Search Results

Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.

Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.

To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. ...With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process. In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.

IOOs and ADS developers agree that cost, communications, interoperability, cybersecurity, operation, maintenance, and other issues undercut efforts to deploy a comprehensive connected infrastructure.

Impact of Electric Vehicle Charging on Grid Energy Buffering discusses the unsettled issues and requirements needed to realize the potential of EV batteries for demand response and grid services, such as improved battery management, control strategies, and enhanced cybersecurity. Hybrid and fuel cell EVs have significant potential to act as “peakers” for longer duration buffering, and this approach has the potential to provide all the long-term energy buffering required by a VRE-intensive grid.

Using a wireless medium for tractor-trailer communication will bring new cybersecurity challenges and requirements which requires new development and lifecycle considerations.

In addition, due to the cyber-security risk, the security functions to ensure the integrity of the message has to be considered.

The automotive industry is set for a rapid transformation in the next few years in terms of communication. The kind of growth the automotive industry is poised for in fields of connected cars is both fascinating and alarming at the same time. The communication devices equipped to the cars and the data exchanges done between vehicles to vehicles are prone to a lot of cyber-related attacks. The signals that are sent using Vehicular Adhoc Network (VANET) between vehicles can be eavesdropped by the attackers and it may be used for various attacks such as the man in the middle attack, DOS attack, Sybil attack, etc. These attacks can be prevented using the Blockchain technology, where each transaction is logged in a decentralized immutable Blockchain ledger. This provides authenticity and integrity to the signals. But the use of Blockchain Platforms such as Ethereum has various drawbacks like scalability which makes it infeasible for connected car system.

This paper is the second in the series of documents designed to record the progress of a series of SAE documents - SAE J2836™, J2847, J2931, & J2953 - within the Plug-In Electric Vehicle (PEV) Communication Task Force. This follows the initial paper number 2010-01-0837, and continues with the test and modeling of the various PLC types for utility programs described in J2836/1™ & J2847/1. This also extends the communication to an off-board charger, described in J2836/2™ & J2847/2 and includes reverse energy flow described in J2836/3™ and J2847/3. The initial versions of J2836/1™ and J2847/1 were published early 2010. J2847/1 has now been re-opened to include updates from comments from the National Institute of Standards Technology (NIST) Smart Grid Interoperability Panel (SGIP), Smart Grid Architectural Committee (SGAC) and Cyber Security Working Group committee (SCWG).

Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in current automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, countermeasures and evaluation methods.

In recent years, with increase in external connectivity (V2X, telematics, mobile projection, BYOD) the automobile is becoming a target of cyberattacks and intrusions. Any such intrusion reduces customer trust in connected cars and negatively impacts brand image (like the recent Jeep Cherokee hack). To protect against intrusion, several mechanisms are available. These range from a simple secure CAN to a specialized symbiote defense software. A few systems (e.g. V2X) implement detection of an intrusion (defined as a misbehaving entity). However, most of the mechanisms require a system-wide change which adds to the cost and negatively impacts the performance. In this paper, we are proposing a practical and scalable approach to intrusion detection. Some benefits of our approach include use of existing security mechanisms such as TrustZone® and watermarking with little or no impact on cost and performance. In addition, our approach is scalable and does not require any system-wide changes.

Automotive safety is always the focus of consumers, the selling point of products, the focus of technology. In order to achieve automatic driving, interconnection with the outside world, human-automatic system interaction, the security connotation of intelligent and connected vehicles (ICV) changes: information security is the basis of its security. Functional safety ensures that the system is operating properly. Behavioral safety guarantees a secure interaction between people and vehicles. Passive security should not be weakened, but should be strengthened based on new constraints. In terms of information safety, the threshold for attacking cloud, pipe, and vehicle information should be raised to ensure that ICV system does not fail due to malicious attacks. The cloud is divided into three cloud platforms according to functions: ICVs private cloud, TSP cloud, public cloud.

Vehicles have more connectivity options now-a-days and these increasing connection options are giving more chances for an intruder to exploit the system. So, the vehicle manufacturers need to make the ECU in the vehicle more secure. To make the system secure, the embedded system must secure all the assets in the system. Examples of assets are Software, Kernel or Operating system, cryptographic Keys, Passwords, user data, etc. In this, securing the Kernel is extremely important as an intruder can even exploit the operating system characteristics just by changing the kernel code without introducing a trojan in the system. Also, the Kernel is the one entity that manages all permissions, so, if the kernel is hacked, these permissions also get compromised. The proposed approach is to make the kernel secure by doing the integrity check periodically of the kernel code loaded into the main memory of the system.

Access control enforces security policies for controlling critical resources. For V2X (Vehicle to Everything) autonomous military vehicle fleets, network middleware systems such as ROS (Robotic Operating System) expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or writing expressive policies for distributed fleets. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.

In agriculture industry, increasing use of Vehicle Internet of Things (IoT), telematics and emerging technologies are resulting in smarter machines with connected solutions. Inter and Intra Communication with vehicle to vehicle and inside vehicle - Electronic Control Unit (ECU) to ECU or ECU (Electronic Control Unit) to sensor, requirement for flow of data increased in-turn resulting in increased need for secure communication. In this paper, we focus on functional verification and validation of secure Controller Area Network (CAN) for intra vehicular communication to establish confidentiality, integrity, authenticity, and freshness of data, supporting safety, advanced automation, protection of sensitive data and IP (Intellectual Property) protection. Network security algorithms and software security processes are the layers supporting to achieve our cause.

Autonomous vehicles might one day be able to implement privacy preserving driving patterns which humans may find too difficult to implement. In order to measure the difference between location privacy achieved by humans versus location privacy achieved by autonomous vehicles, this paper measures privacy as trajectory anonymity, as opposed to single location privacy or continuous privacy. This paper evaluates how trajectory privacy for randomized driving patterns could be twice as effective for autonomous vehicles using diverted paths compared to Google Map API generated shortest paths. The result shows vehicles mobility patterns could impact trajectory and location privacy. Moreover, the results show that the proposed metric outperforms both K-anonymity and KDT-anonymity.

Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification.

There continues to be massive advancements in modern connected vehicles and with these advancements, connectivity continues to rapidly become more integral to the way these vehicles are designed and operated. Vehicle connectivity was originally introduced for the purpose of providing software updates to the vehicle’s main system software, and we have seen the adoption of Over The Air updates (OTA) become mainstream with most OEMs. The exploitation of this connectivity is far more reaching than just basic software updates. In the latest vehicles it is possible to update software not just on the main vehicle systems, but to potentially update embedded software in all smart ECUs within the vehicle. Only using the connectivity to push data to the vehicle is not making full use of the potential of this increased connectivity. Being able to collect vehicle data for offline analysis and processing also brings huge benefits to the use of this technology.

Automotive system functionalities spread over a wide range of sub-domains ranging from non-driving related components to complex autonomous driving related components. The requirements to design and develop these components span across software, hardware, firmware, etc. elements. The successful development of these components to achieve the needs from the stockholders requires accurate understanding and traceability of the requirements of these component systems. The high-level customer requirements transformation into low level granularity requires an efficient requirement engineer. The manual understanding of the customer requirements from the requirement documents are influenced by the context and the knowledge gap of the requirement engineer in understanding and transforming the requirements.

By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.