More security in autonomous driving

Industry: Automotive & Mobility, Commercial Vehicles / May 01, 2018

Letting cars drive autonomously? Allowing the sensors installed in the car to collect data about the driver’s current health status? Most people are very reluctant in this regard. In the SECREDAS project, a research consortium including Fraunhofer IESE is working on increasing the security of such systems – in an attempt to boost general trust in the technology.

Referenzprojekt: Secredas, Fraunhofer IESE — © Fraunhofer IESE

Last modified: May 01, 2018

When it comes to the acceptance of new technologies such as self-driving vehicles, there is still much convincing to be done: Human drivers are usually trusted to make better decisions in road traffic than any software. Boosting trust in such interconnected automated systems in mobility and medicine – in terms of both security and privacy – and keeping European OEMs competitive is the aim of the consortium of the project “Product security for cross domain reliable dependable automated systems SECREDAS”.

A total of 70 partners from 16 European countries are participating in the project, including Fraunhofer IESE.

Increasing safety and security in self-driving vehicles

In autonomously driving vehicles, neural networks play an ever greater role in control and situation recognition: Is the traffic light red? Is another vehicle crossing the intended route? The difficulty is that how exactly neural networks make their decisions cannot be traced in detail.

This is what Mohammed Naveed Akram, researcher at Fraunhofer IESE, has to say:

“We are developing a Safety Supervisor that monitors the decisions of the neural network live, so that, if necessary, corrective action can be taken on the basis of these assessments. This supervisor is based on algorithms that make use of traditional approaches. These are not used to capture the overall situation like neural networks do, but rather critical key points.

In the context of the SECREDAS project, we mainly address the question of suitable metrics; the initiation of appropriate countermeasures to control the risk will be the subject of future work.”

© Mohammed Naveed Akram
Mohammed Naveed Akram, Fraunhofer IESE

How this works exactly can best be illustrated with an example, for instance at an intersection. The neural network is designed to capture the overall situation: Which right-of-way rules apply; is the traffic light red or green; are pedestrians in the danger zone; do other vehicles cross the projected future route?

The algorithms of the Safety Supervisor are unable to do this; instead, they rely on specific metrics. These include, for instance, “General-Time-To-Collision (GTTC)”, that is, the time until a collision occurs, considering the expected trajectory, or the “Worst Case Impact Speed” metric to assess the severity of the damage based on the expected collision speed.

If a car is heading towards another road user that the neural network might have missed, the algorithms of the Safety Supervisor will detect that the distance to the other traffic participants is shrinking to a dangerous degree. They can take over command of the vehicle and decelerate the car if the automatic control fails.

“We have examined various metrics: How well can we use them to assess the current hazardous situation?” says Akram. In a simulation, the researchers evaluated the suitability of these metrics for various hazardous situations. The result is impressive. “The approach of monitoring the neural networks at any time and live using traditional approaches can, along with dynamic risk management, significantly increase safety”, summarizes Akram.

More data privacy or more service?

If another driver has used your car, this often means readjusting the seat and the mirrors, selecting your own favorite music, entering your own favorite locations into the navigation system, etc. – only then can you set off.

It is true that it is possible to save this information so that all settings fit automatically. But while some people like to use this feature, others are reluctant to do so due to privacy issues. Things become even more delicate if the vehicle also collects medical data, such as blood sugar levels or heart rate – in order to issue an appropriate warning to the driver or call for help, if necessary. After all, users currently find it hard to tell whether the data remains in the vehicle or is processed in a cloud

“A one-fits-all solution is therefore hardly a solution here”, says Arghavan Hosseinzadeh da Silva, software developer at Fraunhofer IESE. “In general, the more data you share, the more service you get. How much data you want to share in which case, however, differs greatly from person to person.”

Under the name “IND²UCE” (product name: MY DATA Control Technologies), the researchers are therefore developing a framework that makes it possible to restrict the use of all personal settings depending on the situation and personal preferences. You want to have your WhatsApp messages shown on the vehicle’s display – unless you are not alone in the car? Should the same contacts and playlists be shown in a rental car that are shown in your own vehicle, and should the seat, the steering wheel, and the mirrors be adjusted properly right away? Should the health data, such as measurements of the heart rate, stay in the car and not be sent to a cloud – unless urgent help is necessary, which then should be called automatically, for instance after an accident? In the future, users should be able to set such things themselves via an app, and these privacy specifications will then be transferred via smartphone to every vehicle currently used by the user, whether it is a business car, a rental car, or a private vehicle.

The framework components necessary for this are integrated into the vehicle. A query – for example, whether the data about the user’s heart rate may be sent to the cloud – is first run through the “Policy Decision Point PDP”. It checks whether it is permissible. If it is, the PDP sends a release to the “Enforcement” or gives it the information which data is to be deleted or anonymized prior to being sent.

In the long term, the SECREDAS consortium wants to establish a standard for data usage control in vehicles that should be adopted by all car manufacturers, if possible, in order to enable informational self-determination of the vehicle users.

Contributions of Fraunhofer IESE

Safety Supervisor architecture for the reference architecture
Centralized Safety Supervisor for a multi-agent system
Safety concept for ConSerts (Conditional Safety Certificates)
Test framework for security, incl. a concept for the systematic identification of safety-relevant security threats
Development of a domain-specific language for the formulation of security tests
MY DATA Control Technology

Which goals and results were achieved?

In the context of SECREDAS, Fraunhofer IESE developed concepts and mechanisms for data usage control that regulate access to data collected or stored in the vehicle or in connected mobile devices for external users. The driver can decide under which conditions access should be possible for which group of users. For example, in a medical emergency detected by the vehicle based on sensor information, the strict data privacy restrictions can be relaxed for medical personnel or external emergency services.

In a demonstrator, the IESE researchers also presented how textual information (e.g., city or company signs) can be deliberately obscured in the video stream of the vehicle camera in order not to reveal the vehicle’s exact location.

Do you have a challenge for us?

Benefit from having Fraunhofer as a research and industry partner!

Contact us!

We will be happy to support you and make time for you!

Schedule an appointment with us, by email or by phone.

Reference Project: SECREDAS