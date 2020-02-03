A new system controls whether and under what circumstances personal data may be transferred to a specific destination. Photo credit: Fraunhofer IESE

When it comes to self-driving cars, most people still hesitate. Similar concerns exist regarding sensors on board that collect data about a driver’s current health. As part of the SECREDAS project, a research consortium, which includes the Fraunhofer Institute for Experimental Software Engineering IESE, is investigating the security and data protection of these systems. The aim is to strengthen trust in such a technology.

There is still a long way to go before people can be persuaded to embrace new technology like self-driving cars. When making road traffic decisions, we trust human drivers rather than software. The consortium behind the SECREDAS project aims to strengthen trust in such networked, automated systems and their ability to meet security and data protection concerns – be it in the field of mobility or medicine. SECREDAS, which stands for “Product safety for reliable cross-domain automated systems”, brings together 69 partners from 16 European countries, including the Fraunhofer Institute for Experimental Software Engineering IESE. This project aims to ensure that European OEMs remain competitive in this area. It has total funding of 51.6 million euros, to which the EU contributes around 15 million euros.

Increasing the safety of self-driving cars

The control of autonomous vehicles is increasingly in the hands of neural networks. These are used to assess everyday traffic situations: Is the traffic light red? Is there another vehicle crossing the road? The problem with neural networks, however, is that it remains unclear how they make such decisions. “We are therefore developing a security supervisor who monitors the decisions of the neural network in real time. If necessary, he can intervene based on this assessment,” says Mohammed Naveed Akram from Fraunhofer IESE. “The security officer uses classic algorithms that focus on key parameters rather than assessing the overall situation – that is what the neural networks do. Our work for the SECREDAS project is mainly about identifying suitable metrics for this purpose, but we are also investigating how to take appropriate countermeasures to avert threats. “

The following example shows what this means in practice. As the vehicle approaches an intersection, a neural network evaluates the overall situation: who has right of way? Is the traffic light red or green? Are pedestrians in the danger zone? Do vehicles cross the road? In the meantime, the security officer’s algorithms focus on certain metrics. This can be the general time to collision (GTTC) based on a vehicle’s trajectories on a collision course, or worst case impact speed, which determines the level of damage based on the likely collision speed. If the car approaches another road user that the neural network has not recognized, the algorithms of the security officer recognize that the distance to this or other road users is reduced to a dangerous degree. And if the autonomous systems fail, the safety officer takes control of the vehicle and applies the brakes. “We looked at various metrics to see how well we can assess a dangerous situation like this,” explains Akram. Using computer simulations, researchers have modeled the effectiveness of these metrics in a number of critical situations – with impressive results. “In combination with dynamic risk management, the use of conventional approaches to monitor neural networks in real time can lead to a significant increase in security,” said Akram.

Better service or more data protection?

Sharing a car with others can be a problem: every time you use it, you have to readjust the seat and rearview mirror, set the radio to your preferred channel and re-enter your preferred positions in the navigation system. It is of course quite feasible to save such personal settings so that they can be selected automatically for every driver. For some people, this is an extremely practical function. Others see this as an undesirable interference with data protection. This problem becomes even more complicated when we imagine that vehicle systems also monitor a driver’s blood sugar level or heart rate to warn the driver of critical readings or to request help. One reason for reservations about such health monitoring is that drivers are never really sure whether the data will remain on board or processed in the cloud. “There is no uniform solution here,” says Arghavan Hosseinzadeh da Silva, security engineer at Fraunhofer IESE. “The more data you submit, the better the service you get. But how much data someone wants to reveal and under what circumstances can vary greatly from person to person.”

Researchers at the IND²UCE program are currently developing a framework that can restrict the use of personal data depending on the situation and individual preferences. This has already led to software under the product name MYDATA Control Technologies. Suppose you want WhatsApp messages to appear on the car display – but not if you have a company. When renting a car, you want the same contacts and playlists to appear as in your own vehicle – and the seat, steering wheel, and mirror should automatically move to the appropriate settings. And you want all health-related data like heart rate to stay on board and not sent to the cloud – unless there is a real emergency like an accident and you need to get help right away. In the future, users can make such settings in a smartphone app, which will then forward these settings to every vehicle they are driving, be it a company, a rental car or a private vehicle.

The frame components required for this are installed in the vehicle. For example, a request as to whether data on the driver’s heart rate should be sent to the cloud is sent to a so-called Policy Decision Point (PDP), which then checks whether this is permissible. If the answer is positive, the PDP either sends an authorization to the Policy Enforcement Point (PEP) or specifies what data needs to be deleted or anonymized before it is sent. As part of the SECREDAS project, researchers at Fraunhofer IESE are now developing a demonstrator for this scenario. This work should be completed by the end of 2020. The SECREDAS consortium strives to set a standard for controlling data usage on board vehicles in the future. Whenever possible, this should be done by all automakers so that vehicle users can determine how their personal information is used.

