The Dedicated Short Range Communications (DSRC) standard is being developed to meet the emerging needs of our increasingly interconnected transportation systems. The Federal Communications Commission has dedicated spectrum for Intelligent Transportation Systems, and the Transportation Department is spearheading development of DSRC to support operational communications among vehicles and with the transportation infrastructure.
But one researcher warns that more thought must be given to security before the standard is widely deployed in our automobiles and trucks, and is calling for development an industry security framework.
“Empirical security research already shows the general lack of security in vehicles,” Alex Kreilein, a managing partner of the security services firm SecureSet, writes. “DSRC, as presently conceived, would make matters worse. The absence of security frameworks or a compliance regime risks life and safety.”
The problem is not that DSRC is bad. The problem is the assumptions that it will work as intended, that software and hardware implementations will be error-free, and that it will not be attacked. “The notion that DSRC will be vulnerability free is fanciful at best,” Kreilein writes. “Without a robust security architecture, DSRC will inevitably fall victim to intrusion by a malicious party.”
The threat is multiplied by the creation of a communications monoculture that could make many vehicles and systems vulnerable to a single exploit.
There is a great need for a secure communications standard for autos. Modern cars already contain hundreds of Electronic Control Units, which gather and transmit data for critical systems such as breaking and steering as well as for on-board infotainment systems. They use Controller Area Networks to communicate. These systems will increasingly be communicating with other vehicles and outside infrastructure, and playing a greater role in actually controlling vehicles. Reliability and security are essential to prevent a crash—both of computers and of vehicles.
Current security requirements for DSRC focus on cryptography, which Kreilein says is a necessary by insufficient element. “It lacks mitigations for the well documented tactics, techniques, and procedures used by attackers. The current standard lacks the common concept of defense-in-depth.” Automotive equipment manufacturers that produce the hundreds of components comprising both critical and non-critical systems need a common security architecture that separates and protects both critical and non-critical segments.
Kreilein proposes a system of self-regulation much like the Payment Card Industry Data Security Standards that would include binding contracts that could be enforced by the Federal Trade Commission. The standards would not have to be created from scratch; Kreilein notes that researchers already have tackled many of the challenges of developing security frameworks, but that the work has not been integrated into DSRC.
Existing vulnerabilities in automotive electronics and recent experiences with hackers turning the embedded technology of the Internet of Things against us demonstrate the necessity of building security into our smart, interconnected and increasingly automated transportation systems. The integration of networked electronics into our vehicles is already under way, but we are still early enough in the process that there is time to standardize on a secure platform.
Kreilein points out that DSRC is only one of the attack surfaces in modern vehicles and that protecting it will not guarantee overall security. But it is essential that our vehicles’ communications protocols be secure. Whether this proposal is the best way to do it is open to debate, but it is an issue that should be addressed as early as possible to ensure the safety and reliability of our next generation of automobiles.