A few weeks ago I had the honor of presenting a paper related to my prior Verification Horizons blog posts on “How Formal Techniques Can Keep Hackers from Driving You into a Ditch” (Part 1, Part 2) at the annual Society of Automotive Engineers (SAE) World Congress in Detroit, MI. Being an IEEE member for many years, it was intriguing to enter this parallel universe of professionals equally interested in advancing the state of their art. This year in particular, the incredible momentum behind automotive automation gave this conference a palpable energy – below are but 5 aspects of this.
1 – The auto industry is now taking vehicle security very seriously — Apparently the infamous “Jeep hack” story and subsequent recall was a real watershed — automakers and their suppliers took this as a wake-up call to allocate substantial new R&D resources to this area. Indeed, informally scanning the audiences’ badges and striking up conversations in the “Cyber Security” and related “Safety Critical” conference tracks revealed that these sessions were well attended by representatives from all walks of the industry, and the expert panel discussions and papers themselves were very substantive.
2 – Learn to “think maliciously” – from the panel on “With Connectivity, Comes Risks – Cybersecurity and Safety” one of the panelists implored design & verification engineers to always consider how someone could misuse a diagnostic port or routine for evil and not good. Example: think about how something necessary like a command to disable the anti-lock brakes to bleed off the pressure before maintenance can be safely performed could be manipulated by a Trojan Horse to disable the brakes during a deliberately unsafe moment, or when the vehicle crosses a particular GPS geofence area. (In a related Verification Horizons post “ISO 26262 fault analysis – worst case is really the worst”, my colleague Avidan Efody explores a variant of this issue.)
3 – The CAN bus must go, but it’s going to be a painful transition – The Controller Area Network (CAN) is the bus protocol that connects the internal control systems of most cars. Indeed, even a cursory stroll across the SAE World Congress expo floor will expose you to a wide variety of CAN-related offerings. Before cars were connected to the internet CAN served vehicle requirements well; but by computer networking standards it’s not that fast (40 Kbit/s to 125 Kbits/sec) and the payload size is very small (a grand total of 64 bits). This small payload size is CAN’s Achilles Heel – there are simply not enough bits to embed digital signature or other security-related data in a payload this small, leaving the whole bus vulnerable. Hence, it’s trivial to do things like a basic “replay attack” (e.g. recording a door unlock sequence, then “replay” the signals when you want to steal the car without a trace). My personal bet to replace CAN is the emerging Automotive Ethernet standard (that’s already been embraced by BMW, Jaguar, and VW) because all the cyber security work in the computer and mobile networking worlds can be brought to bear.
4 – A new rev of ISO26262 is on the horizon — this is old news for anyone in the Functional Safety field, but semiconductor makers and EDA suppliers should be aware that the upcoming revision has specific provisions for “Semiconductor Functional Safety”.
5 – The auto industry as a whole is reinvigorated – as noted above, thanks to the whole movement toward more automated vehicles, there was energy crackling through the conference. Throughout the sessions I attended, and in the conversations on the expo floor, the engineers and managers from a myriad of disciplines were eagerly unpacking the challenges and brainstorming solutions. Case in point, on a panel on “Collaborate. Create. Commercialize. The Next Gen Supplier Network”, the VP of Purchasing for Toyota North America, a 20+ year veteran of the car business, summarized it best, “There has never been a better time to be in automotive!”
Until the fully autonomous car is in production, keep your eyes on the road and your hands up on the wheel,
Joe Hupcey III
P.S. My colleagues are presenting at the Functional Safety and ISO26262 track at the upcoming IESF Automotive Conference on June 1 in Dearborn, MI – the complete agenda is posted here: https://www.mentor.com/events/iesf/automotive-conference