IT security challenges for continuously connected near-autonomous vehicles

Connected cars are becoming more prominent and will be the standard for cars in the near future. These vehicles are equipped with advanced functionalities such as near-full autonomous driving capabilities, and over-the-air updates. However, cars that are always connected to the Internet also raise the question of security. In this paper, we analyze the current challenges of IT security in continuously connected near-autonomous cars. In this study, we conducted 10 qualitative interviews with security experts from consulting, manufacturing, and software engineering, and we conducted desk research on case studies of failing security in connected cars. Additionally, we surveyed the general public on understanding and awareness concerning the risks of connected cars. Based on 351 minutes of recorded audio and 100 survey responses, we discuss the challenges and potential improvements for IT security in automotive and the awareness about the possible vulnerabilities. Furthermore, we provide an analysis of security breaches based on five p ublished cases. As a result of our findings, w e e mphasize t he need for better and integrated IT security in connected cars. The improvement of security is a joint effort by manufacturers, governments, and car users. We recommend that manufacturers need more IT security expert knowledge to further develop appropriate security measures, governments need to regulate the IT security of cars, and car users need to become more aware of the possible threats that come with continuous online connectivity of their cars.

[1]  Frederick J. Gravetter,et al.  Essentials of Statistics for the Behavioral Sciences , 1991 .

[2]  Péter Gáspár,et al.  Security issues and vulnerabilities in connected car systems , 2015, 2015 International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS).

[3]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[4]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[5]  M. Sheelagh T. Carpendale,et al.  Analyzing Qualitative Data , 2017, ISS.

[6]  Yves Deswarte,et al.  Survey on security threats and protection mechanisms in embedded automotive networks , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[7]  Christoph Schmittner,et al.  The Need for Safety and Cyber-Security Co-engineering and Standardization for Highly Automated Automotive Vehicles , 2016 .

[8]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[9]  Karl Henrik Johansson,et al.  Vehicle Applications of Controller Area Network , 2005, Handbook of Networked and Embedded Control Systems.

[10]  Qiang Ni,et al.  Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cybersecurity , 2017, IEEE Vehicular Technology Magazine.

[11]  Vrizlynn L. L. Thing,et al.  Autonomous Vehicle Security: A Taxonomy of Attacks and Defences , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).