In the first installment of our two-part discussion on quantum computing, we discussed how this disruptive technology could change how connected cars are designed, manufactured, and driven in the future. While the automotive industry has recognized and even started seizing quantum computing’s many promising opportunities, it is also very cognizant of the risks associated with the technology especially with regard to automotive cybersecurity.
Cryptography in the automotive industry
The increasing use of connected car technologies, such as infotainment, navigation, and vehicle-to-vehicle systems, highlights the growing need for robust cybersecurity that ensures the security and privacy of sensitive data transmitted inside and outside the vehicle. This is why the automotive industry relies heavily on cryptographic methods to provide authentication, authorization, integrity, and communication confidentiality requirements and prevent cyberattacks and data breaches.
Examples of cryptographic methods used in the industry include encryption, decryption, and hashing. Encryption is the process of converting plain text into a secret code or cipher text, rendering it unreadable to unauthorized users. Decryption does the reverse by converting cipher text back into plain text. Hashing involves transforming a string of characters into another value, usually represented by a shorter, fixed-length value or key, making it easier to find the original string.
Cryptographic methods secure data transmitted between vehicles, infrastructures, and the cloud. This data includes personal and sensitive information such as location details, driving habits, and personal preferences. With cryptographic algorithms or protocols, unauthorized access to critical systems such as electronic control units (ECUs) or the central gateway can be prevented. Without these cryptographic methods, connected vehicles could be vulnerable to cyberattacks, including ransomware attacks, data theft, and remote takeovers. These could not only compromise the privacy and safety of vehicle occupants but also pose significant threats to public safety.
|Cryptographic algorithm or protocol||Function|
|Advanced Encryption Standard (AES)||A widely used encryption standard for data transmission and storage in modern vehicles|
|Data Encryption Standard (DES)||An older encryption standard that is still used in some automotive systems|
|Triple DES (3DES)||An encryption standard that uses three keys for added security, often used in conjunction with DES|
|Rivest-Shamir-Adleman (RSA)||A public-key encryption algorithm used for secure communication between a vehicle and external devices|
|Elliptic Curve Cryptography (ECC)||A public-key encryption algorithm that is more efficient and secure than RSA and commonly used at chip level|
|Secure Hash Algorithm (SHA)||A cryptographic hash function used for digital signatures and secure communication in automotive systems|
|Message Digest Method 5 (MD5)||A cryptographic hash function which can be used as a checksum to verify data integrity, producing a 128-bit hash value|
|Transport Layer Security (TLS)||A cryptographic protocol designed to provide secure communication between a car’s computer system and the internet|
|Secure Sockets Layer (SSL)||A cryptographic protocol commonly used to secure communications between a car’s computer system and the internet|
|Public Key Infrastructure (PKI)||A comprehensive information security framework for providing secure information needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption|
Table 1. Cryptographic algorithms or protocols used in the automotive industry
Looming security risks
While the automotive industry embraces the benefits of quantum computing, it also recognizes the technology’s looming security risks. Scientists have found that quantum computers are superior to traditional computers in solving optimization problems and breaking specific cryptographic algorithms.
In 1994, Peter Shor discovered that quantum computers could accelerate the decryption of RSA encryption schemes. Shor’s algorithm could quickly find integer prime factors, reducing the exponential time requirement of conventional computers to polylogarithmic time when using quantum computers. Even the seemingly impossible-to-break 2,048-bit RSA or the ECC can potentially be cracked using quantum computers.
Furthermore, quantum computers can utilize Grover’s algorithm to speed up the search for unsorted databases, which can potentially break symmetric encryption algorithms such as AES and hash algorithms such as SHA. Both are widely adopted standards for securing data and ensuring integrity during transmission.
Although experts estimate that the full development of quantum computers is still at least a decade away, a recent study from Shijie Wei suggests that the 2,048-bit RSA key can be broken by a quantum circuit with 372 physical qubits and a depth of thousands. This finding shows the possibility of quantum computing moving from hype to reality.
Mitigations of quantum risks
The imminent breakthrough of quantum computers presents significant risks to the automotive industry, making the implementation of post-quantum cryptography (PQC) essential. The National Institute of Standards and Technology (NIST) is aware of these risks and is taking measures to address them. Since 2015, the NIST has been searching for new encryption algorithms to replace those that quantum computers can potentially break. In July 2022, the NIST announced the first four quantum-resistant cryptographic algorithms for general encryption and digital signatures. These algorithms will be included in the NIST’s post-quantum cryptographic standard, which is set to be finalized in around two years.
However, the automotive industry cannot afford to wait until then, as vehicles already on the road have 10 to 15 years of lifetime. It cannot tolerate a large-scale recall and replacement of all vehicle algorithms two years later.
|Cryptographic algorithm or protocol||Possibly broken by||Risk mitigation|
|AES||Grover’s algorithm||Extend key length|
|DES||Grover’s algorithm||Change to post-quantum algorithm|
|3DES||Grover’s algorithm||Change to post-quantum algorithm|
|RSA||Shor’s algorithm||Change to post-quantum algorithm|
|ECC||Shor’s algorithm||Change to post-quantum algorithm|
|SHA||Grover’s algorithm||Extend key length|
|MD5||Grover’s algorithm||Change to post-quantum algorithm and extend key length|
|TLS||Grover’s + Shor’s||Change to post-quantum algorithm and extend key length|
|SSL||Grover’s + Shor’s||Change to post-quantum algorithm and extend key length|
|PKI||Grover’s + Shor’s||Change to post-quantum algorithm and extend key length|
Table 2. Automotive cryptographic algorithms or protocols, the algorithms that can possibly break them, and VicOne’s recommended risk mitigations
A practical way forward
One viable solution for mitigating the potential risks associated with outdated encryption algorithms in connected vehicles is the use of secure over-the-air (OTA) to reserve and accommodate future updates or replacements of new encryption algorithms. This practical approach enables automotive manufacturers to ensure that their vehicles are equipped with the latest and most secure encryption methods, thereby mitigating the risk of cyberattacks and enhancing the vehicles’ overall security.
Secure OTA solutions refer to updating and managing software on vehicles remotely. In the past, automotive software updates had to be performed in person by a technician at a dealership, which was costly and time-consuming. With secure OTA, updates can be sent wirelessly to vehicles, saving time and money for both automakers and customers.
The benefits of secure OTA for the automotive industry include:
- It allows automakers to quickly and easily fix vulnerabilities in their software. This is particularly important in the case of security software vulnerabilities, which hackers could exploit to gain access to sensitive vehicle systems or damage the vehicles.
- It helps car manufacturers (OEMS) improve the functionality of their vehicles over time. By sending software updates wirelessly, OEMs can add new features and capabilities to their cars long after they have been sold. This can increase customer satisfaction and loyalty, and give automakers a competitive advantage.
- It can update outdated encryption algorithms or new post-quantum algorithms, replace compromised private keys, or strengthen multilayer encryption mechanisms.
- It can help reduce the number of vehicles that need to be recalled for software updates, which can be costly and time-consuming.
Secure OTA is indeed a valuable solution for the automotive industry. It allows automakers to improve the security, functionality, and efficiency of their vehicles over time while also reducing costs and improving customer satisfaction. As connected cars become more common, secure OTA will become an increasingly important tool for automakers to mitigate quantum risks.
The automotive industry is very much aware of the potentials of quantum computing in designing, manufacturing, and operating vehicles. However, as the saying goes, “Water can carry a boat, but it can also capsize it.” While quantum computing could bring about technological innovations in the industry, it also poses threats to information security. As the automotive industry relies heavily on encryption algorithms, quantum computing has presented risks in the form of new opportunities for malicious actors to break encryption keys.
To mitigate these risks, the industry must take action. In addition to updating existing encryption algorithms to PQC, secure OTA can be used to continuously update and strengthen new algorithms and sensitive keys. This will allow the industry to continue to innovate while mitigating the risks associated with vehicles on the road.
Learn more about our cybersecurity solutions for the automotive industry by visiting our homepage.