Theme 1 – Cybersecurity: risk analysis and dependability

One of the main objectives of this research theme is to analyze and formalize the risk of cyber attacks on a connected vehicle (embedded system), together with that of its infrastructure (off-board system), in order to arrive at the definition of a risk analysis method appropriate in the case of supported use. The source of threats must be identified, from the exchanges relating to the various application messages sent and received (CAM, DENM, etc.), from the embedded system and from driver behavior (poor practices, intentional or not). Risk analysis leads to the definition of the counter-measures needed to minimize the impact of these threats, should they materialize. This formalization requires an understanding of current attacks and detailed modeling of potential attack scenarios, depending on the vehicles’ architecture, their communication infrastructure, interactions and purpose. In particular, it is critical to examine attacks jeopardizing a vehicle’s operational safety and therefore the safety of its passengers.

Proposing solutions for “cyber protection/defense” represents a second set of objectives. Intrusion and misbehavior detection mechanisms enable the level of risk to be estimated and possibly also the vehicle’s driver or computer to be alerted, so that they can act quickly. In addition, these safety solutions entail further processing which must not be allowed to distort the initial semantics of critical vehicle processes.

Theme 2 – Protection of data and data flow in real time, cryptography and agility

This research theme aims to take into account vehicles’ significant constraints (computational power, energy, execution time, memory, etc.) as well as the performance requirements which are the remit of cryptographic algorithms and safety protocols, by virtue of specifications relating to the vehicle and end-to-end service quality in the supported applications.

We will focus on the following aspects:

  • Light and robust cryptography: The processing power available in certain computers is not necessarily sufficient to execute the larger algorithms. Algorithms that are light (in terms of computing power and time) yet robust therefore need to be used.
  • Real-time cryptography: Some of the flows to be protected are constrained by real-time factors, which also need to be taken into account.
  • Agile cryptography: Flaws may be discovered in a cryptographic algorithm or safety protocol which make them vulnerable to attacks. In that case, the algorithm or protocol needs to be replaced by a more robust one. The current European standard sets both the algorithms (signature, ciphering) and their parameters (ECC curve, size of keys). As it would not be practical in that situation to recall all the cars using that standard to update the algorithms and parameters, agile cryptography standards need to be developed. These must allow for the possibility of updating the algorithms used when required; they must also provide update mechanisms that won’t interrupt vehicle operation or allow an adversary to take the opportunity of forcing an update with a weaker algorithm.

Theme 3 – Identity management, authentication

Modern vehicles contain multiple security locking systems linked both to the complexity of the embedded IT systems and to the problems arising from autonomous and connected cars.

The first challenge is to define identity management for large processing units that enables strong authentication for authorized entities.

Autonomous driving implies new risk management strategies for car manufacturers. In the absence of human decision-making, embedded IT systems mean that they become responsible for the vehicle being driven safely and in particular, for the protection of control data exchanged.

Secure interaction between passengers’ smartphones and the vehicle is another key challenge. Many manufacturers consider smartphones to be an entry point for services available in operational or maintenance mode.

Connected cars provide hackers with permanent access to the vehicles via the Internet. They also lead to the problem of how to protect personal data linked to the vehicle’s movements and also to interactions with road or urban infrastructure (smart city). It is becoming necessary to reconcile legal constraints, in consulting logs for example, with user privacy. These issues produce data confidentiality problems similar to the protecting privacy vs safeguarding data trade-off which can be found today in the Internet (Patriot Act in the US and others).

In summary, this theme includes research in an identity system, secure communications and secure storage, appropriate for the vehicle’s ecosystem.

Theme 4 – Resilience by design

The increasing automation-led complexity of vehicles to help or even replace the driver means that embedded systems are required to repel cyberattacks. Some of the cyber protection solutions can be based on detecting abnormal events such as intrusions or unauthorized actions. Even when the alert is lifted, there is no guarantee that the vehicle is in a sufficiently sound state to ensure a high level of safety. In that case, it may be preferable to stop the vehicle.

Resilience is a property that avoids a blocked situation and continues to guarantee the correct operation of a vehicle’s vital organs and therefore mobility. It requires a thorough preliminary study of vehicle architecture and infrastructure to fend off sophisticated attack scenarios and the various possible faults. This research theme can draw on fault-tolerant redundant systems, such as those found in avionics but that are more complex, due to the abundance of vehicle interfaces, the numerous attack pathways and the interactions between operational safety and security. Another area to explore is the reconfiguration of protection systems depending on the nature of the attacks. In this case too, solutions inspired by life sciences are currently being examined, for example by mimicking the capacity of the immune system to fight off an attack first generically (phagocytes) and then in a targeted manner (lymphocytes and anti-bodies).

Theme 5 – Personal data protection and connected vehicles (legal and societal aspects)

The convergence between the automobile industry, new technologies and the Internet of Things has led to connected vehicles receiving and sending significant amounts of data, including “personal data”. This is legally defined as any information concerning an individual, who is either identified or liable to be identified directly or indirectly. Increasingly numerous and varied players are collecting this data: car manufacturers, insurers, equipment manufacturers, maintenance centers, road traffic authorities now feature alongside the traditional players: telecom operators and online service providers.

In that regard, a balance needs to be struck between the creation and use of personal data, which have become necessary or desirable in light of the public interest on the one hand (road safety, traffic management, car-pooling, innovation arising from data generated, etc.) and the protection of citizens’ fundamental rights on the other, especially the right to protect personal data, the right to privacy and the right to freedom of movement. Although this issue is starting to be dealt with for geolocation data, very soon, the data collected will also relate to drivers (driving behavior, focus, vigilance, physiological state, including possibly health data) and to passengers.

The objective of this theme is to first map the personal data flows in the connected vehicle ecosystem.

This mapping will then help us identify risks linked to creating and using personal data.

Lastly, our research will contribute to providing answers with an integrated approach combining legal technical, societal and ethical elements, to take into account citizens’ expectations. It will focus specifically on a “user-centric” approach, which offers fully informed drivers the possibility of managing the movement of their own data by themselves.