Signal Authentication May Be Key to Protecting Against Car Hackers

When you and your family are zooming along the freeway, the last thing you’re worried about is the security of your car’s computer systems. That’s one reason Ohio State University Associate Professor Emre Koksal devotes most of his time to thinking about how to protect vehicles from cyberattacks.

Koksal’s electrical and computer engineering research team is focused on the security of wireless interfaces utilized by vehicles, the number of which will only grow as autonomous cars and trucks roll closer to reality. These interfaces in our vehicles, not unlike the computers in our homes and in our hands, can be susceptible to attacks, also known as hacks. The major difference is that attacks on a vehicle’s computer systems, which are connected to critical controls, can have potentially fatal consequences.

“Connecting vehicles is a great thing,” said Koksal, “Arguably, the ability to connect vehicles wirelessly is the biggest enabler of autonomous and intelligent transportation systems, which promise many safety benefits. On the other hand, now that a vehicle’s computers are connected, you introduce security issues that can affect the safety of those inside and near the vehicle.”

Examples of security issues include fake signals or messages transmitted to a vehicle. Koksal and graduate student Amr Abdelaziz believe signal authentication is the front line of cyberattack defense.

“When my vehicle receives a signal or a message from another vehicle—for instance a public safety vehicle—how do I know for sure that it is coming from that vehicle and not a hacker,” Koksal explained.

Koksal’s authentication approach involves multiple input, multiple output antenna technology, or MIMO for short. With MIMO, multiple antennas at both the transmitter and receiver are combined to minimize errors and optimize data speed. According to Koksal, MIMO also enables estimation and detection of the signal’s direction.

In addition to utilizing proven cyber encryption methods to authenticate the content of a signal, Koksal’s team proposes using MIMO, including roadside antennas, to verify the transmitter’s claimed location. This layer of authentication would be especially important if your vehicle is on a busy highway and it receives a signal that the vehicle in front if it just stopped suddenly. In milliseconds, both the content and location of the signal must be verified.

Current approaches toward achieving cybersecurity in vehicular communication is based on public key infrastructure (PKI). The Ohio State research team asserts that PKI-based authentication can be broken via GPS spoofing, where someone can take an authenticated radio and transmit fake signals from an external location. This security opening has potentially fatal consequences as vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications become more widespread.

Cyberattacks, or the vulnerability of such attacks, can also deliver a heavy financial penalty. In 2015, Chrysler issued a recall for 1.4 million vehicles after security researchers working for tech magazine Wired demonstrated how to control a Jeep Cherokee remotely.

Koksal and Abdelaziz presented a limited version of this work at the 2016 IEEE Vehicular Networking Conference last December. In addition to low-mobility security experiments conducted at Ohio State’s Center for Automotive Research, the team recently completed high-speed experiments at university-affiliated Transportation Research Center in East Liberty, Ohio.

Koksal’s research is supported in part by the National Highway Traffic Safety Administration’s (NHTSA) Vehicle Research and Test Center (VRTC) and by the Office of Naval Research (ONR).

Source: Ohio State University