13 April 2017
Secure Over-the-Air (OTA) software updates will be key to delivering the future promise of connected and autonomous cars, throughout the vehicle lifecycle. Arthur Taylor, CTO of Advanced Telematic Systems GmbH, is one of the world’s leading experts in secure automotive OTA technology. We caught up with him to find out more.
What are the key issues when it comes to ensuring the security of an OTA update solution?
When we consider the security of OTA solutions, we tend to think of three main aspects - a sound architectural design, a high-quality implementation of that design, and operational security in deployment. From an architectural point of view, the best OTA solutions have peer-reviewed security architectures; OTA solutions that depend solely on in-house security expertise are not able to take maximum advantage of the work going on in the community and in publicly funded security research into the topic of automotive cybersecurity.
In terms of implementation, we believe that transparency is key here. Implementations should at the very least be audited (both source code and production deployment) by independent third-parties on a regular basis, and the source code should in the best case be available for review by the customer themselves. The use of well-maintained open source components can be key here, increasing the likelihood that the code has been reviewed in depth by multiple people, and giving the customer ultimate transparency of implementation.
When it comes to security in deployment, a rigorous approach to identity and access management, for software and update metadata signing, for device and user authentication, and for operational staff administering the systems, is critical. Finally, robust process for disclosure and resolution of reported security issues in the OTA solution should be in place - this should be a core element of the security posture of any credible OTA solution vendor.
What is Uptane and why is it important?
Uptane is a research project carried out in 2016 by NYU, UMich and SWrI in the United States, funded by the US Department of Homeland Security. It builds on existing research into secure software update systems (derived from the Tor Browser project), and extends an existing security framework (TUF) to address automotive threat models and use cases.
This work is important because it shines a bright light on what have previously been hidden processes inside OEMs and OTA vendors. The automotive industry has traditionally been very good at addressing safety issues in software systems, and there is extensive legislation and best-practise guidance on the topic of safety, but it has been slow to define and adopt standards in security.
Some manufacturers treat their security architectures as confidential trade secrets, in the hope that hiding the system architecture from attackers will protect the deployed systems from attack, but there is ample evidence from automotive security breaches in recent years (as well as from the long history of information security) that this approach is flawed. By creating an open, peer reviewed architecture for OTA that is already being adopted as a de facto standard in OTA security in the industry, Uptane has given manufacturers and regulators a tool that they can start to use to encourage better security practises for OTA within the industry.
You are firmly of the view that an open-source approach to security of SOTA platforms is the best way to protect connected vehicles. Why is that?
I certainly believe that open source systems offer adopters more confidence of their security than their proprietary equivalents. It is a well established principle the design of secure systems, that one should assume that your adversary will immediately gain full familiarity with them. One way to ensure that a system is not depending on security by obscurity is to publish the implementation for the world to review.
Aside from that, collaboration between software vendors and manufacturers to develop core, non-differentiating technologies in the open makes much more economic sense than tens of companies independently and secretly developing the same technology to solve a problem that doesn't intrinsically help car manufacturers to differentiate their products. That said, I do not believe that the deployment of SOTA, in and of itself, is enough to fully protect connected vehicles. Vehicles must include multiple independent security mechanisms - trusted hardware platforms, secure boot and secure software platforms, cryptographic key management, secure communications channels, runtime cybersecurity protections - and manufacturers must have a comprehensive approach to security throughout their entire organisation and the organisations of their suppliers.
A robust and secure SOTA platform can only help mitigate the impact of vulnerabilities in connected vehicle systems – it cannot prevent them existing in the first place, and it does not guarantee that a manufacturer is organisationally ready to respond to the challenges of modern automotive cybersecurity.
Author: Ian Dickie
15 March 2017
Mobility isn’t what it used to be. We are advancing various dimensions of the industry - technology, service and social norms around mobility. One of the most important changes that’s coming to the mobility industry, as in all others, is the importance of globalization and seamless usage to deliver a better, more efficient and convenient service.
There are already many Operators with various different models and in various different locations but the main problem is still for the End User to be able to book the nearest and most convenient vehicle. Operators still struggle to have enough vehicles, so that End Users find the service convenient enough to rely on it as their main source of transport. For those that are shared mobility clients, have to register to more than one Operator. But what happens when I travel? It gets worse. Registering in a new service, especially abroad is always cumbersome, time consuming and generally not successful or fast enough to be useful for that trip. Shared Mobility still isn’t a globally available service that we can rely on.
Mobility is becoming global. Users all over the globe are using, more and more services to access vehicles at their convenience and replacing ownership by service. But as it happened in the past with mobile phones, credit cards and even airlines, it is very difficult to search, book and pay for a shared vehicle, especially if you leave your home town. But nowadays everyone travels and expects their phone and their cards to work wherever they go, or book a flight in their favourite airline, independently of being in code share.
What if Users could use whatever car is most convenient, whether they are in their home city, visiting a city nearby or traveling abroad, using the same App from their preferred provider?
There are a hundred of thousands of sharable vehicles around the globe, belonging to carsharing operators, rent-a-car, companies or public organizations, that could be available to all End Users at a distance of a click. A global network of shared vehicles not only benefits the End User but also Operators as they will have a bigger client portfolio with less risk in growing. It will also help to provide Users with a shared mobility service that is reliable, more comfortable and efficient, turning it into a real alternative to other transportation providers. Having a strong network contributes to the growth of the entire market.
The importance of the network will grow further, as in all other industries. It will not only be a more efficient tool to deliver service to the End User but will help fleet owners to increase their client portfolio with lot less acquisition costs while enabling new players, that only own huge portfolio of clients, to enter the market as virtual operators.
What about market cannibalization and having the vehicles being used by Users from other operators? The market is still too small, so a competitive collaboration is much more healthy and beneficial to all the involved. As market grows (e.g. Berlin), End Users will always use the vehicle that is closest or more convenient to them. Operators lose clients everyday, every time a User as to use a car from another Operator. A Global network will strengthen the relationship User/Operator as the User will choose the provider that offers them the best service for they daily usage, while still remaining a Client, when using another operator’s vehicle.
The future of shared mobility is yet to be defined but it will most surely be Global.
Rui Avelãs is the Senior Vice President of Sale and Marketing at Mobiag. Mobiag develops intelligent solutions for car sharing and car rental operators, centrepiece of which is the global network of mobility businesses. You can learn more about Mobiag on www.mobiag.com
7 October 2016
Ah Paris! The world’s auto industry CEOs (with a few notable exceptions) converged on the city of light last week for the press days of the biennial Mondial de l'Automobile. There was all the usual glamour and razzmatazz of course. But did they drop any clues about how their plans for driverless cars are shaping up, and when we can expect to see product in the showrooms?
Here are a few of the more interesting things we heard in and around the Porte de Versailles this year.
Audi has joined Volvo in declaring that the OEM must take full responsibility for any collisions or even fatalities caused by the Level 3 autonomous driving technology that will debut in next year’s all-new A8 limousine.
Board Member for Sales and Marketing Dr. Dietmar Voggenreiter said the company’s first “hands-off, eyes-off” L3 autonomous production car – the 2017 A8 – will be “almost infallible”.
“Next year we will open up the world of autonomous driving in a real way, with the new A8,” he said. “If you take over responsibility and allow the drivers to take their hands off, then you are responsible. This is the legal situation, it’s not big news. If we take the wheel and the driver is allowed to sit there and write emails, then we are responsible.”
“When you’re driving on a freeway in a normal urban situation at speeds of up to 65km/h, you’ll be able to take your hands off and the car will do the braking, the accelerating, the changing lanes, and you can really read a book or whatever you want to do.
“You can’t step away from the seat, but if the car detects a situation, like you’re coming into a construction zone, then it will ask you to take over again, but it will give you a 15 to 20-second warning of that.”
However, the German luxury car maker is so confident of its computer-contolled ‘Audi Intelligence’ driving tech that Dr. Voggenreiter said it may skip higher-speed Level 4 autonomy and go straight to Level 5, in which drivers will be able to take to the back seat and read, email or even sleep.
“In the long run, for sure, we will see Level 5, cars with no steering wheels and no pedals. This will come and we are working on this technology now. It’s not easy to predict whether it will be 2020, 2035 or 2040, but from a technology point of view, it will be possible.”
Having been a self-declared autonomous vehicle sceptic as recently as 2014, Toyota President & CEO Akio Toyoda made a few revealing announcements at this year’s Mondial.
First off, he told reporters that Toyota is taking a safety-first view, concentrating hard on issues like how to keep occupants safe and how to manage the hand-off from car to driver and back. He told us that more testing will be needed before the company’s autonomous vehicles reach customers. 14.2 billion kilometers, or 8.8 billion miles to be precise. Toyoda also stressed that autonomy will be a big help to those with disabilities, the elderly, and others who wouldn't normally drive a car today.
The other interesting thing Toyoda did was to refer to the car driving itself as “chauffeur mode”. And, true-to-form for a notoriously keen driver and motorsport fanatic, he emphasised that Toyota is committed to keeping some semblance of excitement and pleasure alive in motoring, going as far as to ask, “if a car is not fun to drive, what's the point?” This is an attribute to look out for when the company's autonomous-capable cars start coming to market (as soon as those 14.2 billion KM are out the way).
Ultra-precise mapping is one of the key enablers of fully autonomous driving.
General Motors told us that (in common with Nissan and VW) they are experimenting with a plan to pull video data captured by their customers’ vehicles using camera-based sensor systems from Israeli firm Mobileye. Could this potentially give the automaker an edge over the likes of Google in the acquisition of precision-mapping data?
Daimler has set up a new division to push digital technologies, enabling services like ride-hailing and autonomous driving.
Speaking at the company’s press conference, Chief Executive Dieter Zetsche said: "connectivity, autonomous driving, sharing and electric drive systems - each of these four trends has the potential to turn our industry on its head. Yet the real revolution lies in intelligently linking the four trends."
Daimler is calling its new division CASE, as in Connected, Autonomous, car Sharing and Electric.
“To guarantee the logical fusion of all four future trends, we are bringing together the respective activities. We see the car transforming from a product into the ultimate platform”
Arguably the most aggressive of the mainstream OEMs when it comes to deployment of automated features, the Renault-Nissan alliance plans to launch at least 10 driverless cars by 2020.
However it seems the company is taking a pragmatic approach to real-world conditions in different global markets. CEO Carlos Ghosn told reporters autonomous cars will first hit the streets of nations where drivers are “disciplined” and “respect the rules.” In a (not so thinly) veiled stab at the “flexible” approaches to mapping and driving rules being taken in countries like Brazil and India, Mr. Ghosn said autonomous vehicles would remain off the menu there for now.
“You need to have a mapping which is precise and reliable...You need to have also driving rules which are being respected, because autonomous cars respect the rules,” Ghosn said. “You know very well that in some cities in Brazil, this is a joke, you live in Brazil, I live in Brazil, at night cars don’t stop at the red light. Nobody stops.” Ghosn’s concerns about the adequacy of infrastructure, driver training and enforcement extended to other megacities including Mumbai.
He said he believed self-driving cars would come first “to very disciplined driving countries” like Japan, the United States, France or Germany.
“And then little by little we’re going to apply the technology for countries where things are a little bit more flexible.”
On the eve of the show, Volkswagen bosses shared their view that stage-five autonomous cars are unlikely to happen for a number of years yet.
VW’s electric ID concept car, set to launch in 2020, certainly had a steering wheel - albeit one where, if you hold the badge in the center for 10 seconds, it retracts into the dashboard and control is handed to a bank of laser scanners, ultrasonic sensors, radar sensors, and cameras.
“We are talking about autonomous driving in the future, with the end state of level-five autonomous driving, which might be happening in some years to come,” said sales and marketing chief Jürgen Stackmann.
“That’s a vision. That’s a dream that the car will do whatever it wants to do in any environment. But we all know there are several stages to get that far.”
He added that, while stage-five autonomous driving is “a nice vision”, lesser levels of automation, such as self-parking, will be helpful to customers and are achievable in the near future.
“You will have manual-driven cars for sure, as the standard option. But the architecture will be qualified for the highest levels of automation. That means looking into the steering system… it will be done in a way that all these kinds of automation are possible. Obviously, we think that the car will be highly automated, but in the first case, people want to have the driving controls available. So yes, physically connected from the first day.”
Ford Motor Co.
Interestingly, Ford decided to skip this year’s Paris auto show. Rumour has it that the blue oval plans its own, private auto show in Cologne in November this year where further updates on its autonomous ambitions will be given.
We already know that Ford intends to start selling driverless cars to the public by about 2025. Ford’s focus (no pun intended) is on lowering costs sufficiently to make AVs affordable to the mass market. In August Ford revealed plans to roll out autonomous taxis - with no steering wheel, gas or brake pedals - and to expand into the mobility business by providing bikes and shuttle services in major cities. CEO Mark Fields said that after starting with sales of robot taxis to ride-hailing services by 2021, “around mid-decade we’ll make vehicles available for people to purchase for themselves.”
“We believe this next decade is really going to be defined by the automation of the automobile. We’re dedicated to putting autonomous vehicles on the road for millions of people, not just those who can afford luxury cars.”
“We don’t expect to see fully autonomous vehicles for personal use for several years after they are first introduced”
In a philosophy shared by Alphabet's Google, Ford does not intend to concentrate on incremental autonomous systems that would occasionally require drivers to take the wheel, committing instead to a full self-driving car.
"We abandoned the stepping-stone approach," Fields said, saying there are too many risks involved in the safe "hand-over" of driving responsibility between car and driver.
Raj Nair, Ford’s Chief Technical Officer added that the company had decided to make the leap to full autonomy “because we have not found a technology that can ensure driver engagement when not in control”.
Fiat Chrysler Automobiles
Fiat Chrysler CEO Sergio Marchionne canceled his appearance at the Paris show this year and the company made few statements regarding its plans for automated vehicle offerings.
FCA’s partnership to build self-driving vans with Alphabet (Google) is seen by many analysts as de facto outsourcing, given the Italian automaker’s weak finances, limiting its ability to invest in its own software expertise.
Author: Ian Dickie