Today’s cars are mobile data centers, and that data needs to be protected
In a recent report, AlixPartners estimate that the global microchip shortage will cost car manufacturers $110 billion dollars in 2021, through the lost production of around 3.9 million vehicles. The impact of this supply chain issue demonstrates how vital microelectronics and computational power have become within the context of modern vehicle design.
As hybrid powertrains and full electric drive extend across vehicle platforms in response to emissions legislation, the requirement to manage battery and charging systems and optimize performance will depend upon software running on an increasingly complex suite of computing resources.
This computing infrastructure will not be limited to the vehicle’s own data architecture but will also incorporate OEM infrastructures for servicing and maintenance, and third-party infrastructures that supporting operation of the vehicle and the overall passenger experience.
Our cars can no longer be considered as independent machines providing for our personal transportation. The integration of mobile communications, infotainment, geo-location, and emergency monitoring systems render cars as a connected device within a distributed mesh of different data services. As manufacturers increase levels of system automation on the journey to fully autonomous vehicles (AVs), the volume of data generated and consumed by our vehicles will grow exponentially, as will the complexity of the code base on which the car depends.
The passenger economy and the AV operational context
But progress often comes at a cost, and we need to carefully consider the implications that AV technology will have for our personal privacy and data protection.
The utopian vision of the AV paradigm removing the stress of having to pilot the vehicle, improving road safety, and managing urban traffic flows has already given rise to what manufacturers are referring to as the “passenger economy”. While we are chauffeured by software, we will be able to work, shop, and play from the comfort of our seats within continuous network connectivity.
Independent of our own data demand, our vehicles will also be communicating and receiving sensor and telemetry data with other vehicles to avoid collisions, with our smart cities to ensure an efficient journey time, and with the manufacturer to schedule maintenance and contribute to the next generation of car design.
All this critical data, however, could form the basis of a dystopian nightmare. Compromised applications might disable the software controlling safety systems on which AVs will depend. Knowledge of the driver’s identity, social media streams, and location might proliferate an avalanche of targeted advertising from local services, a loss of privacy, and potentially compromised personal safety. Dissemination or unauthorized breach of the data generated by our vehicles could provide a platform for financial crime, surveillance by the state or our employers, or theft of our personal information for illicit use.
In their article, “Rewiring car electronics and software architecture for the ‘Roaring 2020s’”, McKinsey also forecast that AV technology will see a transformation in way computing power is deployed within our vehicles.
Today’s technology is characterized by individual electronic control units (ECUs) dedicated to the management of discrete on-board systems. The AV operating model requires a centralized control system that can combine the multitude of necessary sensor data, using zone controllers that provide continuous monitoring of one area of the vehicle. The central “brain” will employ collaborative AI applications to process the zonal sensor data and safely pilot the car through the external environment. The brain will not only control the vehicle, but it will also be the single point of interface with the outside world and the data services connected to the car and its passengers.
Both the passenger economy and the AV operational context will require execution and maintenance of software applications using generalized computing resources at the heart of the vehicle architecture. To ensure the physical safety and data privacy of road users, a micro-segmentation approach to network design must be combined with hardware-based security that supports a zero trust (ZT) approach to identity and access management, and isolation of critical data if the vehicle network is compromised, or the physical asset is stolen, sold, or recycled. This data protection should also remain in place when OEMs or independent providers have access to the vehicle for maintenance.
Confidential computing to the rescue
Fortunately, the nascent technology of confidential computing, which is founded on the deployment of applications within a Trusted Execution Environment (TEE) with a cryptographic link to the underlying processor hardware, may provide the solution that tomorrow’s AVs require.
Confidential computing is already available today in the cloud and on-premises infrastructures that are used to securely process our private data and sensitive enterprise applications, including the type of AI workloads common to the control systems governing safe AV operation. As the locus of computation in next generation AVs shifts to a central brain, existing processor technologies can provide the secure, real-time, information processing necessary to both control the car and deliver the data services that will enhance the passenger experience.
At the vehicle level, attestation of on-board hardware can be used to validate critical firmware and authenticate software updates provided by manufacturers and service partners. This mitigates the potential for malicious code to be introduced during maintenance or via a network-based attack, since the targeted software can be shielded within the encrypted memory region established by a TEE. Software revision can be restricted to only be allowed following mutual verification of the car and the software provider, based on the platform identify encoded in the CPU of the central brain.
Attestation can also ensure the integrity of the data being processed by the AV control system through verification of zone hardware at the network edge. This applies whether data is being received from the vehicle’s integrated sensor suite or from sensors incorporated within the highway or smart city environment. Crucially, the validation of data provenance by endpoint attestation can prevent perturbation of the AI algorithms operating the car. In this way, safe vehicle function can be maintained in the case of a network intrusion or attempted adversarial machine learning (AML) attack designed to compromise the integrity of the autonomous software.
Confidential computing represents a security technology that is ideally suited to the system-of-systems context defining 5th generation AV operation. While securing data in use on-board the vehicle, the use of mutual attestation between AVs and data services in the cloud can also be used to establish segmentation boundaries and privacy of data used by external service providers.
Since the production implementation of confidential computing platforms within cloud and on-premises enterprise datacenters is already well underway, compatible on-board compute nodes can be seamlessly integrated as part of a distributed network, via interoperable attestation protocols and high-speed 5G communications. By taking a ZT approach, founded on attestation of verifiable platform identities, automotive OEMs, drivers, and passengers can ensure the security and privacy of data wherever it is consumed by an AV.
As confidential computing transitions to become a ubiquitous capability across all computing platforms and extends beyond the datacenter to the network edge, the possibility of securing the AV architecture and the ecosystem that will develop around this new mode of personal transport can be factored into the design of tomorrow’s cars, the passenger economy, and our national infrastructure.
As legislators, automobile designers, owners, and passengers come to focus on the software features incorporated in new vehicles as differentiators, the isolation of critical data and applications with the scalability and performance demanded by AV systems can be provided by confidential computing to enable realization of the anticipated benefits of tomorrow’s automated transportation.