Intel joins automotive secure computing research
By signing a Partnership Framework Agreement chipmaker Intel is joining forces with the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust (SnT). The move is based on the realization that as autonomous vehicles gain in complexity, it becomes increasingly difficult to secure them against hackers. Through the agreement, SnT and Intel will work together to make vehicles more resilient, allowing them to neutralise attacks automatically, and even ‘self-heal’ before an attacker can compromise too many essential functions. The research will focus in particular on solving security issues impacting safety, caused, for example, by the need for self-driving cars to ‘collaborate’ with one another. Intel is participating in the research through the ICRI-CARS research institute which bundles related R&D activities from several universities.
Powerful on-board computers capable of handling driving functions, such as parking and lane keeping, are already a reality. In the move towards fully autonomous cars, however, less attention has been given to the need for such vehicles to collaborate with one another; in order to drive safely these cars will need to share information about their environment, from roadworks and weather conditions to pedestrians stepping out into the road.
Unfortunately, the complex software and extensive connectivity necessary for such collaborative autonomous driving makes these systems more vulnerable to attack. For example, hackers could interfere with sensor devices or communications between vehicles to take control of several cars and block an emergency route, or to appropriate police and military vehicles. Driving control systems could even be hacked to cause accidents.
Using current methods, this would be prevented by ensuring that systems are free from the software faults and vulnerabilities that hackers exploit, but this is no longer feasible. “We can realistically aim to verify only 15,000 lines of code in a piece of software – the equivalent of 13 experts working fulltime for a year,” says Research Scientist Marcus Völp. “To give that some context, Windows 10 has around 50 million lines of code. Therefore we need to accept that attackers will find vulnerabilities and hack into cars, meaning that we need systems capable of real time response and rejuvenation while under attack.” To complete this picture: State-of-the art cars today run up to 150 million lines of code in hundred or more on-board electronic control units.
Using the methods currently being developed by CritiX (a previous research project implemented at SnT), any one system within a car – for example the engine control system – will be made up of multiple independent software components, rather than just one. More than a third of these components would need to be compromised in order for a hacker to manipulate the system. Further, with CritiX’s approach we can imagine that each component is like a labyrinth, and in order to compromise it a hacker needs to find the way to the heart of that labyrinth. While this is happening, however, any previously compromised components will self-heal and ‘re-design’ themselves, so a hacker would constantly be faced by an array of new labryinths.
‘This isn’t only a theoretical challenge, but also a practical one’, says FNR PEARL Chair Prof. Paulo Esteves-Veríssimo, head of CritiX. ‘One of the major difficulties here is to ensure that the rejuvenation can happen in real time without overheating critical systems.’ Similarly, the team must guarantee that while individual components rejuvenate the remaining components remain operational and safe.
The team’s work on autonomous driving has already borne fruit – in 2016 their paper Towards Safe and Secure Autonomous and Cooperative Vehicle Ecosystems identified significant gaps between the measures taken to ensure that cars are safe and those taken to ensure that they are secure. Through their current work they are developing the methodologies, protocols and solutions necessary to address this gap, moving towards the ultimate goal of automatic resilience against attack.