Evaluation of Impacts of IT-Incidents on Automotive Safety with Regard to Supporting Reaction Strategies for the Driver


Sven Kuhlmann, Robert Altschaffel, Tobias Hoppe, Jana Dittmann, Christoph Neubüser

University of Magdeburg, Germany


Abstract

 

Objectives


The integration of modern IT technologies into vehicles brings up several new challenges in automotive systems engineering. While current technology aspires an exclusive use of electrical and electronic control systems for relevant functions, such as engine control or X-by-wire systems, growing dependency on electronic systems increases the vulnerability of modern cars to both accidental and intentionally forged IT incidents. Especially the constantly increasing complexity of and interdependencies between different automotive IT systems makes it difficult for the developers to foresee all potential fault conditions or to prevent unauthorized actions from taking effect. As if these problems were not enough of a challenge, especially in automotive IT environments IT- incidents can possibly also affect the safety of the car, its passengers and other road users.

The integration of modern IT technologies into vehicles brings up several new challenges in automotive systems engineering. While current technology aspires an exclusive use of electrical and electronic control systems for relevant functions, such as engine control or X-by-wire systems, growing dependency on electronic systems increases the vulnerability of modern cars to both accidental and intentionally forged IT incidents. Especially the constantly increasing complexity of and interdependencies between different automotive IT systems makes it difficult for the developers to foresee all potential fault conditions or to prevent unauthorized actions from taking effect. As if these problems were not enough of a challenge, especially in automotive IT environments IT- incidents can possibly also affect the safety of the car, its passengers and other road users.

Building on a study on IT security warnings [1] and comparing with corresponding ASIL levels, we carried out a driving simulator study to evaluate driver reactions to various error and security relevant scenarios.

 

Methods


Assuming that malfunctions of electronically supported control systems will endanger the safety of the car, a driving simulator study was designed and executed. These tests cover both security-related and safety-related lsources of failures (i.e.: accidental or provoked malfunctions) and scenarios with different criticality (based on ASIL A, B, C, D – [2]). The reactions of 40 uninformed drivers were observed and analyzed. In particular failures of engine, steering and brakes were executed in different road and traffic scenarios (e.g.: slow vs. high speed, low vs. high traffic density). The reactions of the drivers were recorded and, additionally, the controllability of the situation was observed as perceived by the drivers (using a think-aloud test). Furthermore, the study evaluated the potential of appropriate warning and reaction strategies that could support the reaction of the driver in critical situations as developed in [1].

 

Results


The results show differences in driver behavior within a specific failure situation and an even greater degree between various failure situations. We found different types of accidents following the loss of steering and braking function – but no accidents caused by the loss of engine function. Interestingly, the results show the highest rate of recognition for the engine turn off scenario, where as in the autonomous acceleration and loss of brake function 15-17% of drivers did not recognize the malfunction. Besides this, we introduce different strategies to warn and support drivers in such situations. Especially when losing the ability to steer and brake, the warnings showed positive impact if the driver is warned ahead and stops the car before the complete loss of those functions. When the warning appears together with the function loss, a significant improvement of crash count and severity could not be observed.

 

Conclusions


This work shows the impact security-related incidents can have on the safety of concurrent and future vehicles. It shows the potential of decreasing the severity of these incidents by using tailored warnings and shows a first evaluation of the feasibility of such an approach. It was shown that a loss of engine function leads to a safe stop of the car while a loss of steering or braking ability or an autonomous acceleration lead to an accident in 45% up to 71% of all cases. The severity of those accidents is not significantly correlated to the type of malfunction.