Examining the risks of cybersecurity for new generations of smart which includes both autonomous and Internet-connected cars, scientists at the University of Texas at San Antonio have conducted a study where they developed a novel framework that discusses the access control oriented architecture for connected cars and proposed authorization.
In other words, the framework will act as a key that determines what and where vulnerabilities can be exploited.
Internet-connected cars usually offer many potential benefits. They could allow for real-time and location-sensitive communication between drivers or even pedestrians, which could help make the roads safer for both. The connectivity could also allow the cars to capture safety and environmental conditions around the vehicle, including road obstructions, accidents, which also enables real-time vehicle-to-vehicle interaction on road.
Maanak Gupta, a doctoral candidate at The University of Texas at San Antonio said, “Connected cars have almost infinite possibilities for creative technological applications. Companies could even take advantage of the connectivity to implement location-based marketing tactics, providing drivers with nearby sales and offers.”
“But when such cars are exposed to internet supported functionality, they are also open to the same cybersecurity threats that loom over other electronic devices, such as computers and cell phones. For this reason, we created an authorization framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.”
Using the framework, scientists are trying to create and use security authorization policies in different access control decision points to prevent cyber attacks and unauthorized access to sensors and data in smart cars.
Ravi Sandhu, Lutcher Brown Endowed Professor of computer science and founding executive director of the UTSA Institute for Cyber Security (ICS) said, “There are infinite opportunities in this new IoT domain but at the same time cyber threats will have serious implications in smart cars. Can you imagine if someone controls your car steering remotely, or shuts down the engine in the middle of the road? There should not be absolutely any open end to orchestrate attacks on these cars.”
The framework has the potential to be used in driverless cars, noting that these vehicles may be even more vulnerable to cyber threats.