Is the Internet of Things (IoT) the Next Big Thing for transportation, or does it mean opening up your car or bus or train to hackers? Can a hacker detune your engine, suddenly reverse the action of your steering wheel, make the airbags deploy when you hit 110 kilometer per hour, reprogram your anti-lock brake system, or just disable the whole vehicle?
Without well thought-out security, IoT is worthless. At present, there are several different “standards” for IoT, so the concept does not yet really exist.
The problem with the Internet of Things: Complexity
The core problem is complexity. Any system as complex as the Internet is going to have unanticipated exploits, which is why desk-top systems need to get constantly updated. On a vehicle, malicious software can literally kill you.
Vehicle components (for example, engine control unit, door locks, air bags) are simple and contain relatively few lines of code. At this size it is feasible to use formal methods to mathematically prove that software correctly implements its specifications. With larger systems, this becomes impossible.
Some argue that we need IoT so that we can instantly upgrade software. A better approach may be to not let IoT touch the system in the first place; take the vehicle to the dealer if the upgrade is important. Even a benign upgrade can cause problems if the driver is unaware that her controls now behave differently.
The world’s militaries are actively working on cyber-warfare. The IoT may enable them to shut down an entire country’s transportation system.
The technical side of the Internet of Things
A modern automobile may have 50 or more microprocessors, with nobody in charge. Safety critical functions must be kept separate from infotainment items; ideally by keeping them on two physically separated wiring systems.
A commonly used system is the CAN bus, which replaces bulky wiring harnesses with four wires to all components: two signal lines, power and ground. Any component can put a message on the bus, perhaps at the same time, and a clever scheme arbitrates them according to priority.
The Internet has a similar architecture of nobody in charge, but it commonly has wireless links to remote sites. In either CAN bus or IoT, a component has the responsibility to read a message, authenticate it, and decide whether it is relevant.
The Internet of Things: Connectivity challenges
A vehicle needs to connect to the outside world for infotainment, navigation assistance, and communication with other vehicles and the infrastructure. This requires a strong firewall between outside connections and the vehicle control systems.
With automated driving, the current firewall between vehicle control and infotainment might be selectively reduced. If the CAN bus is broadcast, a following vehicle can detect braking before the brake lights go on. An external computer might control a platoon of vehicles at the level of taking over their accelerators, brakes and steering.
Access to vehicle control needs to be secure. Some vehicle designers advocate relying on a central computer that operates everything else.
Would security on a centralized system be better or worse? How can we have confidence that our wireless links do not expose vehicle control to hackers? Share your thoughts in the comment section.
Please note that this article expresses the opinions of the author and does not reflect the views of Move Forward.