Christof Paar is Chair for Embedded Security at Ruhr Universität Bochum, Germany, and is an affiliated professor at the University of Massachusetts Amherst. He has worked in applied cryptography since 1995, including teaching security courses for industry participants such as Motorola Research, NASA, and Philips Research. Paar has authored more than 200 publications in applied cryptography and is cofounder of the Conference on Cryptographic Hardware and Embedded Systems (CHES). He is a Fellow of the IEEE and the International Association of Cryptological Research. In this interview, he discusses how cryptography is increasingly important for automotive applications such as connected cars.
Question: Your specialty is applied cryptography. Where does that fit in with vehicle cybersecurity? What are some examples of vulnerabilities that cryptography is uniquely qualified to address?
Paar: I always use this analogy of saying cryptography is the same thing for security systems as an engine is for a vehicle. It’s really hard to build a car without an engine. The cryptographic algorithm is the the driving force, the heart, of almost every security solution.
Cryptography is ideal for what’s called V2X communications, where a vehicle interacts with other vehicles (V2V) or with roadside infrastructure (V2I). V2V helps avoid collisions, for example, while V2I can be used with smart city initiatives such as reducing pollution and gridlock.
Cryptography supports the authentication that allows these applications to trust one another, which obviously is key because they involve human lives in tons of metal moving at high speeds. Crypto algorithms are also a great way to encrypt V2X communications. An example is ensuring that a vehicle’s real-time location information has not been manipulated. Without cryptography, it’s possible that a hacker could send fake message that could cause, for instance, accidents by triggering automatic braking at high speeds.
Question: What tips would you suggest for using cryptography correctly and effectively for vehicular applications?
Paar: A good practice is assigning a unique key to each telematics/infotainment device to ensure that if a single device key is reverse-engineered, other devices in the ecosystem won’t be affected. Making sure there’s no single point of failure in the system is crucial and one of the biggest things that can go wrong. It’s tempting to design systems where many cars share one key because this tends to be easier from a design point of view, but we have seen time and again that such systems are eventually reversed-engineered with disastrous consequences.
It’s equally important to make sure that this isn’t a single point of failure in the back end, either, such as in a V2I server platform. If someone hacks into the back end and steals (many) cryptographic secrets, it could lead to a system wide failure.
But protecting keys is easier said than done because there’s a whole host of methods to extract them. For example, it’s possible to analyze the power consumption of a vehicle’s electronic control unit to get subtle yet usable information about its cryptographic key. Such side-channel attacks are very hard to counter. Moreover, there are additional types of what’s called implementation attacks.
We also need ways to blacklist devices. For instance, if you know that one car has been reverse-engineered, and people start cloning this car cryptographically, then blacklists are key.
Question: Many other industries have been using cryptography for decades. What can the automotive industry learn from those use cases? How could those techniques and strategies be adapted for use in automotive applications?
Paar: Probably the best one to look at is the smart card industry, especially in Europe, where cards with embedded security chips are used rather than traditional magnetic stripe cards. These chips are inexpensive yet highly effective for thwarting some of the attacks that could be used on vehicles. The smartcard industry knows how to build hardware that makes implementation attacks very hard or virtually impossible to do.
Question: Although cars and trucks are becoming computers on wheels, one major difference is that computers, servers, and other IT gear typically are replaced after 3 to 5 years. But cars and trucks often are still on the road for 10, 15, 20 years. How does that longevity affect cybersecurity?
Paar: One reason why I like this area of automotive cryptography so much is because vehicles have this incredibly long lifespan—way longer than virtually every other consumer product. That’s enough time for new techniques and technologies to emerge that are capable of compromising automotive cryptography systems that were assumed to be impervious when they were designed.
One example is quantum computers, which are capable of breaking all of the asymmetric or public key cryptography in use today. A lot of very smart people say there’s a good chance that we’re going to have quantum computers within 20 years or so, which is the lifespan of the automobile leaving the factory today.
National Institute of Standards and Technology (NIST) is working on what’s called post-quantum cryptography: public key cryptography that’s resistant to quantum computers. So we need ways of updating cryptography in vehicles such that when post-quantum options become available, they can be implemented in all vehicles rather than just new ones.
But we also need to make sure we don’t create additional vulnerabilities in the process. For example, the mechanisms used to patch and update a vehicle’s systems can’t become tools for hackers to exploit.
