Autonomous driving took center stage at the Auto.AI Europe conference in Berlin, as experts within the automation landscape spoke on the technology’s potential as a game-changer in the future of mobility. Stephen Janouch, senior manager of business development at Green Hills Software, delineated the importance of security in automotive systems as vehicles become increasingly self-reliant.
“Automotive security is like the dirty laundry you have in your basement. You hope someone else is taking care of it, but at the end of the day, you may need to take a look at it yourself,” said Janouch. “And it is important to know the difference between safety and security. Safety on one side is making sure that the system is behaving according to what you want it to do. Security is about making sure that no human can harm the machine and make it do something you didn’t tell the machine to do.”
Janouch pointed out that if an autonomous vehicle is not secure, it cannot be 100% safe. Security is a complicated issue, as the processes to make a vehicle secure are never-ending, and require companies to stay ahead of hackers by constantly updating their security policies and testing their vehicle software for chinks in their armor that may not be apparent.
Prevention, Janouch contended, is about companies approaching security from an “inside-out” perspective. “We propose that you start from the lowest level of a system – the hardware and operating system – and then work your way upwards and apply security measures on each level,” Janouch.
The complexities around connected vehicles that are in service today make it an uphill task for companies to make them hack-proof, with Janouch pointing out the futility in trying to build firewalls around them. “Where could you actually build your firewall around the system? What does a system mean, is it just the vehicle?” he asked.
To reduce security threats and vulnerabilities around a vehicle, it is critical to cut down the complexities behind software systems running the vehicle. The problem mushrooms out from the way the code is written. Janouch spoke of a situation he had encountered, in which a client building a vehicle camera system approached his company with issues revolving around a staggeringly long software code.
“He gave us a video driver with 250,000 lines of code. The supplier probably brought it down to 50,000 lines of code, hoping that could be sufficient. In the end, we rewrote the driver to nearly 100% of the functionality with everything vital for the operation of the system, and brought the length down to 900 lines of code,” said Janouch.
Reducing the absolute length of code is essential, as the longer it gets, the higher the probability of security concerns creeping in. “Typically, every 1,000 lines of code could end up with two defects. Though that doesn’t sound like a whole lot, a high-end car will have about 100 million lines of code, and that would mean around 200,000 defects in the software. Hopefully, none of it is really affecting safety, but it still is a lot,” said Janouch.
To make systems more hacker-proof, it will be prudent to identify critical parts of system code, separate them from untrusted code and auxiliary system code, and apply strict access control to the critical systems. This is akin to getting access to an office building. Though nearly all would have access to the building’s main entry door, only certain people would have access to separate floors within the building.
“Communication needs to be separated as well. You want to make sure that information transferred from a signal that directly affects the system’s vital behavior is not affected when someone does a download,” said Janouch. “The key thing here is the operating system, which is the lowest level of software and practically the last line of defense against anyone trying to hack the software.”
Ultimately, security is a never-ending process and automobile software developers will have to comprehensively plan for security firewalls right from the vehicle’s inception and not wait until the vehicle functionalities are fully developed – as it is somewhere between “very difficult and impossible” to add security at the later stages of the development process.