Connected cars: vulnerable to cyber attacks?

With the TAM project, SystemX is continuing its work on cybersecurity and the protection of the privacy of autonomous, connected and cooperative mobility systems.

The SystemX Technological Research Institute (IRT) launches the Trusted Autonomous Mobililty (TAM) R&D project focused on end-to-end cybersecurity and privacy protection in Cooperative Intelligent Transport Systems (C-ITS), to connected, cooperative and autonomous mobility. For a period of 36 months, TAM brings together 7 industrial partners (Atos-IDnomic, Navya, Oppida, Renault, Stellantis *, Trialog and Yogoko) and 1 academic partner (Institut Mines-Télécom). It also benefits from the support of two institutional partners, ANSSI and the French Automobile Platform (PFA).

The TAM project, which is in line with the SCA project completed in November 2020, deals with use cases related to intelligent, autonomous, connected and cooperative transport and addresses 5 new challenges:

Guarantee end-to-end security, in a context of different actors / operators and multiple and wireless connectivity

The arrival of emerging communication technologies (LTE-V2X or 5G) favors the deployment of new use cases of C-ITS whose resource needs cannot be met by current technologies. The hybridity of communications being an additional vector of attack risks, the cybersecurity solutions deployed must be interoperable and meet the security requirements of C-ITS applications regardless of the technologies used. In addition, connectivity losses due to the wireless environment and high mobility are also a risk vector. The cybersecurity protocols deployed must be robust in the face of these disconnections and allow a return of reliable and secure connectivity on another network (redundancy).

These obstacles will be addressed through use cases of the autonomous and connected personal vehicle (issue of collective perception: how to validate the confidence in the data which come from the sensors of other vehicles and to detect whether they are erroneous intentionally or not? ) and the autonomous and connected shuttle (in the event of loss of connectivity, how to restore the security of communications between the shuttle and the remote assistance center? how to promote remote interventions with voice or video transfer in the event of blocked or at risk?).

- Maintain the Cooperative Intelligent Transport System in safe conditions throughout the vehicle’s life cycle

While the lifespan of a vehicle is around fifteen years on average, the technologies used by C-ITS are evolving rapidly, both in terms of hardware and software. Also motivated by the UN R155 regulation, it is essential that the cybersecurity solutions deployed in the C-ITS can be kept up to date throughout the life of the vehicle and are agile, that is to say capable of adapt to changes. To this end, the TAM project will endeavor to specify protocols and a crypto-agile architecture, to implement and test them.

In TAM, the partners will also study more upstream cybersecurity solutions such as post-quantum algorithms. This research will focus on identifying existing solutions in IT and seeing how to adapt them for C-ITS.

Finally, the management of digital identities associated with a vehicle throughout its life cycle is also an unresolved issue today. Several issues will be studied in TAM: how to remove the digital identities of the vehicle when it is sold to a third party? How to reinsert a vehicle that has been disabled / ejected from the system due to malicious behavior?

- Extend the Misbehavior Detection system developed in the SCA project to new use cases

The Misbehavior Detection system developed as part of the SCA project aims to supervise exchanges between autonomous and connected vehicles to detect malicious behavior and react in an appropriate manner. In the SCA project, only the kinematic data (CAM = Cooperative Awareness Message) of the vehicles had been taken into account. In the TAM project, other messages will be sent such as CPMs (Collective Perception Message), which allow the exchange of sensor data between vehicles and promote collective perception.

To define whether it is an abnormal behavior that is unintentional (failure) or intentional (malicious), Machine Learning / Deep Learning algorithms are used. These algorithms can also be the target of attacks, which can bias the system. The TAM project will aim to put in place countermeasures in order to make these algorithms more robust and not to divert their use.

This work will help improve the Misbehavior Detection solution developed in the SCA project and currently being standardized at ETSI, by integrating new use cases (collective perception in particular).

A thesis on the theme “Misbehavior Detection for collective perception” will also be carried out and will aim to develop an algorithm capable of guaranteeing the high level of confidence required in the data exchanged between vehicles.

- Guarantee the protection of the privacy of users and their data

Data sent by vehicles is considered private. Although they are not directly linked to the identity of the owner, their analysis makes it possible to draw up user profiles, or even to find the places visited by these users (home, workplace, schools, shopping centers, etc.). However, this data is ephemeral and should not be treated as persistent internet data.

Each C-ITS actor (manufacturers, equipment manufacturers, road managers, telecom operators, etc.) has a different view and understanding of respect for privacy. One of TAM’s objectives is to get all the players to converge on a common vision of respect for privacy and data protection in C-ITS, in particular through the definition of protection models. data that is understandable by all (and in particular end users).

- Study the impact of cybersecurity on the operational safety and decision-making of the autonomous vehicle

The TAM project will focus on the impact of cybersecurity attacks on operational reliability. For example, if a camera is defective, it will be complicated to validate the data coming from the neighboring vehicle. Conversely, it will also be interesting to study the impact of failures (operational reliability) on the cybersecurity of the system. The objective is to perform a system analysis that combines these two aspects. The project partners will identify an existing solution in the state of the art and will evaluate it on a use case to meet this challenge.

A real environment demonstrator will be developed at the end of the project, to assess and test the performance of the proposed solutions. These experiments could be enriched by simulation evaluations, which will make it possible in particular to apprehend the performance of large-scale solutions (scale of a city for example). The development of a specific use case linked to the international events of 2023-2024 (Rugby World Cup 2023, Paris Olympics 2024) on the demonstrator is envisaged.

“The TAM project will capitalize on all the results of the SCA project, which had made it possible to remove many scientific and technological obstacles linked to the cybersecurity of C-ITS communications. The vast majority of partners responded again to continue to investigate this subject even more in depth and other underlying, complex and changing subjects that constitute the cyber and privacy issues related to autonomous mobility. , connected and cooperative ”, explains Arnaud Kaiser, TAM project manager, SystemX.

The TAM project in a nutshell

Duration: 36 months

ETP: 20

8 industrial and academic partners

Application sectors: mobility and autonomous transport, defense and security

Issues / challenges:

- Study new use cases for the autonomous, connected and cooperative car and shuttle

- Maintain a high level of safety throughout the life cycle of the autonomous car and shuttle

- Develop the Misbehavior Detection solution developed in the SCA project and extend it to new use cases

- Define a common vision for the protection of the privacy of cooperative STIs

- Study and assess the impact of cybersecurity on operational reliability

* Stellantis: born from the merger between Groupe PSA and FCA Group.


Please enter your comment!
Please enter your name here