Emerging Paradigms in Vehicular Cybersecurity

Abstract

& CURRENT GENERATION VEHICLES include an average of 100 million lines of code and 60 electronic control units (ECUs). It is estimated that there will be 220 million connected cars, globally, by 2020. With the growth of Internet-of-Things-enabled technologies in vehicles, such as power and infotainment systems, remote locking and unlocking, remote engine start, navigation, and autonomous driving features, the potential threat vectors for malicious cyberattacks are rapidly expanding. A taxonomy of vehicular security attacks to provide the general outline of an attack including who the attackers could be, what tools they might use in the attack, the actions taken with those tools, and the attackers’ overall objective for the attack is presented in Figure 1. As an example, software vulnerabilities could be exploited to remotely take control of safety-critical systems including the brakes in the vehicle. Thus, there is a growing concern that vehicles can be hacked, and the user data can be stolen. These cyberattacks are a threat to the reliability and safety of the car and to the privacy of the driver. As per the report “Cybersecurity Best Practices for Modern Vehicles” published by National Highway Traffic Safety Administration (NHTSA), the United States Department of Transportation (DOT)’s top priority is to enhance vehicle cybersecurity for mitigating cyber threats that could present unreasonable safety risks to the public or compromise sensitive information such as consumers’ personal data. Various vehicular attacks can be broadly classified into the following categories.