π

Safe and Secure (Self-Driving) Cars

Show Sidebar

You are driving your car, approaching a cross-way, when you see a speed limit sign instead the usual stop sign at the cross-way. You are going to shake your head, stop as usual, turn, and go on as usual.

Now imagine a self-driving car which has a certain dependency on reading traffic signs on its way to do its job. This speed limit sign instead of a stop sign may be a real threat to humans. A self-driving car can be irritated and forced to do wrong decisions.

And now for the best part: you don't have to physically exchange the sign.

Cars Are Not Secure

Researchers did manage to fool a traffic sign classification algorithm so that any human is seeing a normal stop sign while at the same time, a self-driving car is seeing a speed limit sign. Just by applying black and white stickers on various locations on the sign. This is very serious stuff.

Cars can have a certain level of expert system that is able to overrule the visual impressions from the environment. For example, cars hopefully won't accelerate to 130 Kilometers per hour within a densely populated area, no matter what. However, there can't be a bullet proof, on-board security net for all situations. Manipulations of traffic signs do not have to be so obvious as described above.

And then there is the killer argument, no pun intended: bad guys may be able to hack into car infrastructure or even the management system for all self-driving cars and cause a major traffic disaster. The issue is getting even more important since researchers do think that self-driving cars will result in a dramatic increase of traffic.

A Proposal

As a consequence, there can only be trustworthy self-driving cars when there are at least following preconditions:

Who Is Going to Do It?

From the experience of the recent years, I do not trust governments or traditional car companies to be able to come up with such a trustworthy concept or even an implementation.

I don't list examples where governments took decisions against their populations. Just read the newspaper of today. Any day. Unfortunately.

Car companies, on the other side, are really good with safety: crash handling, not jamming your hands in the door, easy to read and use instruments in the cockpit, and so on. They had to lean on the way for one hundred years.

Unfortunately, car companies did not learn how to deal with security. Modern cars can be tampered with to get more horse powers with less efficiency (and worse exhaust gas). Almost all wireless entry systems got hacked, enabling burglars or thieves to enter high-level cars more easily than the cheap ones. Mobile phone apps for modern cars got hacked often that easy that it is questionable that any security-savvy person was part of the development process at all. The fact that cars can be hacked so that a bad guy is able to remote-control it while it is driving, is most disturbing on so many levels. Even Tesla is affected.

In the IT security sector, well-crafted and well-researched public security algorithms are everywhere. There are good standards on how to encrypt things. There are good standards on how to sign signs. There are good standards on how to communicate in a secure way. When companies do think they need to do it differently, they often fail miserably (Schneier's law).

So far, the automotive industry does not seem to embrace the idea that important components are open sourced so that any researcher is able to take a closer look. With each check, this would lead to a more and more reliable system that any car manufacturer is able to and should use this open standard right away.

Obviously, it is difficult for the Microsofts and Apples of the IT industry to accept such a system. But the automotive industry is even more conservative. This conservatism is really a blessing when it comes to safety. For security, there have to be different strategies.

Therefore I wonder, who is going to introduce this highly complicated process and its resulting infrastructure to the public. As much as I want to use self-driving cars as soon as possible, I am skeptic how this is going to be realized any time soon and by whom.

Comment via email (persistent) or via Disqus (ephemeral) comments below: