CONTACT US (https://www.lhpes.com/cs/c/?

cta_guid=423f0759-bff9-4c44-b0c5-999ae4fddba3&signature=
bc676cb6798e&click=cfa3df9c-f2ee-407e-9361-fa6233f59d9f&hsutk=15108e2c161789d9ed496f1141bee07e&
autonomous-vehicles&portal_id=2512687&redirect_url=APefjpGEvJ4Lf0fkcU
QqAu47T4puGk9gZZ55_fGVAgKj5nQUY4h94&__hstc=182015288.15108e2c161789d9ed496f1141bee07e.1667197
(https://www.lhpes.com/)

6 min read

What are the

Cybersecurity
Challenges for
Connected and
Autonomous
Vehicles?
(https://www.lhpes.com/blog/what-
are-the-
cybersecurity-
challenges-for-
connected-and-
autonomous-
vehicles)
By Kelly Stephenson (https://www.lhpes.com/blog/author/kelly-stephenson) on Aug
9, 2022 3:13:40 PM

Tweet Share Like 0 Share

Topics: Cybersecurity(https://www.lhpes.com/blog/topic/cybersecurity)

What are the cybersecurity challenges for Connected and Autonomous

Vehicles?

Introduction
The cybersecurity challenges presented by autonomous and connected vehicles
offer a wide array of learning opportunities. Skills from a variety of disciplines can be
applied to solving these problems. While this knowledge plays a critical role,
perseverance and an insatiable desire to take things apart and find out how they tick
can be the most powerful cybersecurity (/automotive-cybersecurity) tools of them all.

Control of the system

Helpful skills or knowledge sets
The automotive realm is certainly no stranger to people testing the limits of their
vehicles, trying to break things, getting to know their cars from the inside out, and then
modifying them. That's the very definition of an automobile mechanic from the first days
of vehicles. These days, there are a lot of parallels between hardware folks and
software folks who are all trying to take the cars apart and figure out how they tick. The
two play nicely together because it's the same kind of mindset.

(https://www.lhpes.com/cs/c/?cta_guid=2f2d5e04-d9bd-444b-af4a-
1e9c03ac1d8d&signature=AAH58kHR4VgwFARZRIecA7BWFPGYyr4vcw&pageId=81
546602317&placement_guid=b3b8e582-af5e-4788-9bef-
68836d1385fd&click=22f5c4f1-6b83-4513-b620-
03454ff7a052&hsutk=15108e2c161789d9ed496f1141bee07e&canon=https%3A%2F%
2Fwww.lhpes.com%2Fblog%2Fwhat-are-the-cybersecurity-challenges-for-connected-
and-autonomous-
vehicles&portal_id=2512687&redirect_url=APefjpF2w1k9mVYW0YodAOLknkUgpsuXdr
J6xCKsZuNW0LBrNecmjLx8HuBtPoEgtv58AJQ2EjmLVaScNvIiGHi1ODJMRJH2nOLPI
5LU9z6Ep8yUSfePrLLVi394VrUypGBXUJ9OuBxOAS50DNZWkFyZB0yRKI7p0w&__hs
tc=182015288.15108e2c161789d9ed496f1141bee07e.1667197736730.166719773673
0.1667197736730.1&__hssc=182015288.1.1667197736731&__hsfp=391301723&cont
entType=blog-post)

CAN Bus
If you understand the vehicle communication lines and buses and the way data is
transferred back and forth, those transfer technologies are not very specific to the
automotive industry. For example, the Controller Area Network (CAN bus) protocol is a
robust vehicle bus standard that allows microcontrollers and other devices to
communicate with each other's applications without a host computer. Though the CAN
Bus originated in the automotive industry, it is now utilized in many other products. CAN
Busses are now common in both industrial and automotive applications and can even
be found in 3D printers.

Automotive-specific Bus Communications

In contrast, other protocols utilized in vehicles, such as the Media Object Server
Transport (MOST) protocol, can be very specific to the automotive industry. The ECUs
in modern vehicles control nearly all functions, including engine control, electronic fuel
injection (EFI), anti-lock braking system, transmission, door locks, window operation,
and more. Systems such as the Local Interconnect Network (LIN Bus) protocol, and the
MOST protocol, are specific to the automotive industry. A person new to this realm
would have to dive in and learn these protocols.

UDS protocol
An especially important protocol to learn is the Unified Diagnostic Services (UDS)
protocol, which is used in ECUs within automotive electronics and is specified in ISO
14229. It is an international standard protocol, not company-specific. It is used in all
new ECUs made by Tier 1 OEMs and is incorporated into other standards, such as
AUTOSAR.

You must really dive into the fine details and understand these protocols from the
bottom up to learn how to break them. For example, a lot of people have broken the
UDS Security Access Service Identifier (0x27) because it's not as secure as the Service
Identifier (0x29), which updated the standard in 2020 and enabled more modern
methods of authentication, including bidirectional authentication with PKI-based
Certificate Exchange. That's an example of the level of detail and the kind of things that
you need to understand.
Crossover skills and technologies
Automotive Ethernet
The electronics in a car can be categorized as either electrical, mechanical, or
computer controls. They interact with each other, but typically they each have
independent computer systems. As vehicle systems become more connected, they
become more complex.

As the automotive industry moves toward implementing an automotive ethernet, the

lines between automotive-specific systems and computer network systems are going to
get blurred a little bit. People already understand the kind of ethernet used in a home or
office. But in a car, it is a priority for systems to be optimized to save weight and to be
deterministic by utilizing Time Sensitive Networking (TSN) to achieve the time-sensitive
transmission of data over deterministic Ethernet networks.

Automotive ethernet cable is physically different. It is a single unshielded copper

twisted pair, making it low in weight and cost less to manufacture than traditional
ethernet cable. Unlike standard ethernet, which contains two twisted pairs of dedicated
wires, one for transmission and the other for the reception, automotive ethernet has a
single twisted pair that is used for both transmit and receive operations at the same
time. In automotive ethernet, both ends of the connection must employ a hybrid
transceiver that is capable of distinguishing between what it is being sent versus what it
is receiving. But the automotive ethernet system is still sending packets across, using
the same protocols. Given the increasing bandwidth needs of today’s connected
systems and the fact that modern complex wiring harnesses can account for up to 1/3
of the price of a new car and over 130 pounds of its weight. Thus, being able to reduce
the number of wires in a vehicle is an improvement that is well worth pursuing.

Traditional networking skills

This demonstrates how the lines are blurring, where some skills will play a role in both
the traditional networking realm and in the automotive networking space. There are
already people who understand networking, from their experience connecting to
servers and hacking and breaking those systems. They are going to find that their skills
are becoming more useful in the automotive space.

Several Infotainment systems in vehicles run Linux operating systems. These are
operating systems that folks have been hacking and breaking for many years, with a lot
of the servers running Linux. These are skill sets that people can use to start cracking
and hacking automotive spaces.

An understanding of hardware
Automotive systems are becoming less unique. Bluetooth, USB, WiFi... these are all
standard protocols that a lot of people have used for different applications. For a
vehicle, you might say that we're blurring a fine line between automotive systems and
standard computer systems.

If a bad guy wanted to break into ECUs or IoT devices, they would need to understand
the system and possess the skills for studying hardware, as they function like an
analyzer to capture that data to see if they can break it. That is a hardware level of
understanding that a lot of people just don't have. They can be familiar with the
protocols, hacking the protocols to try to break into the system, but unless they have a
hardware engineer’s level of knowledge, somebody that really understands electrical
engineering, they really don't understand how the hardware works.
At LHP, we are focusing on the embedded-side devices, hardware security, and
understanding how to make sure that if somebody does break into these devices,
they're not pulling secrets out. These specialized ECU or ECM domain controllers are
protected. And some of those security protections may not exist in the IT world. So, we
place limitations at the hardware level, and we try to make sure that these security
mechanisms get turned on properly, and that they're running and put in place.

If you think about a server, it could consist of a big computer running several
processors, and it may have a Hardware Security Module (HSM). But, HSMs are now
starting to show up in some vehicle ECUs and domain controllers as well. There can be
a lot of HSMs, or sometimes there aren’t any. How can this device be secured if it
doesn't have a good, secure enclave for storage? You have to understand how to
implement that, too.

(https://www.lhpes.com/cs/c/?cta_guid=38d383af-e8bb-4be7-a48a-
c73e337239a7&signature=AAH58kFKNh4gIorbNumG-
GmcojkEJ6JjoQ&pageId=81546602317&placement_guid=9c811acf-510f-4773-ae01-
7b9cbb81b3fe&click=c5d8b095-d84c-403e-96cf-
142ac4f36ba5&hsutk=15108e2c161789d9ed496f1141bee07e&canon=https%3A%2F%
2Fwww.lhpes.com%2Fblog%2Fwhat-are-the-cybersecurity-challenges-for-connected-
and-autonomous-
vehicles&portal_id=2512687&redirect_url=APefjpEorqXpJyPdfLUBhWX1KOofggpQt_U
6K9qBaUIBBx4zu8TkyWo1Xka5o3mZuUr8BazNrOQaGlbIwhZi6vBhVHVO9C1w3U1a
YZFqx8mziDkXAvs_UfKt3QLeOsSI5IjN0uOmEd3-pErlKeMZToV3U-
xUm1h62cMlb8jb7rJbGrYzDnXFN_LTwf7Xb7WBa9OcP4qtwrjjNgrk-
8Iy7HOhz3til4XGI9qA9fAje7Byi-
EyIAN0oas&__hstc=182015288.15108e2c161789d9ed496f1141bee07e.16671977367
30.1667197736730.1667197736730.1&__hssc=182015288.1.1667197736731&__hsfp
=391301723&contentType=blog-post)

More threats at an increased tempo

Vulnerabilities are now coming left and right, making cybersecurity considerations
something that can no longer be ignored. We are seeing a greatly increased interest in
automotive cybersecurity (/blog/what-is-automotive-cybersecurity), and likewise an
increased effort around breaking everything in it. Twenty years ago, only a few people
tried to hack anything. Today, hacking is a widely popular activity, and the people doing
it are motivated, enthusiastic, smart, and skilled. Hackers want to test and break
everything. They want to break it all. This is the reality that we now live in.

Defense in depth
Defense in depth is a frequent topic of cybersecurity conversations. Simply put,
defense in depth is where we try to aggravate the attacker with multiple levels of
defense, to get him to the point where he just finally gives up in frustration. We know
that no matter what we do, a determined person can hack into these systems and crack
them open if they devote enough time and resources to the task. We want to make it so
painful and unprofitable both financially and motivationally, that they just finally decide
that they are not going to put any more time or effort into it. We want them to give up
and go investigate something else that is much easier and more rewarding to get to.
That is a legitimate security strategy because no product can be guaranteed secure
100%.
 Interested in learning more about cybersecurity for your
organization? Contact our team today!
CONTACT US (https://www.lhpes.com/cs/c/?cta_guid=54084e8e-53be-4fb8-afb6-d434f371230c&signature=AAH58kEqeRNWSlwBJEC8NGuvd2NsR-d5W
4ba5-8b6d-433dc5d14e21&click=91491a2d-953d-43e7-981e-b681592c018b&hsutk=15108e2c161789d9ed496f1141bee07e&canon=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Fw
challenges-for-connected-and-autonomous-vehicles&portal_id=2512687&redirect_url=APefjpEs_Ebo3pjDRMy3CSPFzoiW1Y6f28pcfd7TmvrMChSrKa
3nQTqz6InNVOxnqcfazN1aU&__hstc=182015288.15108e2c161789d9ed496f1141bee07e.1667197736730.1667197736730.1667197736730.1&__hssc=1820152
post)

Further reading and references

Why is Cybersecurity Important for Autonomous Vehicles?
(https://www.lhpes.com/blog/why-is-cybersecurity-important-for-autonomous-vehicles)

What Can Be Done to Secure Autonomous Vehicles from Cyber Attacks? (/blog/what-
can-be-done-to-secure-autonomous-vehicles-from-cyber-attacks)

Written by Kelly Stephenson

(https://www.lhpes.com/blog/author/kelly-
stephenson)
Kelly joined LHP in 2022 as a Solutions Architect in Cyber Security and brings over 30
years of engineering experience in automotive and industrial IoT products. Kelly is an
innovative security engineer with extensive cyber security and software development
experience within automotive design markets. Kelly has experience incorporating
cybersecurity standards and processes such as ISO 21434 and UNCECE requirements
into all systems to help ensure safety and security of all designs. Kelly has worked with
organizations such as Toyota Industrial, Ford, Cummins, John Deere, Vantage Mobility
and Xalt to provide various solutions. At Ford, Kelly worked with the Connected Mobility
In-Vehicle Cyber Security team and created threat models and security requirements
for Driver Assisted System (DAT) modules as well as created and managed the Core
Automotive Ethernet and Operating Systems security requirements for the newest
technologies at Ford.. At Toyota Industrial, Kelly was the lead cyber security engineer
that provided the guidance for the organization on the adoption of cyber security
practices from the business, development, and production domains of the organization.
Kelly was also instrumental in creating secure connectivity, secure boot, and performing
a full Risk Management assessment using the Octave Allegro Risk Management
Framework. At John Deere, Kelly created Certificate Policies and Third-Party Supplier
agreements. He also provided additional guidance on certificate handling within the
embedded controllers. At Cummins, Kelly implemented support for Automotive Ethernet
technologies like XCP within the ECU’s, created Automotive Ethernet topologies for
complex product solutions that included fail-safe redundancies. At Xalt, Kelly lead the
development team in SafeRTOS implementation for their Battery Management System
as well as thorough hardware penetration and vulnerability assessment. Kelly has
received his Bachelor of Science degree in Computer & Information Technology from
Purdue University and his Master of Science in Cyber Security from Valparaiso
University where his thesis was Battery Management System Hardware Vulnerabilities.
He currently has active certifications in Certified Automotive Cybersecurity Professional
from SGS-TUV Saar, CERT Secure Coding in C and C++ from Carnegie Mellon
University and Security+ from CompTIA. Kelly has also received two patent awards
which are a Proximity Warning System for Parked Vehicles Patent 10,850,665 B1,
December 1, 2020 and Variable Travel Valve Apparatus for an Internal Combustion
Engine Patent 8,528,511, September 10, 2013.

(https://www.linkedin.com/in/kelly-stephenson-embedded-security/)

PREVIOUS POST (/BLOG/WHAT-CAN-BE-DONE-TO- NEXT POST (/BLOG/HOW-IS-AUTOMOTIVE-

SECURE-AUTONOMOUS-VEHICLES-FROM-CYBER- CYBERSECURITY-CONTROLLED)
ATTACKS)
 (/bl /h i t ti b it
What Can Be Done to Secure How is Automotive
Autonomous Vehicles from Cybersecurity Controlled?
Cyber Attacks? (/blog/what- (/blog/how-is-automotive-
can-be-done-to-secure- cybersecurity-controlled)
autonomous-vehicles-from-
cyber-attacks)

Subscribe to the Blog

EMAIL*

LHP BLOG EMAIL SUBSCRIPTION

DAILY

WEEKLY

MONTHLY

SUBSCRIBE

FIRST NAME*

LAST NAME

EMAIL*

WEBSITE

COMMENT*

protected by reCAPTCHA
Privacy - Terms

SUBMIT COMMENT

About Us LHP Inc.

About LHP Engineering Consulting (https://www.lhpes.com/functional-safety-consulting)
(https://www.lhpes.com/about-us)
LHP Analytics & IoT (https://lhpiot.com/?
Careers __hstc=182015288.15108e2c161789d9ed496f1141bee07e.1667197736730.1667197736730.1667
(https://www.lhpes.com/careers)
LER TechForce (https://www.lertechforce.com/?
Contact __hstc=182015288.15108e2c161789d9ed496f1141bee07e.1667197736730.1667197736730.1667
(https://www.lhpes.com/contact)
LHPU (https://lhpu.com/)
Resources
LHP Europe (https://lhpeurope.com/)
(https://www.lhpes.com/resource)

Blog (https://www.lhpes.com/blog)

Solutions Now Hiring

Engineers
ADAS HIL System
(https://www.lhpes.com/adas-hil-
Join the LHP Team
system)
We are seeking engineers to grow
FMEDA Analysis Tool the autonomous and electrification
landscape.
(https://www.lhpes.com/fmeda-
analysis-tool) Available Job Openings →
(https://www.lhpes.com/careers)
Functional Safety Accelerator
(https://www.lhpes.com/functional-
safety-accelerator)

LHP Link
(https://www.lhpes.com/lhp-link)

Training
(https://www.lhpes.com/advanced-
engineering-training)

(https://www.facebook.com/lhpes/)
(https://twitter.com/lhpes)
(https://www.linkedin.com/company/44600/)
(https://www.youtube.com/channel/UCYV3ztYDarVZRY3d2ZMn4ew)

Copyright © 2022 LHP, Inc.

Notice of Filin…

Legal Terms (…

Contact Us (ht…

Shop (https://s…