Safely reaching the destination per convoy
Advanced wireless technologies make it possible for automobiles to connect with their surroundings, so that multiple vehicles can communicate with one another on the road, save energy, avoid traffic congestion and avoid dangerous traffic situations. While connecting vehicles offers many advantages, cyber security will nevertheless become a major challenge.
The increase in digital connectivity in the mobile sector creates new opportunities for unauthorized access to data and programs. This is why cyber criminals increasingly have their sights set on vehicles, for instance by controlling automobiles from a distance or crippling the engine and potentially causing extensive damage.
Connecting automobiles and other vehicles with one another via wireless technologies has many potential advantages. One example is truck platooning, which involves bringing several trucks together into a convoy. The leading truck dictates the speed while the others follow very closely behind with automatic cruise control. Thanks to the automated driving functions and communications with one another, the trucks can maintain a very close distance while driving. The result is a significant reduction in fuel consumption and CO2 emissions, the roads are utilized more efficiently and ultimately traffic congestion can be avoided.
The SPARTA project addresses the cybersecurity challenges associated with vehicle-to-vehicle connectivity. By hacking into the infrastructure or directly into the driving behavior of the trucks, a new dimension in cyber criminality would be reached, potentially leading to vehicle theft or false odometer readings. Worst case, external manipulation could create an accident, in which case the safety of all traffic participants is impacted.
The SPARTA project involves the cybersecurity of a platooning implementation for connected vehicles from start to finish, including design, safety verification and practical tests. The process begins with the design of cooperative, adaptive speed regulation components. In order to safeguard these components from security problems, scientists at the fortiss Safety and Security field of competence developed a formal framework for the computer-based security analysis. This framework permits the scientists to systematically analyze the security of the system during the design phase by using automated formal verification methods.
With this approach, fortiss is in a position to not only reproduce known hacking scenarios, but to identify new ones. Through practical experiments with the Rover demonstrator, the scientists can show that the attacks are not only theoretically possible, but can actually lead to real collisions. The fortiss experts then design countermeasures and illustrate their effectiveness with the help of a formal framework and practical experiments.
The SPARTA project demonstrates security verification for connected vehicles, from system design to practical testing. The introduction of a formal framework for the security verification illustrates how automated, formal verification tools can support security analyses. The tools supply proof of the security of systems based on precise mathematical models.
By carrying out the development from start to finish using a realistic example, the SPARTA project has demonstrated the practical utility of such methods. This opens up new ways to more comprehensively design security analyses for systems and to provide computer-based methods for system validation.
The project activities were carried out in close collaboration with Tecnalia, a center for applied research in Spain. The Tecnalia team specializes in the development and deployment of cyber security technologies with a special focus on advanced technologies for detecting cyber attacks in the industrial and health sectors.
Both Tecnalia and fortiss are partners in the European SPARTA project, which aims to build a European-wide competence network for cybersecurity. This framework allowed the Spanish research center and the Free State of Bavaria institute for software-intensive systems to bundle their complementary expertise in order to develop the aforementioned new methods for the continuous security analysis of systems and demonstrate their practical utility in a real demonstrator.