RIT researchers develop cybersecurity protocols for future smart transportation systems

How security experts are preparing connected cars for post-quantum cryptography

Boris Sapozhnikov

RIT cybersecurity researchers are improving the future of vehicle-to-vehicle communications by developing protocols for post-quantum cryptography. Geoff Twardokus, left, an electrical and computer engineering Ph.D. student, and Hanif Rahbari, assistant professor of cybersecurity, conduct experiments to make sure their protocol is reliable under realistic conditions.

Rochester Institute of Technology cybersecurity researchers are preparing connected vehicle networks for the next stage of cybersecurity—the post-quantum era.

The team, in RIT’s ESL Global Cybersecurity Institute, is highlighting how current cryptographic methods are vulnerable to attacks enabled by emerging quantum computers. To help reduce collisions on the road, RIT researchers are creating their own agile and efficient security protocols that ensure all vehicles can communicate with each other securely.

Hanif Rahbari, assistant professor in the Department of Cybersecurity, and Geoff Twardokus, an electrical and computer engineering Ph.D. student, have analyzed post-quantum algorithms and proposed a Partially Hybrid Authentication Protocol—a fusion of classic and post-quantum cryptography. That work already is influencing regulations and government agencies. It has been cited by the European Union Agency for Cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency, and most notably in standardization reports from the National Institute of Standards and Technology (NIST).

“We’re making an impact on what future systems are going to use,” said Rahbari. “The work is challenging because of the conflicting constraints—the added security can’t sacrifice the reliability of communication between vehicles. What makes our work unique is that we’ve balanced security and performance and experimentally verified that it’s practical.”

In the U.S., more than 40,000 people died in motor vehicle traffic crashes in 2023. Vehicle-to-vehicle (V2V) communication networks allow cars to wirelessly coordinate movements. These connected vehicles can greatly reduce the number of mistakes that drivers make. In 2023, major automakers received regulatory approval for immediate deployment of V2V in new vehicles.

While V2V technology can alleviate tragedies on the road, cyber attackers could abuse it to cause traffic jams and crashes. Right now, V2V communications are secured using cryptography. Digital signatures on messages help to validate that communications are coming from authorized users and vehicles.

“The problem with quantum computers is that once they are a little bit more developed than they are at the moment, they will be able to break those cryptographic mechanisms that we currently rely on,” said Twardokus, who earned a bachelor’s and master’s in computing security from RIT in 2021. “For example, an attacker who has a quantum computer would be able to steal any other vehicle’s security credentials and create fake messages that look like they’re coming from those legitimate vehicles.”

Twardokus explained that the prevailing narrative about quantum computing is that it will simply “break everything” security-wise. He said this can oftentimes discourage people and automakers from planning for different stages of this coming threat.

“We’re really trying to zoom in on the problems and outline a concrete path to where quantum is going,” said Twardokus. “And here’s how we’re going to protect this environment as that evolves.”

Rahbari and Twardokus presented their new protocol at the 2024 Network and Distributed System Security (NDSS) Symposium in San Diego. The paper is titled “When Cryptography Needs a Hand: Practical Post-Quantum Authentication for V2V Communications.

In their key findings, the RIT researchers determined that several of the leading (and in some cases standardized) post-quantum cryptographic algorithms are not going to work for V2V. The algorithms and protocols will constrain vehicle communication networks.

Their new Partially Hybrid authentication protocol seeks to alleviate those constraints.

Rahbari explained that the “authentication” verifies who sends a message and makes sure that the message is actually intact and authentic. “Partial” refers to the fact that RIT researchers identified digital certificates as the most critical element to be protected by post-quantum cryptography. Other, less critical parts can still be protected by classic cryptography—for now.

“‘Hybrid’ means that the protocol supports the classical cryptography techniques of today and is also going to be able to support quantum-resistant protocols,” said Rahbari. “In the real world, we cannot just switch from an old technology to a new technology overnight. We need to enable older, legacy vehicles to coexist and talk with new vehicles.”

The experts describe their research as having “crypto-agility.”

“Our protocols are designed to be adaptable to future changes in the security space that are by their nature unforeseeable,” said Twardokus. “And it helps make sure our work has longevity even under different potential future circumstances.”

As part of the Wireless and IoT Security and Privacy research group at RIT, the team uses experiments with software-defined radios, commercial V2V devices, and digital simulators to show that their design is reliable and scalable.