A new study examines the cybersecurity risks for autonomous and internet-connected cars which, like anything else in the cybersphere, are vulnerable to attack.
"Driverless and connected cars are increasingly becoming a part of our world, where cybersecurity threats are already a reality," said Ravi Sandhu, a professor of computer science at The University of Texas at San Antonio. "It's imperative that we support research that addresses these concerns and presents a strong, innovative solution."
Sandhu, the founding executive director of the UTSA Institute for Cyber Security (ICS) worked with doctoral candidate Maanak Gupta on the study. It proposes an access-control architecture and authorization framework to provide a conceptual overview of various decision and enforcement points in the smart car ecosystem.
"There are vulnerabilities in every machine," said Gupta. "We're working to make sure someone doesn't take advantage of those vulnerabilities and turn them into threats. The questions of 'who do I trust?' and 'how do I trust?' are still to be answered in smart cars.”
Of course, vehicles with internet connectivity offer the potential for many conveniences and innovations. They could allow for real-time and location-sensitive communication between drivers or pedestrians, helping to make the roads safer for both. The connectivity could also allow the cars to capture safety and environmental conditions around the vehicle, including road obstructions and accidents. It could also enable real-time vehicle-to-vehicle (V2V) interaction on the road.
Yet where vehicles are concerned, the possibility of cyberattacks takes on an especially ominous tone. “Can you imagine if someone controls your car steering remotely, or shuts down the engine in the middle of the road?" Gupta said.
"If we're going to open the world to cars driven by machines, we must be absolutely certain that they aren't able to be compromised by a malicious attack," he added. "That is what this framework is for."
The study can be accessed here.