Center of Excellence in Information Assurance Organizes a Workshop on Automotive Cybersecurity
Center of Excellence in Information Assurance Organizes a Workshop on Automotive Cybersecurity
Center of Excellence in Information Assurance (CoEIA), one of the leading sources of cybersecurity research and consultation in the region, organized an online workshop entitled, “Cybersecurity of Connected and Autonomous Vehicles: Challenges & Opportunities” on 2 Dec. 2020. This event was part of the ‘Research Capability Grant’ funded by the Research and Development Office (RDO) of the Ministry of Education, Saudi Arabia for the project “Combating Cybersecurity Attacks in Connected and Autonomous Vehicles Via Multi-Layer Protection” (DRI-KSU-934). The workshop was well attended by a large number of local and foreign academics, researchers, students and professionals.
At the outset of this event, Prof. Mohammad Al-Wabel, the Dean of Scientific Research (DSR) at KSU, presented his opening remarks with highlighting the importance of the workshop. He said, “Cybersecurity is a subject of global importance due to the fast pace developments in the areas of internet of things, artificial intelligence, autonomous vehicles, smart cities, blockchain, cloud computing and big data, which harbor complex challenges in the hyper-connected world”. He further elaborated on, “As per the estimation of Cybersecurity Ventures, the global cyber-crimes may cost the world over USD 10.5 trillion by 2025, which is too high for cyberspace and more profitable than other illicit businesses”. He paid his gratitude to the organizers of this event Dr. Jalal Al-Muhtadi, the director of CoEIA and Prof. Muhammad Khurram Khan, the principal investigator of the project, to organize this overwhelming event in the recent times. At the end of his speech, Prof. Al-Wabel thanked the eminent speakers and panelists of the workshop for their participation and contributions to the workshop.
Followed by the opening speech, Prof. Muhammad Khurram Khan gave an overview of the workshop program and discussed the progress of the RDO sponsored project. On underlining the subject, he said, “Connected and autonomous vehicles are a collection of smart components such as sensors, cyber physical systems, electronic control units, and cameras programmed through voluminous lines of codes, that enable a seamless communication system between the driver, vehicle, and infrastructure. In recent times, the concept of autonomous vehicles is gaining significant traction in the global markets, generating higher revenues, and witnessing extraordinary market penetration due to the disruptive innovations made by the automotive industry”. To highlight the problems in modern automotive, he further explained, “Unfortunately, there is a dark side of connected and autonomous vehicles. The underlying technology and communication systems of connected vehicles are prone to cybersecurity threats, which may circumvent any product that uses sensors/IoTs and transmits data over the network. This is what motivated us to conduct research in this fascinating area. We were fortunate to win a three-year competitive research grant in this area from the Research and Development Office of the Ministry of Education Saudi Arabia”. In his welcome speech, he revealed his plans and said, “Through this project, we envisage to build local capacity and capability in automotive cybersecurity research. We have recently established an automotive cybersecurity lab at our center. This lab would help us to train and build local workforce by postgraduate supervision and mentorship”. At the end, he acknowledged the support, funding and encouragement of the DSR at King Saud University and RDO at the Ministry of Education, Saudi Arabia.
In the keynote session, Mr. Mark Zachos, the founder and President of DG Technologies USA, presented his speech on “Cybersecurity Risk Verification Testing for the SAE J3138 Automotive Security Standard”. Mark discussed several issues associated with automotive cybersecurity and highlighted the challenges of secure vehicle diagnostics after-market repair. He also reviewed the importance of different standards, which are developed to keep the automotive secure from design to the supply chain and finally through their deployment. Further, he discussed the threat identification and risk analysis techniques in the vehicles and underscored the importance of intrusion detection algorithms that are needed to be integrated and tested in the connected and autonomous vehicles.
Following the keynote session, Prof. Hafiz Malik from the University of Michigan-Dearborn USA, presented his speech on “Securing Autonomous Vehicles in Connected Cyberspace”. At the outset, he elaborated on the risks of connected and autonomous vehicles and said, “Fully connected autonomous vehicles are more vulnerable than ever to hacking and data theft. This is due to the fact that the automotive industry still relies on controller area network (CAN) protocol for in-vehicle control networks. The CAN protocol lacks basic security features such as message authentication, which makes it vulnerable to a wide array of attack vectors including man-in-the-middle and packet spoofing”. Prof. Malik further explained, “In the recent years, several researchers have successfully exploited these vulnerabilities. As vehicle-centric technologies are expected to grow so are the associated attack surfaces, therefore, there is an urgent need for developing robust and reliable tools and techniques for source identification and integrity verification of CAN packets. Existing solutions for CAN protocol security are limited in their ability and scope as they are unable to link received packets to the source (e.g., transmitting) ECU”. He then demonstrated his research work to secure connected vehicles and discussed a new method based on physical attributes of CAN signals for linking CAN packets to transmitting source ECUs. He also described his proposed framework for design and development of intrusion detection and prevention system (IDPS) for connected vehicles and showed the effectiveness of the proposed solutions.
Afterwards, Dr. Jalal Al-Muhtadi moderated a panel discussion on “Cybersecurity Research and Innovation Trends in Connected & Autonomous Vehicles”. The panel composed of eminent experts from academia and industry, including Prof. Abdelmadjid Bouabdallah (University of Technology of Compiègne, France), Prof. Fabio Kon (University of São Paulo, Brazil), Prof. Omaimah Bamasaq (King Abdulaziz University, Saudi Arabia), Dr. Fatimah Alturkistani (STC, Saudi Arabia), and Dr. Randa Aljebly (Shaqra University, Saudi Arabia). The panelists discussed modern innovations, challenges and opportunities that are making this area fascinating for research and development. The panelists also emphasized the burning need for standardization, governance, regulations and policies for autonomous vehicles safety, security, cyber-resilience and privacy-protections. At the end of the session, the panelists agreed and recommended that to foster innovations and address all discussed challenges, it is important to follow a ‘triple helix model’ of innovation, which advocates strong interaction between academia, industry and government that can lead to greater innovations and faster developments of modern technologies.
The technical proceedings of this workshop ended up with two presentations of PhD students Mr. Irfan Mohiuddin from the College of Computer & Information Sciences at KSU and Mr. Rafi Ud Daula Refat from the University of Michigan-Dearborn. Both students presented their research in automotive cybersecurity that is being conducted under the support of the RDO sponsored project. The moderation of the workkshop was conducted by Mr. Amanullah Quadri from the CCIS, KSU.