Researchers, Auto Makers See No Quick Path to Secure Car Networks
The efforts have not always been positive. A proposed, and poorly worded, law in Michigan, for example, would make hacking a car a crime, no matter the purpose—whether for research or for malicious intent—and with a penalty that could be up to life in prison. Yet, a variety of companies and researchers are focusing on ways to harden automotive systems against attacks. Typically, defenses fall into one of two approaches: either using cryptographic techniques to enforce behavior and trust between the systems or adding the ability to detect and mitigate an attack. Rubicon Labs, for example, uses cryptography to enforce identity on the components of a vehicle's controller area network (CAN) bus. The CAN bus connects ECUs and provides a path for communication between a vehicle's components. Compromising the controllers would be detected by other systems, and any attempts to inject invalid packets into the system would be detected, the company's Schultz said. The problem for such approaches, however, it that, while security researchers have persuaded the automobile industry to focus on protecting their systems, the product development cycle for cars can last the better part of a decade. When Rubicon talks to automotive suppliers, they frequently discuss roadmaps for products extending to 2023 and beyond.Yet, other approaches exist. At the USENIX Security Conference this year, two University of Michigan researchers will present a way to detect attacks using a simple intrusion detection system (IDS) based on knowing the timing of standard messages sent between components connected through the CAN bus. The clock-based IDS, or CIDS, uses the fact that each ECU has its own timing and each is slightly different to create a fingerprint of the devices. If an attacker injects a message, a central monitoring system will detect that the message is invalid. "My way was to do it [as] lightweight as possible without forcing manufacturers to change anything," Kyong-Tak Cho, a co-author of the paper and a Ph.D. candidate in computer science at the University of Michigan, told eWEEK. "It runs independently on one node that can fingerprint others and then verify and authenticate the messages." Because the technique does not require changes to the ECUs or the CAN bus, Cho argues that it will be easily implemented and will not have to be incorporated into the typical product cycle, speeding manufacturers' ability to deploy the technology. In the end, car manufacturers will have to find better solutions to the in-car network security. Changing existing technology to do that, however, will be a tall order, Cho said. "Car manufacturers and suppliers don't put anything in that is not absolutely needed, because it is so expensive," he said. "CAN is very cost-effective solution, so it is very difficult to get rid of it."
"Everybody wants to fix this problem, but it is very difficult when you have the massive fragmentation that you have in this industry to get any one sweeping change to happen," he said.