmetric cryptos. The legacy architectures evolved incrementally without end-to-end security. With software-define vehicles, end-to-end security and support for PKI is built in from the start. You can’t add the security later, you have to design it in from the beginning.”
Another part of the equation is the fact there are a several vendors with a dozen or more processor families. This is leading to inconsistencies in the way they manage security and so security gaps are opened. “One of the major OEMs showed how a car could be broken into remotely,” he says before adding that hackers can find these modules, including connections with headlights and side mirrors. These potential security gaps, he argues, create the need for end-to-end security as the foundation of software-defined vehicles. This requires new architecture to provide much improved security and scalability well over time.
Quantum computer threat
There is, nevertheless, the threat posed by quantum computers, which could crack today’s cryptographic standards such as RSA, ECC and TLS. Joppe Bos, technical director at NXP, points out that quantum computers can solve difficult problems related to healthcare, materials, and sustainability solutions much faster.
He adds: “Quantum computer algorithms present a risk to today’s public-key infrastructure used for security. More Qubits are promised to be added to quantum computers which allow them to solve larger problems faster. If you look at the public-key cryptographic algorithm landscape today, with use of RSA and ECC, they use hard mathematical problems to create the security. However, keys can be extracted in seconds if you have large enough quantum computers.”
Meanwhile though, he believes there is no risk. Yet it’s around the corner for the current public key cryptography using RSA and ECC. He elaborates: “We can make the key sizes bigger but they will become so big you’d have to carry a hard disk around. The impact is everywhere – public key infrastructure using the RSA and ECC asymmetric keys are at risk. Everything will be completely broken if a large enough quantum computer is available.”
New cryptographic standards
The way to address this potential threat is by finding new cryptographic standards that will be harder for threat actors to break. In the US, the National Institute of Standards and Technology (NIST) organized the new standardization of the asymmetric encryption standard (AES) and the secure hash algorithm (SHA-3) in 2015 to progress this.
Bos adds: “In 2016, they started a competition to look for new post-quantum secure public-key cryptographic standards. In 2022, the winners were announced. NIST is turning the specifications into the standards. In 2024 the standards will be available and migration will start towards this new standard with multiple governments targeting the transition completion by 2030. Migration documents will be put online to help organizations to migrate to the new standards from RSA and ECC.
He explains that: “NIST was looking for two categories for multiple use cases and that there were two secondary winners. They will become standardized and multiple algorithms “were put in to diversify, and to allow a back-up scheme.”
Security key types
The cryptographies are either public key (asymmetric) or symmetric. Public key is based on mathematical problems that are very hard to break. However, it’s been demonstrated that they could be with future quantum computers, which could crack the RSA (Shor’s Algorithm) and ECC (Grover’s Algorithm) asymmetric cryptographies.
Carlson explains: “It involves more processing and more memory. The new algorithms are more complex to resist quantum computer attacks and also have much larger key sizes.” Bos elaborates that if your key size is larger, you get more security. To improve security, there is a need to switch approaches because RSA and ECC are not secure against quantum computers. This new approach requires a different algorithm that a quantum computer won’t break. Security is, therefore, not just about the key size because it’s also about the algorithm.
With regard to the symmetric cryptography standards, Carlson comments: “The only thing you can do to break the symmetric cryptography standards, is to try to break every key using quantum algorithms. Symmetric cryptos are very different since they can prevent quantum attacks with increased key sizes, instead of changing their algorithms. SHA-3 is a secure hash function that can be used in authentication and to fingerprint data to ensure integrity. There is SHA-3 with 256 bits used today, but to protect from quantum computer attacks, a move to 384 bits is needed to provide a larger fingerprint size. Likewise, the AES-128 bits encryption standard needs to be doubled to AES-256 bits to protect against quantum computers.”
Building resistance to attacks
So what cryptographic standards are resistant to hackers potentially using quantum computers to attack connected and autonomous vehicles? Bos reveals that CRYSTALS-Kyber and CRYSTALS-Dilithium asymmetric key exchange and digital signatures (public key infrastructure) and AES-256 and SHA-384 for symmetric cryptography and hashing are resistant to quantum computer attacks. He adds that the CRYSTALS standards come in 2024, and AES-256 and SHA-384 are available today.
To make security more stringent, NXP says there is a need for new processors and hardware to support these new post-quantum cryptography (PQC) standards. The S32 Hardware Security Engine is said to be an example of this. It provides the required processing, acceleration, and secure memory. New processors are needed to support new post-quantum cryptography algorithms, which require more performance and memory. With this comes the prerequisite to have new hardware to support this shift to post-quantum world. Without security, you don’t have a safe and secure vehicle.
Designing in security
Carlson concludes that automakers can design a high level of security into their vehicles today to meet future needs. To achieve this their vehicles must become software-defined, and by creating software-defined vehicles (SDVs) they will be able to update them over-the-air (OTA). This should enable them to deliver security updates to support them against quantum computing attacks. This means that SDVs can become better, safer and more secure over time because they are connected to the cloud to allow faster development and OTA deployments.
He adds that SDVs are going to be service-oriented, and this includes the deployment of new security services. Yet Carlson claims that the capability to support post-quantum cryptography exists in the hardware security engine of the S32 platform. NXP finds that customers are prepared to support post-quantum cryptography to be ahead of hackers. Carlson concludes by underling that quantum computers are evolving quickly and automotive players want to be able to lock down their vehicles now. By doing so, they will be able to fight off the hackers today, tomorrow and in the future.
