A simple question that is not easy to answer in the context of autonomous driving
This is because the software-defined vehicle as a platform for autonomous vehicles is a complex system. When investigating the causes of accidents, this complexity presents new challenges for the police, insurance companies and courts: how can it be proven beyond doubt that an accident was caused by software (AI error) or by a hacker attack? In the DiForIT research project at asvin labs, we are investigating this question with expert partners from research and vehicle forensics.
DiForIT examines various aspects of digital forensics for software-defined vehicles (SDVs).
First, a model of cyber threats is created in a threat landscape analysis. It is important to be able to distinguish the risks posed by cyber attacks from the general safety risks of a vehicle. In addition to the vehicle with its sensors and control units, other elements of the digital infrastructure must also be considered. These include vehicle communication and the connection to cloud services.
In future, it will therefore no longer be sufficient to simply secure the log files from individual control units in a vehicle for forensic analysis to determine the cause of an accident. Instead, information about the condition of the vehicle prior to the accident must be recorded. This includes, for example, environmental information or information provided via cloud services. In addition, in autonomous systems, the parameters for AI decision-making in the vehicle must be recorded in full so that, for example, the behaviour of the AI when controlling the vehicle can be simulated and reproduced in forensic analysis.
Together with the automotive forensic experts at ZITIS, these aspects are being investigated in the DiForIT project in the laboratory and reproduced in a test setup with modern control units and sensor technology. In addition to forensic analysis techniques, the entire forensic process chain must be examined and, above all, rethought. This is because the aim of forensics is to provide legally admissible analysis and representation of future accidents in the field of autonomous driving. Where courts pass judgements based on digital forensics, the forensic evidence presented must stand up to critical scrutiny. As a supporting federal authority, ZITIS has the task of providing the police with forensic analysis tools and procedures that are legally admissible in court.
Vehicle data and context data play a central role in these new forensic tools and procedures.
Our researchers and developers are therefore focusing on developing a digital recorder – similar to a flight recorder in aircraft – for the SDV. This digital black box will serve as a central data point to record and provide the data required for forensic analysis. In addition to driving behaviour data from the control units, contextual data on the driving environment and communication data from the cloud must also be recorded.
For data protection reasons, the principle of data minimisation must also be observed for all these data points. It is important to limit the data that is really needed for forensic analysis. And, very importantly, how the data stored on the black box is protected from unauthorised access.
In addition, cyber attackers repeatedly try to cover their tracks. In the course of evidence collection and preservation, the data on the black box must therefore be protected against manipulation and deletion by unauthorised persons. In addition to technical protection measures for the black box, the researchers and developers at asvin labs are therefore working on special cryptographic procedures designed to prevent undetected manipulation of data.
Partners
The DiForIT research project will run for three years. Research partners are OTH Regensburg, ZITIS, Itemis AG, LPDG GmbH, CSTX GmbH and asvin. The project coordinates partial results with the Federal Criminal Police Office (BKA) and the state criminal investigation offices.
DiForIT
RESEARCH PARTNERS
