Cybersecurity concerns surrounding connected and autonomous vehicles have been present ever since
C/AVs entered the ITS space. Alarm bells started ringing in 2015 when hacking experts illustrated the vulnerability of car systems by remotely hacking a 2014 Jeep Cherokee, apparently controlling the steering and braking. Fiat Chrysler recalled 1.4 million vehicles as a precaution.
Such demonstrations undoubtedly raise concerns about the safety of the new technology, but Commsignia has recently completed a project that sets out to win people over.
The company worked with a consortium including NXP, Ficosa, Indra and TNO to prove that Vehicle to Everything (V2X)-based cellular ITS (C-ITS) can withstand hacker attacks.
The Secredas (Product Security for Cross Domain Reliable Dependable Automated Systems) project set out to build a reference architecture for secure and safe automated systems.
The three-year initiative received funding within the Electronic Components and Systems for European Leadership Joint Undertaking (ECSEL JU) in collaboration with the European Union’s H2020 Framework Programme (H2020/2014- 2020). Commsignia built pilot sites and recorded demonstrations in Helmond (Netherlands), Madrid (Spain) and Modena (Italy).
The problem with intersections
Intersections present a particular issue for C/AVs: since all participants are present at the same time, they are among the most complex parts of the road network.
“We build products that need to be hack-proof from the outside, but also from inside the vehicle,” says Andras Varadi, research director of Commsignia.
In Helmond, the firm’s roadside unit (RSU) was connected to traffic lights, smart cameras and ultra-wideband (UWB) radio devices at an intersection in the Brainport region’s Automotive Campus, which offers technology and related test facilities for auto businesses.
The test covered a cybersecurity issue recognised in the industry as ‘misbehaviour’ – these are situations when false environmental information is generated by an authenticated and trusted ‘node’ (traffic participant) as a result of an intentional attack.
The company points out that settling on who is false is “extremely difficult” since all nodes are equal in a cooperative set-up – yet obviously these cases must be recognised and prevented from causing a dangerous situation in traffic.
In an initial scenario, Commsignia’s algorithm detected ‘sudden-stop’ misbehaviour in which messages falsely claimed that a car had stopped immediately, even though it was actually moving on.
Motorists can become distracted if a vehicle’s V2X system receives such a message, perhaps hitting the brake unnecessarily if they are driving in dark or foggy conditions. In some cases, these false messages may force traffic to move in a dangerous direction, causing chaos and collisions.
Beware false messages
A second test used a smart camera to address a false message created by fake deceleration misbehaviour. It realised there was a mismatch of information between the video stream and the V2X subsystem.
Part of the demonstration looked at situations when messages contain information about an obstruction on the roadway – where no obstruction actually exists.
To detect the potential attack, the car’s on-board unit (OBU) continuously compared different information sources, including the data received from the RSU and the information from the vehicle’s on-board sensors.
In this scenario, the road infrastructure network sent a false CPM message stating that an object is on the road. The radar sensor on the vehicle shows that there was nothing in that area. This sensor was connected to a Commsignia OBU, where the misbehaviour detection algorithm detected the inconsistency between the two data sets.
A fourth demonstration addressed how signal phase timing misbehaviour may happen when a message states the light is green in all directions at an intersection – a situation that could have catastrophic effects. Algorithms running on the OBU checked the status of traffic lights and filtered out wrong information to prevent accidents.
The company’s algorithms also sent reports, allowing authorities to revoke the misbehaving devices’ certificates to prevent other V2X devices from accepting their false messages in the future.
For example, both vehicles and infrastructure devices may send false messages in situations where a camera installed on a lamppost glass gets dirty, broken, soaked or hit. The other V2X devices on the receiving end may also be on vehicles or on lampposts.
Looking out for VRUs
As part of the project, Commsignia developed safety features as well as a roadside system based on UWB technology to better locate vulnerable road users.
It connects pedestrians and their smart devices (UWB tags, iPhones, smart watches) to the digital road infrastructure and thereby improves their safety.
For the demonstration, TNO’s car was equipped with a V2X on-board unit operated on a closed road section near Helmond.
As the car approached the intersection, a pedestrian was also moving towards the crossing carrying a UWB tag. This allowed the UWB anchors placed on lampposts to locate the tag and the pedestrian.
The vehicle and pedestrian received a warning as the individual walked forward to the side of the road.
Commsignia points out that UWB has the potential to expand the V2X ecosystem with a “relatively cheap” technology, while its V2X RSU does the “translation” to make location data useful.
The firm worked on sensor integration – which in this case was the UWB – to get a clear picture of what was happening on the road and provide accurate information to V2X-enabled road users.
In Madrid, Commsignia’s V2X unit sent information about roadworks. Meanwhile, the company’s ITS-RS4 roadside unit distributed environmental information with standard Day2 Cooperative Perception Service in Modena.
Varadi says security is critical in vehicular communications for self-driving if we want vehicles to rely on external information.
“We’ve learned a lot with our partners in the Secredas project about how to protect vehicles from cyberattacks and how secure components must be assembled to create a secure system,” he continues.
“Furthermore - thanks to misbehaviour detection - we are now even protected against misinformation from trusted sources.”
Cybersecurity may be a tough nut to crack, but Commsignia’s involvement in the Secredas project shows that collaboration may be the best way to get consumers on board with the technology.
Secredas: three years in the making
The first year of the Secredas project identified use cases that describe particular situations in which a user interacts with an automated system and its outside environment. These cover things like the way a vehicle is accessed for use or interacts with other vehicles while driving or at a crossroads.
The partners then identified headline threat scenarios and sub-scenarios – coincidental as well as malicious – which could affect the security or safety of the automated system and thereby endanger the user if not prevented or counteracted on time.
The threat scenarios were analysed and led to the definition of hardware and software component requirements that address each scenario and thus safeguard the autonomous system’s security and the user’s safety.
In the second year, the partners worked on the development of the hardware and software components and on validation of the effectiveness of each demonstrator against the different threat scenarios.
For the third year, a selected number of components were included in field tests in which autonomous test vehicles ran through the use cases and were placed on different threat scenario environments. This involved the simulation of external attacks on the system’s internal network and interaction with other networks, such as sudden occurrences on/near road and rail infrastructure.
