Search Results

A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 ‘Road Vehicles — Cybersecurity Engineering’. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. ...Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. ...Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers.

With the development of vehicle intelligence and the Internet of Vehicles, how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently. The Controller Area Network (CAN) bus is currently a very widely used vehicle-mounted bus, and its security largely determines the degree of vehicle-mounted information security. The CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks, modifying attacks, and so on. On the basis of the existing work, this paper proposes an authentication method that combines Hash-based Message Authentication Code (HMAC)-SHA256 and Tiny Encryption Algorithm (TEA) algorithms. This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself as it achieves the identity authentication between the gateway and multiple electronic control units (ECUs).

This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. ...Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. ...As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges.

Consequently, rise of this technological trend is bringing forth safety and cybersecurity challenges in form of new threats, hazards and vulnerabilities. As per the recent UN vehicle regulation 155, several risk-based security models and assessment frameworks have been proposed to counter the growing cybersecurity issues, however, the high budgetary cost to develop the tool and train personnel along with high risk of leakage of trade secrets, hinders the automotive manufacturers from adapting these third party solutions. ...As per the recent UN vehicle regulation 155, several risk-based security models and assessment frameworks have been proposed to counter the growing cybersecurity issues, however, the high budgetary cost to develop the tool and train personnel along with high risk of leakage of trade secrets, hinders the automotive manufacturers from adapting these third party solutions.

With the introduction of Connected Vehicles, it is possible to extend the limited horizon of vehicles on the road by collective perceptions, where vehicles periodically share their information with other vehicles and servers using cloud. Nevertheless, by the time the connected vehicle spread expands, it is critical to understand the validation techniques which can be used to ensure a flawless transfer of data and connectivity. Connected vehicles are mainly characterized by the smartphone application which is provided to the end customers to access the connectivity features in the vehicle. The end result which is delivered to the customer is through the integrated telematics unit in the vehicle which communicates through a communication layer with the cloud platform. The cloud server in turn interacts with the final application layer of the mobile application given to the customer.

The article also focus on innovative approaches that have recently adopted my many cybersecurity professionals for secured operation of ITS involving block-chain, artificial intelligence, and Machine Learning.

In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.

With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging, and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.

Automotive system functionalities spread over a wide range of sub-domains ranging from non-driving related components to complex autonomous driving related components. The requirements to design and develop these components span across software, hardware, firmware, etc. elements. The successful development of these components to achieve the needs from the stockholders requires accurate understanding and traceability of the requirements of these component systems. The high-level customer requirements transformation into low level granularity requires an efficient requirement engineer. The manual understanding of the customer requirements from the requirement documents are influenced by the context and the knowledge gap of the requirement engineer in understanding and transforming the requirements.

Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification.

With the increasing connectivity and complexity of modern automobiles, cybersecurity has become one of the most important properties of a vehicle. Various strategies have been proposed to enhance automotive cybersecurity. ...Various strategies have been proposed to enhance automotive cybersecurity. Digital twin (DT), regarded as one of the top 10 strategic technology trends by Gartner in 2018 and 2019, establishes digital representations in a virtual world and raises new ideas to benefit real-life objects. ...In this paper, we explored the possibility of using digital twin technology to improve automotive cybersecurity. We designed two kinds of digital twin models, named mirror DT and autonomous DT, and corresponding environments to support cybersecurity design, development, and maintenance in an auto’s lifecycle, as well as technique training.

The global time that is propagated and synchronized in vehicle E/E architecture is used in safety-critical, security-critical and time-critical applications. The cybersecurity attacks on the global time result in false time, accuracy degradation and DoS as stated in IETF RFC 7384.

A ranked list of value exchanges is created based on the impact of cybersecurity on the stakeholder map. System level-losses are identified from high impact value exchanges, which can then be fed into the step 1 of STPA-Sec analysis.

Autonomous vehicles might one day be able to implement privacy preserving driving patterns which humans may find too difficult to implement. In order to measure the difference between location privacy achieved by humans versus location privacy achieved by autonomous vehicles, this paper measures privacy as trajectory anonymity, as opposed to single location privacy or continuous privacy. This paper evaluates how trajectory privacy for randomized driving patterns could be twice as effective for autonomous vehicles using diverted paths compared to Google Map API generated shortest paths. The result shows vehicles mobility patterns could impact trajectory and location privacy. Moreover, the results show that the proposed metric outperforms both K-anonymity and KDT-anonymity.

CAN bus network proved to be efficient and dynamic for small compact cars as well as heavy-duty vehicles (HDV). However, HDVs are more susceptible to malicious attacks due to lack of security in their intra-vehicle communication protocols. SAE proposed a new standard named J1939-91C for CAN-FD networks which provides methods for establishing trust and securing mutual messages with optional encryption. J1939-91C ensures message authenticity, integrity, and confidentiality by implementing complex cryptographic operations including hash functions and random key generation. In this paper, the three main phases of J1939-91C, i.e., Network Formation, Rekeying, and Message Exchange, are simulated and tested on Electronic Control Units (ECUs) supporting CAN-FD network. Numerous test vectors were generated and validated to support SAE J1939-91C. The mentioned vectors were produced by simulating different encryption and hashing algorithms with variable message and key lengths.

In conjunction with an increasing number of related laws and regulations (such as UNECE R155 and ISO 21434), these drive security requirements in different domains and areas. 2 In this paper we examine the upcoming trends in EE architectures and investigate the underlying cyber-security threats and corresponding security requirements that lead to potential requirements for “Automotive Embedded Hardware Trust Anchors” (AEHTA).

The hypervisor offers many benefits to the vehicle architecture, both operationally and with cybersecurity. The proposed mitigant provides the structure to partition the various VMs. This allows for the different functions to be managed within their own distinct VM. ...While the cybersecurity applications are numerous, there are also the operational benefits. The hypervisor is designed to not only manage the VMs, but also to increase the efficiency of these via resource management.

As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. ...Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity, Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. ...Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle’s design.

Additionally, we go beyond the attack vectors listed in UN-R155 - using our own analysis, experience and insights, we explored other attack vectors that will also affect vehicle cybersecurity.

The car door handle is an essential component of any vehicle, as it plays a crucial role in providing access to the cabin and ensuring safety of the passenger. The primary function of the car door handle is to allow entry and exit from the vehicle while preventing unauthorized access. In addition to this, car door handles also play a critical role in ensuring passenger safety by keeping the door closed during accidents or when there is a significant amount of G-force acting on the vehicle. A typical car door handle comprises several components including the structure, cover, bowden lever, bracket, pins and other child parts. The structure provides the ergonomics and rigidity for grabbing the handle, while the cover gives the handle an aesthetic appearance. The Bowden lever facilitates the unlatching of the door and the intermediate parts ensure that the handle operates smoothly.