Skip to main content

How It's Done: Cybersecurity and Self-Driving Cars

(Image credit: University of Michigan)

When it comes to cybersecurity, a lot of potential disturbing scenarios come to mind—what if my bank accounts are drained, what if my medical records are accessed, what if my images are mined and put online? However, a far more serious threat arises when it comes to hacking and the connected autonomous or “self-driving” vehicle. 

We chat with Rebecca Schneider, Communications Manager at Mcity, University of Michigan Office of Research, about their recent projects.

Who: Mcity—University of Michigan Office of Research

Where: Ann Arbor, MI

What: Cybersecurity and the Autonomous Vehicle (AV)

Mcity was launched as a public private partnership in 2014 with a focus on transforming mobility and aiding the commercialization of connected and automated vehicles. It was becoming obvious among government, industry and academia that there was a deficit of research and dedicated test facilities around these emerging issues. The University of Michigan was a logical place to satisfy both.

Current cybersecurity study projects include: SCMS 2.0 —(Security Credential Management System). In order to ensure the highest levels of security among communicating connected vehicles, SCMS must identify and remove any misbehaving devices. This project investigates the real-world performance of two misbehavior algorithms by implementing existing algorithms on connected vehicle onboard units, and then testing performance in Mcity and on the roadways in or near Ann Arbor. 

Also in progress is Security Analysis of Machine-Learning-Based Sensing in CAV Systems. Machine learning, especially deep learning, is used extensively to process sensor input into semantically meaningful road information, such as other cars and traffic signs. Machine-learning models are vulnerable to maliciously manipulated input, but it is still unclear how such input can actually impact the machine-learning-based sensing in CAV systems. We propose to perform the first comprehensive security analysis of machine-learning-based sensing in CAV systems to systematically understand the vulnerability status and potential security challenges.

cybersecurity self-driving car

(Image credit: University of Michigan)

Positive Results

Because Mcity was an early adopter in this space, and given the breadth of our activities and members companies, we are seen as a thought leader in AV research and activities. Student interest has always been high among engineering students, but we have also seen growing interest among law and business school students. 

The business school's Sanger Leadership Center did a Crisis Challenge in 2017 that focused on AVs that Mcity participated in. The law school now has dedicated courses around CAVs and launched a Journal of Law and Mobility that is supported by Mcity. Center activities were initially called the Mobility Transformation Center with the test facility known as Mcity. (Because Mcity wound up taking off in name recognition, it was decided in the spring of 2017 to rebrand all of our activities under Mcity.)

(Courtesy of the University of Michigan)

Biggest Challenge

One challenge is a lack of common standard for automotive Ethernet. Candidates include IPsec, TLS, MACsec, and secOC, but there is no widely favored option. Mcity’s Exploring Standards and Guidance for Automotive Ethernet Security study aims to fix this. Automotive Ethernet technology must address security requirements in addition to high bandwidth criteria to support the increasing data transfer needs. 

Security is especially important as it is conceivable that an electronic control unit (ECU) can be compromised subsequently violating the integrity of any unencrypted communication among ECUs. This could lead to more sophisticated attacks such as remotely braking the car, as some of the components in the car allow wireless network access.

cybersecurity self-driving cars

(Image credit: University of Michigan)

Finding Funding

Center activities are funded by a combination of member company fees, internal UM funding, and grants. The test facility was established with UM and Michigan Department of Transportation funding and now is funded through user fees as a recharge operation.

Tech Tools

Tech used in automated Lincoln MKZ:

- By-wire Dataspeed

- Mobileye 560

- PointGrey

- XTEND 900 MHz radio modems


- Delphi SRR/Delphi ESR

- DDSRC COHDA MK5 (3-27 Mbps)

- Nexcom Lumina Intel i7, 120 G SATA HDD

- Velodyne 16 channel LiDAR


ITS-A has also been a great resource for us to keep up to date on what is happening within the Connected and Automated Vehicle ecosystem.