AI In Automotive Cybersecurity

The rise of artificial intelligence is signaling disruption in the technology industry. The likes of Microsoft, Google, and OpenAI are spearheading fierce competition to create the most advanced artificial intelligence aimed at improving the way we interact with technology. While intelligent language models like ChatGPT are already fascinating people with their abilities to deliver answers to given prompts, AI technologies currently available to the public are just the tip of the iceberg. In the automotive industry, artificial intelligence can streamline operations and improve efficiency throughout the supply chain. Utilization of artificial intelligence in the automotive cybersecurity sector can especially benefit threat detection and response.

The Need for Strengthened Vehicle Cybersecurity

Several decades ago vehicle security would entail door locks, car alarms, and airbags. While the same is still true, cybersecurity is becoming an essential part of automotive security. Ensuring full protection now includes shielding the vehicle from internal system malfunctions as well as external cyber threats. However, as cars turn more software-driven and connected, vehicle security is becoming increasingly complex.

A modern-day car contains multiple electronic control units (ECUs) responsible for in-vehicle electronic systems that regulate and perform various functions ranging from essential tasks like steering and engine control to more mundane ones like unlocking doors and rolling down windows. The number of ECUs in a given vehicle depends on the quantity and complexity of vehicle features. For instance, a contemporary luxury car can have up to 150 ECUs, and the number may continue growing if new functionalities and sub-systems are added. These ECUs communicate with different parts of the vehicle and other ECUs to keep the vehicle running. Each of these ECUs and their communication nodes must be secured to protect the vehicle from cyber threats.

Limitations of Conventional Automotive Cybersecurity

Keyless car theft, infotainment system attacks, malware, conventional automotive cybersecurity software is built to protect against these and many other known threats. Cybersecurity companies employ ethical hacking methods to ensure the timely discovery of system loopholes. In ethical hacking, white hat hackers are responsible for hacking vehicle systems to find weaknesses in the software and report it to the cybersecurity software developers, who then implement appropriate security measures.

The complex system architecture of modern vehicles contains dozens of ECUs and millions of code lines, all of which can be potentially exploited by malicious actors. Manually searching for vulnerabilities in these vehicles is like looking for a needle in a haystack. As vehicle systems get more complex securing them will become even harder. While ethical hacking helps companies develop resilient security measures against cyber attacks, this ad hoc approach to cybersecurity has its limitations.

The biggest challenge in automotive cybersecurity is protecting the vehicle from unprecedented danger, also known as a zero-day attack. These attacks exploit previously undiscovered vulnerabilities in vehicle systems to install malware or tamper with the vehicle. Protection against zero-day attacks necessitates a more sophisticated approach to automotive cybersecurity, which is where AI comes in.

The Potential of AI/ML-powered Cybersecurity

AI/ML-based systems analyze, classify, and train on large amounts of data to self-improve and make independent decisions down the road. When applied in automotive cybersecurity, machine learning algorithms can be implemented in the security software to learn common patterns of vehicle operations. A trained model will then be able to distinguish anomalies that fall beyond the scope of ordinary vehicle signals. If malicious behavior is detected the cybersecurity software will send alerts and shield the vehicle from danger. Even if a malicious actor exploits a previously unidentified vulnerability, an AI-powered anomaly detection model will be able to detect intrusions and prevent them.

A car’s digital communications are simple and more predictable than that of a typical computer network. Since signals exchanged during normal vehicle operations often follow fixed patterns, determining an anomalous signal is not very difficult. Therefore, employing unsupervised machine learning in cybersecurity is feasible. For instance, imagine a car driving on the highway at cruising speed that suddenly receives a breaking signal requesting to stop the car in the middle of the road. An AI-powered security software will be able to differentiate this unusual command from a common driving pattern. The system will then block the anomalous signal and send it over to the security experts for further action.

While perfecting a fully AI-based cybersecurity software may take years, some companies are already leveraging the power of machine learning in their solutions. One example is AutoCrypt Security Fuzzer, which is an automated testing solution that employs an AI-based algorithm to input semi-random test cases into selected systems to reveal errors in vehicle software. The solution essentially causes intentional crashes in the system to expose software vulnerabilities that need to be addressed. An AI-based security fuzzer greatly reduces testing time, streamlining the ad hoc approach to cybersecurity implementation.

Due to the self-improving nature of artificial intelligence, the potential of AI in automotive cybersecurity is limitless. The speed of developments in the automotive sector requires cybersecurity measures that are just as agile. Leveraging artificial intelligence in vehicle cybersecurity will help address the risks of zero-day attacks and mitigate threats in a timely and efficient manner.

To stay informed and updated on the latest news about AUTOCRYPT and automotive cybersecurity, subscribe to AUTOCRYPT’s official newsletter.

AUTOCRYPT Secures First-Place Win in 2021 Cyber Security Challenge

SEOUL, KOREA, Dec. 27, 2021 — Autonomous driving security leader AUTOCRYPT procured its first-place win in both the Offensive and Defensive categories for 2021’s “Cyber Security Challenge,” hosted by the Ministry of Science and ICT. The award for the win is a 1.6 billion KRW grant, roughly 1.35 million USD, which will be distributed over the next two years.  

The competition was held with the goal to enhance technological competition, revitalizing research and development in the field of autonomous driving security. The Ministry of Science and ICT provided a vehicle system equipped with Automotive Grade Linux (AGL), and teams were assigned to analyze the system’s vulnerabilities. Teams utilized both offensive and defensive methods for the vehicle’s infotainment system, the common attack path for in-vehicle attacks. AUTOCRYPT’s Red Team, led by Dr. Jong-Hyuk Song placed first in both Offensive and Defensive categories, with the latter win scoring 25 points over the second-place winner.  

cyber security challenge red team group

In the Offensive category, AUTOCRYPT used fuzzing test techniques to assess vulnerabilities, testing the target’s reaction to invalid/random data. The team also successfully used vulnerability scanning to uncover major issues, simulating offensive attacks to take control of the vehicle. For the Defensive category, the team was able to utilize AUTOCRYPT’s in-vehicle security solution, AutoCrypt® IVS, and its machine learning-powered AI engine to respond to various hacking tactics. AutoCrypt® IVS is the primary solution used to comply with the UNECE WP.29’s regulations for vehicular cybersecurity.  

CEO and co-Founder Daniel ES Kim said, “Vehicle attacks are a matter of life or death for drivers, passengers, and those in the surrounding environment of the vehicle. In 2022, automotive security will no longer be optional, but a necessity worldwide. Our goal is to ensure that these security solutions are widely available and that we utilize the grant from this competition to make certain that the utmost safety and trust in autonomous driving can be secured in all vehicles.” 

The company’s offerings have been in high demand due to the impending deadline for the WP.29 regulations. Clients and partners feature some of the world’s top 10 OEMs and Tier-1 suppliers. Additionally, AUTOCRYPT’s Series B funding round is already underway, expanding its reach to North America and Europe and opening doors to global investors.