- Cars of the future will talk to each other. They will be wirelessly connected to vehicles around them, alerting each other about speed and braking, smoothing traffic flow and hopefully making roads safer.
- The number of successful vehicle attacks has doubled every year, with the vast majority (up to 80 per cent) of hacks executed remotely.
- The Deakin research team is developing new technologies, platforms and software to support the cyber-safe and secure operation of vehicles and vehicular systems.
- They are seeking to mitigate the impact of cyber security attacks by early detection of intrusion and preventing unauthorised access.
- Deakin has provided cyber security education and research since 2003 and is now among the world’s top 100 universities for computer science and engineering (2020 ARWU).
- The car will take full control of all aspects of driving in most driving conditions by 2030.
Ensuring a safe transition
Deakin researchers are developing new platforms and software to support self-driving technologies in vehicles of the future. Ensuring the secure exchange of information between vehicles is key to the success of this technology.
Technological progression means cars will change more in the next decade than they have in the past century. Not only will they be powered and wired differently, but it's also likely that we will not be driving them. Thanks to developments in instrumentation, automation, the Internet of Things (IoT) and secure vehicle-to-vehicle communication systems, experts predict the car will be in control of all aspects of driving in most driving conditions by 2030. A key element of this new autonomous world will be the capacity of cars to safely communicate with each other.
Our vehicles of the future will take the form of complex mobile computers, designed to be automated, connected and, where possible, cooperative. But the security of these vehicles – including the interconnected systems and underlying electronics – will be critical for both community safety and industry growth.
World-leading cyber security researchers from Deakin’s the Centre for Cyber Resilience and Trust (CREST) are working with Bosch Australia to help ensure that next-generation vehicles are cyber-safe and can engage in secure and trusted cooperation. The project will contribute to better understanding of the security and privacy limits of connected vehicles and advance state-of-the-art systems to ensure their safety.
In recent years, there has been rapid progress in vehicle-to-vehicle networking. Dedicated short-range communications and 5G-vehicle-to-everything (V2X)-based communications are driving an emerging generation of connected vehicles. There are seven different types of vehicle connectivity, including vehicle-to-vehicle communication and vehicle-to-infrastructure communication, which involves communication between vehicles and infrastructure such as lane markings, road signs and traffic lights. Together, these will improve road safety, ease traffic congestion, and reduce Co2 emissions caused by congestion and allow the safe transition to autonomous driving.
This safe transition is dependent upon secure connectivity and cooperation between vehicles, and Deakin’s research team is exploring challenges to this security.
Connected automotive systems benefit substantially from connectivity to Internet services and other vehicles. However, network connectivity also exposes them to cyber threats that, although common in computer systems, are relatively new in automotive systems.
As a result, the resilience of future automotive systems is not exclusively about robustness and responding to faulty behaviour in components. It is also about security and trust of software systems and on-board instrumentation that could be vulnerable to hackers anywhere in the world.
To overcome the risks, Deakin researchers are developing a framework comprised of technologies and a methodology for secure automotive computer systems. This framework sits within a securely connected automotive software platform that enables the connected vehicle to cooperate with external services and other vehicles in a secure, trusted and safe way. This technology will be available to the wider automotive sector.
The research encompasses a range of topics, from secure firmware and software updates, through to secure connectivity and trusted cooperation.
The research training component of the project is seeing the development of PhD-trained cyber security specialists for the automotive sector, a sector that is particularly affected by the global shortage of cyber security professionals. It is planned that the four PhD researchers will spend time on-site at the Bosch technical centre in Clayton.
Preventing unwanted cyber attacks
The Deakin team is seeking to ensure secure cooperation between vehicles exchanging intelligence with each other, to enable vehicle systems to make secure real-time decisions, independently of the driver.
As the autonomous and assistive capabilities (eg cruise control, automatic braking etc) of vehicles have increased and vehicles have become increasingly Internet-connected, they have become targets for remote compromise by people with malicious intent.
There have been several well-publicised instances of vehicle hacking. These include Charlie Miller and Chris Valasek who remotely hacked a Jeep in 2015 enabling them to disable brakes and control steering, causing the recall of 1.4 million vehicles. The Chinese company Keen Security lab’s hack in 2016 on the Tesla, which involved compromise of the controller area network that controls many of the systems in the car.
In 2019, security researchers Amat Cama and Richard Zhu hacked the Tesla 3’s infotainment system (as part of a Tesla competition, where the winners got to keep the car); and, in 2020, Lennert Wouters, a security researcher at Belgian university KU Leuven, hacked the Bluetooth key fob on Tesla’s Model X.
Remote takeover of vehicles such as the Jeep Cherokee has also been demonstrated by white hat (ethical) hackers, who seek to expose hacking vulnerabilities.In fact, the number of successful vehicle attacks has doubled every year, with the vast majority (up to 80 per cent) of hacks executed remotely. Therefore, the need for new security techniques that can advance the cyber-resilience capability of vehicles cannot be overstated.
This project is developing new technologies, platforms and software that can support the cyber-safe and secure operation of vehicles and vehicular systems. The research seeks to mitigate the impact of cyber security attacks by early detection of intrusion and prevention of unauthorised access.While there may always be a small element of risk in connected and autonomous vehicles, the benefits of connected vehicles are predicted to improve safety and drivability.
A four-step approach
There are four elements in this research project.
Firstly, the team is developing end-to-end secure firmware and software updates, telematics and infotainment delivery for connected vehicles, including secure gateways. Secondly, they are developing secure and trusted vehicle-to-vehicle, vehicle-to-infrastructure and vehicle-to-everything cooperation and cooperative action for vehicular applications, where vehicles need to cooperate with other vehicles and behave collectively in a self-organised paradigm.
New decentralised authentication schemes with intrusion detection mechanisms are also being developed: authenticating, recording, reporting, fail-safes and alerting (including forensics).Finally, the team is seeking to reduce the risk of data tampering. This involves enabling vehicle computer systems with the ability to identity counterfeiting and sensitive information disclosure from side-channel attacks (i.e. software bugs) and then to develop suitable counter-measures for cooperative vehicle-to-vehicle systems
Connectivity of devices across industry verticals enables solutions once inconceivable within the automotive industry. With high end user expectations, increasingly shorter development life cycles and the pervasive challenge of ongoing cybersecurity threats, considerable changes are required in engineering methods and business models traditionally adopted in embedded systems development.
Chief Expert – Vehicle Access Systems, Robert Bosch
Grants and Funding
The project has received funding ($494,500) from the Department of Industry, Science, Energy and Resources (DISER) under the Automotive Engineering Graduate Program (AEGP).
The project is being undertaken in collaboration with Bosch Australia. The researchers in this project are all based within Deakin’s Centre for Cyber Resilience and Trust (CREST) within Deakin’s Faculty of Science, Engineering and Built Environment.Led by CREST’s Research Director, Professor Robin Doss; Professor Seng Loke, Dr Lei Pan, Dr Frank Jiang, Dr Rolando Trujillo and Dr Leo Zhang all bring world-leading expertise to the project. Professor Doss was named Cyber Security Researcher of the Year in 2019 by the Australian Information Security Association (AISA)
Deakin’s unique cyber ecosystem provides the full spectrum of education, research and translation across all relevant disciplines. The cyber eco-system includes CREST, CyRise – the Southern Hemisphere’s only dedicated cyber security accelerator, the Institute for Intelligent Systems Research and Innovation (IISRI), Deakin Energy, the Applied Artificial Intelligence Institute (A2I2) and the Centre for Supply Chain and Logistics.
Deakin’s business partners in cyber security include companies like DXC Technology, NTT, Cyber CX, PWC and Deloitte, through to global automotive companies, defence and government agencies.
Professor Robin Doss
Research Director, The Centre for Cyber Resilience and Trust (CREST)