With self-driving and connected ‘smart’ vehicles transporting more and more people and cargo, their security and safety are increasingly a concern. CARAMEL proposes vehicle cybersecurity that is a risk-aware, process-driven, end-to-end solution, from design to operation.

Security

While advances in connectivity and artificial intelligence have resulted in many smart features within modern road vehicles, they have also spawned sophisticated cybercrimes which exploit security loopholes. At the extreme, poor cybersecurity jeopardises the safety of passengers, pedestrians, other vehicles and critical infrastructure. More commonly, it results in vehicle theft or sensitive data leaks. “Vehicles are increasingly becoming ‘data centres on wheels’, making them vulnerable to attack. If safer, smarter and greener vehicles are to be accepted, they have to be trusted, making cybersecurity paramount,” remarks Jordi Guijarro Olivares, coordinator of the CARAMEL project. The EU-funded project, coordinated by the i2CAT Foundation, developed mitigation strategies for key security vulnerabilities in four priority operational areas. “Our ‘Cooperative Situational Awareness’ system advances cybersecurity beyond simply firefighting the latest cyberattack, towards a more unified approach to protection, using vehicle sensors to build resilience,” explains Peter Hofmann, technical coordinator of the CARAMEL project.

Four cybersecurity pillars

CARAMEL’s approach was to introduce cybersecurity technologies within both vehicles and the back-end infrastructure, supported by four pillars. The first three were tested at Panasonic’s premises earlier this year. Pillar 1, Autonomous Mobility, introduced machine learning (ML) techniques to detect radio interface and sensor threats, to protect vehicles’ autonomous functionalities – such as scene recognition – alongside their onboard sensors (cameras, lidar, GPS etc.). The project also developed a new anti-hacking device, as part of the onboard control unit, able to send onboard data analytics for further processing or visualisation. ML training and validation used both simulation and real data sets, from public sources alongside those supplied by partners. “The final demo outperformed expectations, proving robust against a wide range of attacks and levels of severity. Our anti-hacking device successfully detected attacks against sensors, such as location spoofing and traffic sign anomalies, improving situational awareness of the vehicle,” adds Olivares. Pillar 2, Connected Mobility, focused on attack detection for connected vehicles. The team implemented vehicle-to-everything (V2X) protocols that enabled communication between vehicles, and with roadside communication units. Alongside this, CARAMEL developed a collaborative solution, where vehicles work together to identify GPS spoofing attacks, activating advanced privacy capabilities in response. Pillar 2 also delivered an architecture that connected vehicle alarms to servers in the cloud. When triggered by attacks, these also prompt security protocols or monitor activity. Pillar 3, Electromobility, developed cloud-based AI detection engines to remotely detect cyberattacks on charging stations, by detecting anomalies in communication between a station and its remote back office. “Many charging stations have outdated hardware or software, so don’t meet the latest security standards. We found that applying statistical techniques like Pearson correlation and random forest significantly reduced the complexity of the ML models needed to detect anomalies and protect them,” says Petros Kapsalas, trials lead of the CARAMEL project. Pillar 4, Remote Control Vehicle, is still under development by the project’s South Korean partners, who have another year of funding remaining. This team is working to design the necessary data processing architecture and threat detection solution to make 5G remote control vehicles safer.

Next-generation cybersecurity

As transportation is part of Europe’s critical infrastructure, it is earmarked for special protection in times of crisis and is considered a central pillar of the European cybersecurity strategy. According to Guijarro, “CARAMEL’s results are a springboard to next-generation cybersecurity for autonomous, connected and electromobility vehicles. But for European players to take advantage, industry and policy fragmentation would first have to be addressed.”

Keywords

CARAMEL, security, smart, self-driving, connected, cybersecurity, artificial intelligence, machine learning, cybercrime, data, 5G