The software operating a new car often has a hundred million lines of code – more than a modern fighter jet, or jumbo airliner - spread among 100 or more processors, making the threat surface and number of potential vulnerabilities vast.
With growing technology, there is a growing need to assess vehicle to vehicle communication (V2V), as well as vehicle to infrastructure communication (V2I), in order to improve the cybersecurity we put behind them.
Why V2V and V2I Communications?
The primary objective behind V2V and V2I is to reduce accidents and fatalities. How so? Because in just one year, there is an average of:
- Over 3 trillion US vehicles miles/year
- Over 6 million crashes
- Over 35,000 road deaths
- Over 3 million injuries
What are some Connected Car Use Cases?
Red light violation warningEmergency brake light warningEco driving
| V2I Safety | V2V Safety | Convenience |
| Curve speed warning | Forward collision warning | Smart cities |
| Spot weather | Red light violation | Parking information |
| Work zone safety | Slow traffic ahead | Truck platooning |
| Bridge height | Aggressive driver warning | Speed harmonization |
| Pedestrian in crosswalk | Emergency vehicle notification | Queue warning |
| Stop sign gap assist | Road hazard detection | Insurance pricing |
Why is it important to properly secure the connected car?
Quite simply, cars carrying so much data can become an instant threat to attacks such as thefts, terrorism, revenge, mischief, extortion, insurance fraud, IP theft, and stalking.
What are the biggest variables of V2V security?
#1: Messages must be secure
This is where authentication, integrity, availability, and timeliness come into play.
#2:The system must provide anonymity
Individual messages don’t give away identity. A set of messages cannot be determined (by their contents alone) to have come from the same origin. However, there is no anonymity requirement for public safety vehicles.
#3: Must be able to remove bad actors
Vehicles that are determined to be transmitting unreliable or false data need to be automatically and instantly removed from the system.
