| dc.description.abstract | Autonomous vehicles and quantum computers are two emerging technologies that will transform our world in the not-too-distant future. This thesis examines the safety and security of autonomous vehicles in a world where adversaries have access to large-scale quantum computers. Large-scale quantum computers are relevant to automotive security because they can defeat the cryptographic foundation underlying critical safety systems such as path planning, perceptual unit, braking, steering, and engine electronic control units (ECUs). Peter Shor discovered a quantum computer algorithm in 1994 that can defeat modern-day public-key cryptography, including digital signatures (e.g., RSA, EdDSA), due to the algorithm’s ability to factor large numbers and find discrete logarithms efficiently [23]. According to existing mathematical theory, classical computers cannot factor large numbers or find discrete logarithms efficiently. The critical insight derived from this thesis is that an adversary can defeat an autonomous vehicle’s security of safety-critical systems with a large-scale quantum computer. In particular, the digital signatures used for authentication of over-the-air (OTA) software updates can be forged by an adversary with a large-scale quantum computer which, in the worst-case scenario, could enable a fleet-wide hack of an autonomous vehicle system potentially compromising a million vehicles simultaneously. The thesis explicitly identifies Tesla as a significant risk through their use of
Ed25519, a discrete logarithm-based digital signature for OTA software updates [77], [78], [79]. Likely, most automotive manufacturers are at risk, but Tesla was the only company whose digital signature protocols were found to be publicly available on the internet. The analysis was completed using STPA-Sec (System-Theoretic Process Analysis for Security), an engineering risk management framework for identifying safety issues caused by security breaches. Overviews of quantum computing and quantum-safe cryptography are given. In addition, a Monte Carlo simulation framework is proposed to estimate the probability and severity of a large-scale quantum computer attack on autonomous vehicles. In addition to outlining the attack, countermeasures are provided to mitigate the risk, such as automotive companies upgrading to quantum-safe cryptography that NIST is currently standardizing. The NIST standardization is scheduled for completion in 2024. If automotive companies upgrade to quantum-safe cryptography, the risk against known attacks is eliminated, but there is a residual risk regarding currently unknown attacks. There is a reasonable amount of time to mitigate this risk as large-scale quantum computers are not expected to exist until the end of the decade. However, the section on quantum cyber risk analytics focuses on estimating the risk in the worst 1 in 1,000 chance scenario. Based on a model that estimates quantum risk, whose details including assumptions are outlined in Chapter 11, the central insight from the analytics is that there is an approximate 99 in 100 chance the RSA-2048 will be broken in 24 hours within the next 15 years in the worst 1 in 1,000 chance scenario. A vision of a quantum-safe and quantum-enhanced autonomous vehicle future is painted where quantum computers and quantum sensors may significantly enhance many aspects of autonomous vehicles. Recommendations to improve STPA-Sec are provided. The main contributions of this work are identifying a worst-case scenario where a million cars could be compromised by an adversary with access to a large-scale quantum computer, conducting a formal STPA-Sec analysis on the path planning control loop of an autonomous vehicle in the presence of an adversary with a large-scale quantum computer, providing suggestions on how to improve STPA-Sec, and the section on quantum risk management. In particular, conducting the first known quantum stress test by estimating the risk of the worst 1 in 1,000 chance scenario for RSA-2048 to be broken in 24 hours within 15, 20, and 30 years completes the contributions of this thesis. | en |
