This is the first article in a series. Be sure to read Part II for the full story.

Since the inception of the first vehicles in the early 20th century, the automotive industry has gone a long way to satisfy market-driven requirements and evolve cars into a means of transportation that engages state-of-the-art electronics and information technology for passengers’ comfort and entertainment.

The Value of Connected Vehicles

In particular, recent years have seen vehicle connectivity as a fundamental part of the connected society. This gives rise to a host of value-add services that benefit all stakeholders in the automobile ecosystem. The value proposition of connected vehicles has been rapidly embraced by the industry, with expectations for 250 million connected vehicles shipped by 2020, according to a Gartner report.

Stake Holder Value-Add Services (examples)
Car owners Social navigation (e.g., Waze), individualized infotainment, automated driving support.
Automakers Enablement for new business models and revenue streams (e.g., pay-as-you-drive models for car insurance), proactive aftermarket diagnostics (e.g., predictive maintenance), over-the-air ECU firmware updates.
Businesses Optimized transport services such as real-time fleet management.
Municipalities Smart city services such as traffic congestion management and emission control.
Scroll to view full table

Table 1: Benefits for Stakeholders

However, along with the benefits of connected vehicles come the risks associated with security breaches, as well as concerns over data privacy. The reason for this is that the automobile, a product that was originally purely mechanical, has evolved into a complex IT network on wheels. Vehicle original equipment manufacturers (OEMs) have always been keen to put driver safety as a top priority, and this has been the major motivation behind developing driver assistance systems. While these programs have dramatically improved passengers’ safety over the last decade, cybersecurity risks became relevant for the OEMs when the vehicle became connected to the Internet and offered outsiders access to the vehicular network.

Nothing Is Without Risks

These risks are now amplified by the fact that modern vehicles are among most complex software-driven system invented by mankind. Certain studies have estimated that an average modern car hosts around one hundred million lines of software code, roughly twice the size of the software that drives the Large Hadron Collider in Switzerland, the largest particle accelerator ever built.

Moreover, vehicle software and firmware manage anywhere between 70 to 100 electronic control units (ECUs), which are connected by many Controller Area Networks (CANs). Since vehicles now employ multiple communication protocols to connect with other machines and infrastructure systems, and they are equipped by a host of related communication features (e.g., Bluetooth, USB ports and even near-field communications), the connected vehicle threat surface is wide and highly exposed to attacks, as various researchers have observed.

Many credible automakers have fallen prey, often publicly, to attackers that exploited those vulnerabilities. Those automakers were forced to issue expensive recalls in order to patch security vulnerabilities. They likely have also incurred indirect damages to brand value and reputation.

Using an IDS for Protection

Given the high stakes, industry players conduct important research to develop solutions for securing connected vehicles. A popular approach pursued by several vendors is a specialized intrusion detection system (IDS) for vehicles, wherein elaborate analysis algorithms — possibly implemented in an embedded device — are used to continuously inspect the car’s internal communication network. When a threat is detected, a corrective action is taken; for example, the communication channel is blocked, and an alert is potentially raised.

While the vehicular IDS approach has merit, it also has limitations. First, a vehicular IDS mainly inspects and reasons about communication traffic exchanged among the ECUs over the vehicle’s CANs. While this information is important, especially if an IDS applies elaborate analysis techniques, the insights obtained from such local analysis represent only a relatively small subset of relevant security events internal to the vehicle’s environment. Some attacks on the vehicle may be detected with this approach, yet many sophisticated attacks — such as Sybil attacks, where an adversary forges the identities of many imaginary cars to subvert the network — will remain undetected.

Another limitation of vehicular IDS is the constrained processing and memory resources that such a device can consume due to the cost sensitivity of automakers and price sensitivity of buyers. Those constraints and the low computational footprint available for an IDS in the car inherently limit the performance and quality of the security coverage that can be provided.

The Final Word

A comprehensive solution for connected vehicle security must reconcile conflicting requirements and address multiple design challenges. On the one hand, as described above, the threat detection potential at the vehicle level is limited; on the other hand, a centralized, server-based architecture will not be a proper solution either. The dynamics and scale of a broad vehicular network would impose severe computational and communication costs in managing the network and uploading security data from the vehicles to the server. A solution that provides a comprehensive real-time security view must therefore reconcile the above design trade-offs and integrate multiple capabilities.

In the coming International Motor Show in Frankfurt, Germany, we will present a prototype solution for securing connected vehicles, based upon research conducted by IBM in its Cybersecurity Center of Excellence in Israel. Our solution is based on a client/server architecture where an in-vehicle component communicates with a cloud-based server component. Using a novel approach for coordinated anomaly detection, this powerful solution, designed in the IBM Lab, can identify attacks on the integrity of both individual vehicles and across vehicle networks.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today