Driving safely: securing the future of connected vehicles.

Connected vehicles are exposed to cyber security threats. DSbD technologies are addressing this issue from the hardware upwards.

Article type: Blog
company Digital Security
by Design

What are connected vehicles?

A connected vehicle is one that can connect bi-directionally over wireless networks to nearby devices. Connected vehicles have been around for some time; the use cases range from entertainment systems that connect with the driver’s mobile phone to Internet-connected vehicles that talk to traffic signals, road work zones, toll booths, school areas, and other types of civil infrastructure.

Connectivity in vehicles is key to road safety and is particularly important for electric and autonomous (or driverless) vehicles that rely heavily on connected services and features to operate safely and efficiently. While connectivity enables smart mobility such as real time traffic flow information, obstacle and road mapping or remote access to emergency services, it also exposes vehicles to the threat of cyber-attacks.

Digital Security by Design, an initiative launched by the UK Government with the support of Digital Catapult, is aiming to tackle this issue from the ground up, ensuring that future automotive hardware is more resilient to cyber threats.   

How do connected vehicles operate and what are the dangers?

The Internet is the basis of a connected car. Vehicles connect via mobile data networks and can transmit data to other devices within or outside of the car, such as in vehicle-to-vehicle (v2v), vehicle-to-pedestrian (v2p) and vehicle-to-roadside infrastructure (v2i) communications. This includes remotely accessible services on smartphones and other devices.

Connected vehicles are also able to download over-the-air (OTA) updates and receive data. The capability extends to accessing telematics data and remote vehicle functions, which are especially popular with electric and autonomous vehicles. This opens potential threats by bad actors who might take control of the vehicle remotely or provide false information to the connected vehicle’s control system posing passengers and third parties at risk. 

The threat is so real that SGS, a world leading certification company, has recently launched certification for ISO/SAE 21434, the world’s first international standard for cybersecurity in the automotive industry which puts strong emphasis for car manufacturers on better identification and mitigation of potential threats and vulnerabilities.

Securing vehicle connectivity from the hardware upwards

To mitigate the cyber security vulnerability inherent to modern CPUs architectures DARPA, the US Defence Advanced Research Projects Agency, started a joint research project in 2010 with SRI International and the University of Cambridge in the UK. Over the last decade, many organisations have collaborated including Microsoft, Google and many universities.

The result of this project is CHERI (Capability Hardware Enhanced RISC Instructions), a new CPU instruction set architecture that offers security features capable of reducing the exploitation of around 70% of ongoing vulnerabilities.

You can find some helpful explainer videos by DARPA about automotive demonstrators below: 


Digital Security by Design and the automotive sector

In 2019 UK Research and Innovation (UKRI), part of the UK Government, launched the Digital Security by Design (DSbD) programme to bring this technology to the market. UKRI worked with Arm and University of Cambridge Department of Computer Science and Technology to develop the first system on chip (SoC) hardware prototype called Arm Morello Board, based on CHERI.

Part of this initiative is the AUTOCheri consortium led by Beam Connectivity, aimed at demonstrating the effectiveness of CHERI technology for cyber critical and safety critical applications, assess go-to-market routes for CHERI based products in the automotive sector and explore how this ties in with the emerging, global vehicle cyber security regulations. Watch the video here.

The first UK commercial company to experiment with DSbD technologies was CAN-Phantom, a manufacturer of aftermarket vehicle immobilisers who received a grant as part of the Technology Access Programme, run by Digital Catapult. The results of their project can be read in this case study.

More recently DSbD announced £1.2 million in funding for a Thales UK led consortium demonstrator project called RESAuto which is investigating the potential impacts of this new technology on safety and privacy.

Ways to get involved

UK automotive tech companies who are interested to experiment with CHERI are invited to register their interest in the Technology Access Programme, offering hardware, technical support as well as a grant for qualifying businesses. In alternative they should apply to receive the Arm Morello board directly on the DSbD website.

Sign up to the newsletter

Sign up to the Digital Security by Design newsletter to stay up to date with our events, news, insights and opportunities. Be the first to know about our work and ways to get involved.

UKRI DSbD Councils
Website delivered by Digital Catapult as part of the Technology Access Programme, funded by UKRI through the Digital Security by Design Programme