Over the past last months, I have seen so many news and articles about cars that think. More impressive to me are the heavy investments and efforts made by Tesla, BMW, or Google and its artificial intelligence (AI) force (see DeepMind) to produce autonomous vehicles. One may ask, how can security be guaranteed in such vehicles? or how many levels of security must be provided from the physical level to the top layer of the AI machinery?. Digging into the IEEE magazines I came across with this interesting article [Amoozadeh2015], about security vulnerabilities of cooperative vehicular networks.

Acronyms

ACC - adaptive cruise control
CC - Cruise control
CACC - Cooperative ACC
SCMS - security credential management system
V2I - Vehicle-to-Infrastructure communication
V2V - Vehicle-to-Vehicle communication
VANET - vehicular ad hoc network

Definition (local stable system): a system is said to be local stable if the magnitude of the disturbance decreases with time.

Definition (string stability): this refers to the disturbance damps out when propagating to up-stream vehicles.

V2V Background

Consider a V2V network, namely a VANET, where each vehicle makes decisions based on two kinds of inputs, e.g., position, velocity, and acceleration: i) self-information, and ii) other vehicles information. The former clearly sets the particular objective of the vehicle, while the latter provides data to improve the way each vehicle accomplishes/optimizes its own objective. There exists a number of attacks and privacy violation that jeopardize the security of VANETS, which occur due to the dynamic interaction between autonomous vehicles (see [Amoozadeh2015, ref. 3]).

Current Standardization

The main standardization effort for V2V networks in the US is known as Security Credential Management System (SCMS). The SCMS establishes several technical requirements and clearly illustrates the huge technical challenge of providing real-time security in V2V and V2I. The federal government in the US defines the following primary elements of security:

V2V communications (the medium, the messages/data, the certificates, and any other element that supports message exchange);
V2V devices; and
V2V security system itself (through organizational, operational, and physical controls).

Many other aspects of the standardization of V2V are discussed in detail here.

Another important standard for V2V is the IEEE 802.11p, which provides support for wireless access in vehicular environments and Intelligent Transportation Systems (ITS) applications. A nice commercial example of inter-connection and ubiquitous communication for public transportation is provided by Veniam, a tech company that deploys city-level solutions based on 802.11p. More information regarding to standards for vehicular communications can be found in [Karagiannis2011].

Cooperative Adaptive Cruise Control

The CACC is an enhancement of ACC that allows more robust and stable metric measurements - of braking and accelerating devices - and cooperation between a set of V2V devices or platoon. The devices exchange information through beacons containing vehicle identity, position, speed, acceleration information, which are periodic single-hop messages broadcast by each device.

Attacks on CACC Vehicle Streams: a layer-based taxonomy

Application Layer Attacks
This kind of attacks may have an effect over the entire VANET but the main objective is to initially disrupt the performance of few vehicles and wait for a ripple effect:

Message falsification: the adversary listens to the medium, receiving the beacons, manipulates their content, and rebroadcast the malicious messages.
Spoofing: the adversary impersonate another vehicle in the stream and injects fraudulent information into a target vehicle.
Reply: the adversary receives and stores beacons and resend them after some time. Such beacons contain outdated information and can dramatically disrupt the performance of the VANET.

Effects: generates instability in the vehicle stream and potential collisions.
Measurements: digital signatures, data integrity metrics, authentication, etc., which are particularly effective against outside attacks.

Network Layer Attacks
The adversary targets the entire network, for instance, a DoS attack can affect the capability of the V2V devices to properly perform CACC.

Radio jamming: in the 802.11 standard the adversary can target the control channels (CCH), disrupting the communication of the whole network.

System-level Attacks
This kind of attacks are by far the most dangerous since they can be put in place from the design of the network and can be exploited by insider and outsider adversaries.

Tampering a vehicle's hardware or software: this can attack can be performed by an insider at the manufacturing level or by an outsider in an unattended vehicle.
Due to implementation limitations and design complexity there is not 100% tamper-proof hardware. However, different techniques that can be applied to assess the robustness of the systems: tamper resistance, evidence, detection, and response.

Privacy Leakage Attacks
Since the beacons can be analyze by the adversary, this may result in privacy issues:

Eavesdropping attack: targeting a particular device extracting its information and identifying the devices in the CACC stream.

Countermeasures for Detecting Attacks

The authors in [Amoozadeh2015] discuss about the following actions to improve CACC vehicle streams by detecting compromised or faulty sensors/devices/vehicles:

1. Local plausibility check: a fault sensor can be detected by verifying whether or not the income/input/output information is plausible.
2. Wearables and mobile devices: due to the large number of sensors at personal mobile devices, one approach to improve security is to let the mobile device to verify the data sent or received by the vehicle.
3. Voting: if the previous local measures fail, periodic voting can enable vehicles to collectively shield themselves against a misbehaving vehicle.

Final Remarks
The articles stresses the fact that attacks performed from inside the VANET are the most dangerous, which clearly suggest that access control and membership (aggregation) should be the primal initial actions to establish V2V communications. This new technology has a long way to go before being massively deployed, and much effort is required to understand and identify the security issues in autonomous vehicle networks.

References

[Amoozadeh2015] Amoozadeh, M.; Raghuramu, A.; Chen-Nee Chuah; Ghosal, D.; Zhang, H.M.; Rowe, J.; Levitt, K., "Security vulnerabilities of connected vehicle streams and their impact on cooperative driving," in IEEE Communications Magazine, vol.53, no.6, pp.126-132, June 2015. doi: 10.1109/MCOM.2015.7120028

[Karagiannis2011] G. Karagiannis et al., "Vehicular Networking: A Survey and Tutorial on Requirements, Architectures, Challenges, Standards and Solutions," in IEEE Communications Surveys & Tutorials, vol. 13, no. 4, pp. 584-616, Fourth Quarter 2011. doi: 10.1109/SURV.2011.061411.00019.

We hope this has been informative for you, and we'd like to thank you for reading.