V2V Communications security considerations

The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications and growth of these technologies can be attributed to the many benefits that they may provide both drivers and the community as a whole.

However, there are concerns regarding privacy and cybersecurity that must be properly addressed for complete autonomous vehicles to become reality.

What is V2V and V2I communication

Large tech and automobile companies are working together to develop the infrastructure and technologies necessary to provision this budding industry. A move to realise complete autonomous (self-driving) vehicles on our roads. This is a billion-dollar industry supported by governments and industries alike- far from reality for most presently but the shift to this convoluted eco-system is likely part of our near future.

Vehicle-to-vehicle (V2V) communications, is a system designed to convey basic safety information between vehicles to facilitate warnings to drivers concerning imminent crashes. Vehicle-to-infrastructure (V2I) communication uses the same technology that supports V2V safety applications. Enabling a broader set of safety and mobility applications when combined with compatible infrastructure on the road. Together V2V and V2I support a wider intelligent transportation system.

Ultimately V2V and V2I communications aspire to make our roads a safer place. The focus is changing from manufacturing vehicles in a manner to reduce injury and fatality during an accident to instead stopping collisions from occurring altogether.

These systems are devised to transmit data between vehicles and other entities (on the road) in real-time to provide warnings to drivers and other vehicles. As information is communicated between vehicles the systems can only function efficiently if majority of vehicles on the road have these communications systems functioning. Vehicles can then work together through transmitting vital information to neighbouring vehicles and thus improve safety and efficiency on the roads. This is very positive-thousands of lives can be saved (if extensively deployed) but the benefits are being overshadowed somewhat by cybersecurity and privacy concerns.

For the communications to work data must be collected in real-time. The required data includes, but is not limited to: the location of the vehicle (and thus the driver), the direction of travel and the speed of the vehicle. This data is remitted to neighbouring vehicles and infrastructure in real-time (almost constantly).

Some are concerned that their activities will be tracked by others using V2V communications as their location is being transmitted, incessantly, to all neighbouring vehicles. People are concerned for their privacy and want to be assured that their privacy is not compromised as a result. Consumers want to be sure that their identity will always be protected.

Cybersecurity has also been highlighted as a concern for many. What if adversaries are able to hack the system and disrupt or tamper with communications? What if false messages are communicated? The severity of a security breach in such a system, one of vehicles in motion, is pronounced.

Where we are now and where we are heading

The reality for most of us is that we step into our vehicle, start the engine and are then completely in control of the vehicle that we are driving. Over time, vehicles have become more intelligent and changes have been made to vehicles to improve safety. We have seen the addition of safer breaking systems (like ABS) and systems to assist the driver to maintain a certain speed however these changes have not impacted our control of the vehicle and the vehicle has remained isolated from other vehicles and surroundings. Furthermore, up until now, any advanced safety features have not given any cause for cybersecurity concern.

We are quickly heading to a scenario where vehicles are controlled by software components with wireless connections to other vehicles and surrounding infrastructure-this is a complex set-up with connected and interacting systems. Unlike previous changes to improve safety on the roads, these drastic changes will impact cybersecurity. A whole new potential threat area opens up. The potential to abuse the systems and criminal interference cannot be overlooked.

Although the fundamental benefit is to reduce collisions, hence fatalities, an array of additional benefits is initiating quick progression of these systems. With the deployment of these systems traffic flow can be improved, traffic can be guided or redirected, risks can be detected before they become hazardous and overall traffic safety can be improved allowing roads to become more efficient.

V2V and V2I communications are the cornerstones to any widespread autonomous driving platform as vehicles must be able to communicate (to each other and the surrounding infrastructure) in order to ensure safety. Security for V2V is a looming issue.

Addressing security and privacy concerns

Vehicle functionality, safety and privacy are all dependant on the functioning of the interconnected components and their availability. Security by design is fundamental and the need to address privacy during development of these interconnecting systems is very important. Security must be an integral part of the software and system design and not an afterthought. Malicious attacks must be anticipated and the design such that risk and impact can be minimised.

A transparent design of components and systems often ensures that the technology is better secured as people are able to inspect and deliberate- meaning any vulnerabilities can be picked up more easily. It is important to bear in mind that adversaries are also able to spot flaws and use them in a malicious manner. Through the implementation of personal data protection, as part of security by design, the security will improve privacy.

The design should follow a risk based approach to achieve a secure environment. A risk analysis will allow the necessary controls to be identified and developed and put into practice to ensure the security level is reached.

As numerous manufactures exist a common set of security requirements should be met and a standard approach taken to obtain compliance with privacy and security requirements. Car manufacturers are global entities and cars produced in a certain country are not only limited to use in that country- they are used globally. Security and privacy must meet a global approach (a global accepted security standard) and satisfy all countries.

A Standardised approach to design and development is essential to ensure security is achieved and it is done in the best interest of the consumer/public. Components and systems will need to be used across vehicle brands and models and throughout the globe. Proprietary systems will not support this.

Operational security is fundamental. This includes availability, integrity and confidentiality. It is important that a process is followed to ensure that specified requirements are fulfilled. A process that involves application and product testing, evaluation of results to ensure criteria is met, decision on how to proceed after testing and evaluation, continued surveillance and maintenance once marketed to ensure that the product remains up-to-date and secure.

Not only is successful V2V dependant on a great system design but it also requires functionality that enables continuous updates, monitoring and improvement to system security. Just because the vehicle appears secure at present does not mean that it will not be vulnerable at a later stage. As with other technologies, vehicles must be able to be accept security updates and patches to maintain and improve security as required. There should also be a system in place to detect and remove a vehicle that is not secure or working as intended.

As the components and systems are interconnected it is important to ensure that the principle of least privilege is practiced so that functions and systems can be isolated to reduce the risk of compromising the entire system.

Privacy is essential for both consumer and all parties involved. Privacy criteria should be attributed to these systems as with any other technology that processes data. Fundamental privacy considerations include:

• Transparency-  provide clear details on how the data collected is used
• Allowing users to choose how their data is collected, shared and used (an option for opt-in or opt-out)
• Understand the rights of the customer/public
• Know how the data is being used and inform those involved of this
• Know who will be using the data-governments, industry and authorities
• Keep data to a minimum- only keep data that is required
• Retention of data- only keep data for as long as it is required
• Make sure that the data does not identify the individual
• Data security-secure data with appropriate measure to protect it from loss and unauthorised access.

Parties working to make autonomous vehicles reality are aware of the privacy and security concerns.  Collaboration is taking place amongst automobile industries, their suppliers and government to mitigate security and privacy risk arising from these systems. An industry-government partnership has come up with a complex system to address these concerns and put consumers at ease.
No system is ever completely impenetrable but the V2V systems are being designed with security as a precedence and this makes it much more arduous to manipulate.

If we do it right our roads can be a much safer for it

As with many new and evolving technologies we are once again faced with the great benefits but also looming potential threats. These must be addressed if the ultimate goals are to be achieved whilst ensuring consumers are at ease.

It is inevitable that autonomous vehicles will become part of our near future, it will just be a matter of time for mainstream uptake. The insecurities must be ironed out though. Getting this right will depend on effective and secure communication between vehicles and road infrastructure. It will require a standardised approach and governance will need to ensure flexibility and resiliency while maintaining the required level of security and privacy.