Sandip Ray Leads $500k Project to Raise Awareness of Automotive Security Risks

Dr. Sandip Ray

Imagine: your car starts behaving strangely while driving. The engine stalls or the car starts veering to one side. It’s likely you’d suspect that something is amiss in the engine, or transmission, or the steering mechanism. Less likely is that you think, “My car has been hacked.” In fact, most of us rarely think of our vehicles as potential targets of hacking despite the fact that vehicles today really are computers on wheels. Modern cars have hundreds of computing elements, a large number of sensors, several miles of cable, and are running several hundred Megabytes of code. Recent work has shown that hacking into a car—whether for purposes of theft or the remote control of driving functionality—is depressingly easy. However, according to ECE Professor Sandip Ray, the broader cybersecurity community is still not fully aware of the enormity of the cybersecurity risks posed by vehicles.

Raising Awareness

Dr. Ray’s team in the Warren B. Nelms Institute for the Connected World specifically targets the problem of the lack of awareness of security risks to automotive systems. Along with collaborators Dr. Janise McNair and Dr. Swarup Bhunia (both of ECE) and Dr. Wanli Xing from the UF Department of Education, Dr. Ray is leading a $500k project supported by the Secure and Trustworthy Cyberspace (SaTC) program at the National Science Foundation. The focus of “An Integrative Hands-on Approach to Vehicular Security Education” is to develop technology and materials to help the broader community comprehend the cybersecurity challenges in autonomous vehicles. Attack targets on autonomous vehicles are diverse and numerous, and include: sensors, hardware, software, vision, and ML components. A key aspect of the project will be the development of a variety of exploration platforms and self-paced training modules to help the community (safely) explore how hackers can get into vehicles, and comprehend how to employ cybersecurity defenses to protect vehicles against those attacks.

Video Capture from “Exploration of Machine Learning Attacks in Automotive Systems Using Physical, MixedReality Platforms”

Workforce Development

In addition to creating awareness of the overall cybersecurity problem, an explicit goal of the project is the development of a workforce trained in the area of cybersecurity for autonomous vehicles. Given the current dearth of personnel with the relevant skills, security assurance is generally performed ad hoc by pulling together disparate teams with different skillsets. Vehicular design engineers with a good understanding of the platform perform security validation in consultation with traditional hardware security teams. In this scenario, however, anomalous cases or data tend to be missed, resulting in vulnerabilities discovered in the field. These vulnerabilities are then in turn patched quickly with a variety of workarounds (e.g., functionality reduction and point-fixes), which themselves may lead to further vulnerabilities. Given the critical nature of the transportation infrastructure, this lack of systematic attention to cybersecurity begins to be a national security problem. The project will address this by creating a cohort of highly skilled leaders well-versed in the principles and nuances of vehicular security.

Cybersecurity issues are going to worsen as we add more electronics, autonomy, and smartness to vehicles, as they provide more opportunities for hackers to break into the system. Clearly, our ability to safely deploy autonomous vehicles on road critically depends on our ability to combat this challenge.