Search Results

Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.

Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.

Their associated information technology and cyber physical systems—along with an exponentially resultant number of interconnections—present a massive cybersecurity challenge. Unlike the physical security challenge, which was treated in earnest throughout the last decades, cyber-attacks on airports keep coming, but most airport lack essential means to confront such cyber-attacks. ...These missing means are not technical tools, but rather holistic regulatory directives, technical and process standards, guides, and best practices for airports cybersecurity—even airport cybersecurity concepts and basic definitions are missing in certain cases. Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity. ...Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity.

To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. ...With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process. In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.

Day by day, airports adopt more IoT devices. However, airports are not exempt from possible failures due to malware’s proliferation that can abuse vulnerabilities. Computer criminals can access, corrupt, and extract information from individuals or companies. This paper explains the development of a propagation model, which started with a Delphi process. We discuss the preliminary implications for airports of the simulation model built from the Delphi recommendations.

The results of this work is allowed to identify a number of cybersecurity threats of the automated security-critical automotive systems, which reduces the efficiency of operation, road safety and system safety. ...According to the evaluating criterion of board electronics, the presence of poorly-protected communication channels, the 75% of the researched modern vehicles do not meet the minimum requirements of cybersecurity due to the danger of external blocking of vital systems. The revealed vulnerabilities of the security-critical automotive systems lead to the necessity of developing methods for mechanical and electronic protection of the modern vehicle. ...The law of normal distribution of the mid-points of the expert evaluation of the cyber-security of a modern vehicle has been determined. Based on the system approach, ranking of the main cybersecurity treats is performed.

The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations for identifying and assessing cybersecurity threats and for designing cybersecurity aware systems in close relation to the ISO 26262 standard for the functional safety of road vehicles. ...., infotainment, car-2-car or car-2-infrastructure communication) as well as new advances toward advanced driver assistance systems (ADAS) or even autonomous driving functions make cybersecurity another key factor to be taken into account by vehicle suppliers and manufacturers. ...Although these can capitalize on experiences from many other domains, they still have to face several unique challenges when gearing up for specific cybersecurity challenges. A key challenge is related to the increasing interconnection of automotive systems with networks (such as Car2X).

., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384.

The article also focus on innovative approaches that have recently adopted my many cybersecurity professionals for secured operation of ITS involving block-chain, artificial intelligence, and Machine Learning.

In addition, due to the cyber-security risk, the security functions to ensure the integrity of the message has to be considered.

Also, all the existing methods for vehicular communication rely on a centralized server which itself invite massive cyber-security threats. These threats and challenges can be addressed by using the Blockchain (BC) technology, where each transaction is logged in a decentralized immutable BC ledger.

With the introduction of Connected Vehicles, it is possible to extend the limited horizon of vehicles on the road by collective perceptions, where vehicles periodically share their information with other vehicles and servers using cloud. Nevertheless, by the time the connected vehicle spread expands, it is critical to understand the validation techniques which can be used to ensure a flawless transfer of data and connectivity. Connected vehicles are mainly characterized by the smartphone application which is provided to the end customers to access the connectivity features in the vehicle. The end result which is delivered to the customer is through the integrated telematics unit in the vehicle which communicates through a communication layer with the cloud platform. The cloud server in turn interacts with the final application layer of the mobile application given to the customer.

Unmanned ground vehicles (UGVs) may encounter difficulties accommodating environmental uncertainties and system degradations during harsh conditions. However, human experience and onboard intelligence can may help mitigate such cases. Unfortunately, human operators have cognition limits when directly supervising multiple UGVs. Ideally, an automated decision aid can be designed that empowers the human operator to supervise the UGVs. In this paper, we consider a connected UGV platoon under cyber attacks that may disrupt safety and degrade performance. An observer-based resilient control strategy is designed to mitigate the effects of vehicle-to-vehicle (V2V) cyber attacks. In addition, each UGV generates both internal and external evaluations based on the platoons performance metrics. A cloud-based trust-based information management system collects these evaluations to detect abnormal UGV platoon behaviors.

The ever-increasing complexity and connectivity of driver assist functions pose challenges for both Functional Safety and Cyber Security. Several of these challenges arise not only due to the new functionalities themselves but due to numerous interdependencies between safety and security. Safety and security goals can conflict, safety mechanisms might be intentionally triggered by attackers to impact functionality negatively, or mechanisms can compete for limited resources like processing power or memory to name just some conflict potentials. But there is also the potential for synergies, both in the implementation as well as during the development. For example, both disciplines require mechanisms to check data integrity, are concerned with freedom from interference and require architecture based analyses. So far there is no consensus in the industry on how to best deal with these interdependencies in automotive development projects.

The automotive industry is set for a rapid transformation in the next few years in terms of communication. The kind of growth the automotive industry is poised for in fields of connected cars is both fascinating and alarming at the same time. The communication devices equipped to the cars and the data exchanges done between vehicles to vehicles are prone to a lot of cyber-related attacks. The signals that are sent using Vehicular Adhoc Network (VANET) between vehicles can be eavesdropped by the attackers and it may be used for various attacks such as the man in the middle attack, DOS attack, Sybil attack, etc. These attacks can be prevented using the Blockchain technology, where each transaction is logged in a decentralized immutable Blockchain ledger. This provides authenticity and integrity to the signals. But the use of Blockchain Platforms such as Ethereum has various drawbacks like scalability which makes it infeasible for connected car system.

With the rapid development of vehicle intelligent and networking technology, the IT security of automotive systems becomes an important area of research. In addition to the basic vehicle control, intelligent advanced driver assistance systems, infotainment systems will all exchange data with in-vehicle network. Unfortunately, current communication network protocols, including Controller Area Network (CAN), FlexRay, MOST, and LIN have no security services, such as authentication or encryption, etc. Therefore, the vehicle are unprotected against malicious attacks. Since CAN bus is actually the most widely used field bus for in-vehicle communications in current automobiles, the security aspects of CAN bus is focused on. Based on the analysis of the current research status of CAN bus network security, this paper summarizes the CAN bus potential security vulnerabilities and the attack means.

This paper is the second in the series of documents designed to record the progress of a series of SAE documents - SAE J2836™, J2847, J2931, & J2953 - within the Plug-In Electric Vehicle (PEV) Communication Task Force. This follows the initial paper number 2010-01-0837, and continues with the test and modeling of the various PLC types for utility programs described in J2836/1™ & J2847/1. This also extends the communication to an off-board charger, described in J2836/2™ & J2847/2 and includes reverse energy flow described in J2836/3™ and J2847/3. The initial versions of J2836/1™ and J2847/1 were published early 2010. J2847/1 has now been re-opened to include updates from comments from the National Institute of Standards Technology (NIST) Smart Grid Interoperability Panel (SGIP), Smart Grid Architectural Committee (SGAC) and Cyber Security Working Group committee (SCWG).

Facial recognition software (FRS) is a form of biometric security that detects a face, analyzes it, converts it to data, and then matches it with images in a database. This technology is currently being used in vehicles for safety and convenience features, such as detecting driver fatigue, ensuring ride share drivers are wearing a face covering, or unlocking the vehicle. Public transportation hubs can also use FRS to identify missing persons, intercept domestic terrorism, deter theft, and achieve other security initiatives. However, biometric data is sensitive and there are numerous remaining questions about how to implement and regulate FRS in a way that maximizes its safety and security potential while simultaneously ensuring individual’s right to privacy, data security, and technology-based equality.

In the past, research on blockchain technology has addressed security and privacy concerns within intelligent transportation systems for critical V2I and V2V communications that form the backbone of Internet of Vehicles. Within trucking industry, a recent trend has been observed towards the use of blockchain technology for operations. Industry stakeholders are particularly looking forward to refining status quo contract management and vehicle maintenance processes through blockchains. However, the use of blockchain technology for enhancing vehicle performance in fleets, especially while considering the fact that modern-day intelligent vehicles are prone to cyber security threats, is an area that has attracted less attention. In this paper, we demonstrate a case study that makes use of blockchains to securely optimize the fuel economy of fleets that do package pickup and delivery (P&D) in urban areas.

In recent years, with increase in external connectivity (V2X, telematics, mobile projection, BYOD) the automobile is becoming a target of cyberattacks and intrusions. Any such intrusion reduces customer trust in connected cars and negatively impacts brand image (like the recent Jeep Cherokee hack). To protect against intrusion, several mechanisms are available. These range from a simple secure CAN to a specialized symbiote defense software. A few systems (e.g. V2X) implement detection of an intrusion (defined as a misbehaving entity). However, most of the mechanisms require a system-wide change which adds to the cost and negatively impacts the performance. In this paper, we are proposing a practical and scalable approach to intrusion detection. Some benefits of our approach include use of existing security mechanisms such as TrustZone® and watermarking with little or no impact on cost and performance. In addition, our approach is scalable and does not require any system-wide changes.