Part funded by Innovate UK’s Digital Security by Design (DSbD) challenge, the AutoCHERI project has developed and is testing new use-cases to reduce cyber security risk and enhance the safety, security, and performance of connected vehicles.
CHERI (Capability Hardware Enhancement to RISC Instructions) technology is used within the automotive, defence and security industries to prevent cyber criminals from introducing bugs into systems where memory is used, which is one of the major causes of security breaches and cybersecurity risks.
In 2022, 75% of automotive organisations planned to implement edge security changes to reduce risks that affect their connected vehicles and prevent future cyberattacks, which can result in a serious risk to life as well as financial penalties.
AutoCHERI aims to encourage automotive silicon suppliers to integrate CHERI technology into their roadmaps, with the hopes of CHERI-enabled devices being introduced to the market in the next 5-10 years.
The project will prove technology to reduce cyber security risks on next generation vehicle architectures. These architectures are characterised by having consolidated computer power in a few centralised, high-performance nodes. The benefit of having fewer nodes is that they are faster and more power efficient.
The project is being delivered by a consortium consisting of Beam Connectivity, Applus+ IDIADA, Swansea University, University of Exeter and Compound Semiconductor Applications (CSA) Catapult.
The AutoCHERI project will showcase how integrating CHERI technology into an automotive grade Telematics Control Unit (TCU) can prevent some attacks and enhance the safety and security of connected vehicles.
The TCU is the vehicle subsystem that performs telematics functions and manages all wireless communication to and from the vehicle including cellular, Wi-Fi, Bluetooth and vehicle to everything (V2X).
The AutoCHERI consortium has implemented four use cases with a Telematics Control Unit based on a CHERI capable processor:
The project team has reviewed the threat landscape for each use case in detail, providing in-depth insight into how CHERI technology can mitigate this for safety critical vehicle use cases. The use cases have been implemented in the laboratory, whilst testing in a semi-controlled environment is planned soon.
The AutoCHERI consortium have held discussions with multiple vehicle sector stakeholders and plan to communicate back to the industry how CHERI can support existing initiatives for cyber security and meeting new industry standards, such as ISO 21434.
Thomas Sors, Cofounder and CEO of Beam Connectivity, says: “The AutoCHERI project supports Beam Connectivity in its ambition to provide the most secure and highest performance connected vehicle systems. All new vehicles will be connected driving the need for the highest levels of security for emerging features such as over-the-air software updates, V2X applications and remote control. Security, safety and connectivity must now be looked at in combination and we are looking at how CHERI can support innovations in this area.”
Dr. Hoang Nga Nguyen, PI from Swansea University, says: “The AutoCHERI project is aligned with our Systems Security Group’s strong focus on automotive cybersecurity. We are deploying latest standards-driven modelling and tooling for threat and risk assessment, combined with our growing expertise in hardware security.”
Prof. Achim Brucker, PI from Exeter University, says: “The AutoCHERI project is well aligned with our focus on developing methods and tools for the verification and testing of security and safety of complex systems. We particularly focus on high-assurance systems that might need to undergo a certification. Within AutoCHERI, we investigate the use of the AutoCHERI on our verification, testing, and certification tool chain.”
Chief Technology Officer at CSA Catapult, Nick Singh, says: “We’re delighted to be a part of the AutoCHERI project and contributing to the safety and security of the next-generation of vehicles through the development of cutting-edge technology designed to safeguard against the rising threat of cyberattacks.”
The AutoCHERI exhibited at Cenex-LCV, Millbrook on 6-7th September. During the event, the consortium showcased a CHERI-based ECU integrated into a vehicle, actioning remote commands from a smartphone whilst offering increased protection from memory safety attacks.
