"Network Security Challenge and Related Suggestions" in Automatic Driving

In February this year, the EU Network Security Bureau (ENISA) released the "Network Security Challenge" in automatic driving. The CCID Tank Network Security Institute compiled the report and expects to help our relevant departments.


The report combed the application status of artificial intelligence technology in automatic driving vehicles, and analyzed the network security threats and challenges generated in automatic driving through five attack scenarios, and proposed to strengthen the safety of artificial intelligence network safety, development End-to-end artificial intelligent security solutions, enhances the ability of artificial intelligence related events and vulnerability discovery capabilities, strengthening various countermeasures such as artificial intelligence safety training in the automotive industry. The report is designed to improve the awareness of potential risks of artificial intelligence technology and effectively resolve risks.


A new generation of cars are achieving semi-automatic and automatic driving capabilities with advances in artificial intelligence technology. According to the "Classification and Definition of Road Motor Vehicle Driving Automation System" (hereinafter referred to as SAE J3016) issued by the US Automotive Engineering Society (hereinafter referred to as SAE J3016), the road motor vehicle is divided into six automatic driving levels, from no automatic driving 0-level to complete automatic Driving and does not require the driver level 5, as shown in Figure 1. This report refers to the automatic driving vehicle, corresponding to 4 and 5-level vehicles in SAE J3016.

I. Application of artificial intelligence technology in automatic driving

(1) Artificial intelligence technology in automatic driving

In the past 10 years, the automatic driving is rapidly developed. The automatic driving system can make safety and smoothness of the destination by perceive and infer the surrounding environment, and take action to control the vehicle accordingly. The rapid development of artificial intelligence technology, especially machine learning is an important promotion of automatic driving. Figure 2 lists typical scenes facing the automatic driving system.

The automatic driving system enhancement function realized by artificial intelligence and machine learning technology mainly includes brake assist, smart parking, voice interaction with information entertainment system.

(2) Artificial intelligence software in the automatic driving system

Driving vehicles in a reality environment is not easy, requires complex social ethics and decision-making capacity to effectively respond to various accidents and hazards. Artificial intelligence software embedded in automatic driving vehicles can implement these functions, which are handled by various data collected by the processing sensor, thereby making decisions such as mobile, parking, and deceleration.

(3) Correspondence between automobile functions and artificial intelligence technology

Table 1 lists the correspondence between automatic driving vehicle function and artificial intelligence technology.

Second, artificial intelligence network security issues in automatic driving

The development of automatic driving and car networking has put forward higher requirements for the calculation function and interconnection of the vehicle, and also increases the possibility of a vehicle being attacked by a network. The network security risks of automatic driving vehicles will affect passengers, pedestrians, other vehicles and related infrastructure safety, and it is urgent to study the risk of safe vulnerability in application artificial intelligence. Artificial intelligent network threats can be divided into two categories: intentional threats and unintentional threats.

Common network security threats include four categories:

First yetSensor cents, blind, deception / saturation. The sensor will blind or disturbed. In this way, the attacker can manipulate the artificial intelligence model, provide error data to the artificial intelligence algorithm, or deliberately providing incomplete data, reducing the effectiveness of automatic decision making.

two isDOS / DDoS attack. Interrupt the communication channel available to automatically drive the vehicle so that it is basically lost in the outside world. This kind of attack can directly affect the vehicle operation and will prevent automatic driving. The purpose of the DDOS attack is to interrupt the communication channel.

ThreeManipulate the vehicle communication. The hijacking and manipulating communication channel will have a serious impact on the automatic driving operation, and the attacker can modify the transmission of the sensor reading or error interpretation of the information provided by the road infrastructure.

Four isInformation leakage. The vehicle in order to achieve automatic driving, which stores and uses a large number of personal sensitive information, including critical data saved on the artificial intelligence component, so potential attackers will intend to obtain such information, resulting in data leakage.

The following is interpreted by 5 hypothetical scenes.

Attack scenario 1:Confrared disturbances for image processing models used for street sign identification and lane detection.

Attack Scene 2:Intermediary attacks on the planning module.

Attack Scene 3:Data poisoning attacks identified by parking signs.

Attack Scene 4:Intrusion OEM background server, large-scale deployment of malware attacks.

Attack Scene 5:Sensor / Communication Interference and Global Navigation Satellite System (GNSS) spoofing attacks.

Third, artificial intelligent network security challenges and related recommendations in automatic driving

(1) Safety verification for systematic intelligence models and data

Data is critical to constructing and verifying artificial intelligence systems and is the core of the machine learning model learning process. Automatic driving vehicles typically configure multiple sensors, collect millions of environment description data per second, which provide basic support for complex, dynamic manual intelligence models.

(2) Providing a supply chain challenge related to artificial intelligence network security

Supply chain security is the weight of network security. In the supply chain of artificial intelligence components, if there is no appropriate security policy and enough strategy, it will lead to a lack of elasticity and there is potential security vulnerabilities. The security issues in the artificial intelligent life cycle may bring security risks to the automotive supply chain.

(3) End-to-end plan for artificial intelligent network security and traditional network security

In order to ensure the safe operation of automatic driving vehicles, artificial intelligent security solutions should be promoted in automatic driving vehicles and combined with traditional network security to improve the safety of artificial intelligence systems. Automatic driving deepening to artificial intelligence technology, not only provides power for attackers to implement cyber attacks on the target intelligence algorithm, but also the consequences of successful implementation of network attacks are getting more serious.

(4) Event disposal and vulnerability discovery capabilities related to artificial intelligence

Although many enterprise network security teams know that there is a network security hazard, there is a network security hazard, but only when security events or discovery vulnerabilities occurs, people really realize the importance of security. Although there is a lot of publicity of security vulnerabilities, people’s network security awareness is still weak, especially in the security vulnerabilities related to artificial intelligence systems.

(5) The lack of artificial intelligence network security and expertise in the automotive industry

Due to the lack of expertise in artificial intelligent network security due to development and system designers, there is no safety test and code analysis of artificial intelligence components during the development process, which has not set a network security policy in advance, which causes attackers to easily Automatic driving vehicle artificial intelligence components are locked as attack targets. Therefore, artificial intelligence security issues usually adopt the method of post-remedies, and the form of security inserts is mainly in the form of safety vulnerabilities.

Translated from:

Cybersecurity Challenge in the Uptake of Artificial Intelligence In Autonomous Driving, February 2021 by European Union Agency Fo Cybersecurity

Note: Reprint, add white lists and business cooperation, please leave a message in the public number, you must not reprint it, you must not modify and steal the original text.