Researchers create framework to prevent cyber attacks on connected cars

Could also be applied to driverless cars - if and when the technology is perfected

Scientists at the University of Texas, San Antonio (UTSA) have created a framework that, they claim, will prevent cyber attacks on internet-connected cars.

The Authorisation Framework for Connected Cars has been designed to provide a conceptual overview of various access-control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.

The framework was created out of a new study by Maanak Gupta, doctoral candidate at UTSA and Ravi Sandhu, Lutcher Brown Endowed Professor of computer science and founding executive director of the UTSA Institute for Cyber Security (ICS). The research examined the cybersecurity risks for new generations of smart vehicles, which includes both autonomous and internet connected cars.

"There are vulnerabilities in every machine," said Gupta. "We're working to make sure someone doesn't take advantage of those vulnerabilities and turn them into threats. The questions of 'who do I trust?' and 'how do I trust?' are still to be answered in smart cars."

Gupta and Sandhu's framework discusses an access control oriented architecture for connected cars and proposed authorisation framework, which they explain is key to determine what and where vulnerabilities can be exploited.

Using this framework, the team at ICS is trying to create and use security authorisation policies in different access control decision points to prevent cyber attacks and unauthorised access to sensors and data in smart cars.

"There are infinite opportunities in this new IoT domain but at the same time cyber threats will have serious implications in smart cars. Can you imagine if someone controls your car steering remotely, or shuts down the engine in the middle of the road?" added Gupta. "There should not be absolutely any open end to orchestrate attacks on these cars."

According to the scientists, the authorization framework can also be applied to driverless cars, noting that these vehicles may be even more vulnerable to cyber threats in the coming years.

"Driverless and connected cars are increasingly becoming a part of our world, where cybersecurity threats are already a reality," said Sandhu. "It's imperative that we support research that addresses these concerns and presents a strong, innovative solution."