Search Results

Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.

Abstract In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses.

A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 ‘Road Vehicles — Cybersecurity Engineering’. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. ...Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. ...Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers.

With the development of vehicle intelligence and the Internet of Vehicles, how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently. The Controller Area Network (CAN) bus is currently a very widely used vehicle-mounted bus, and its security largely determines the degree of vehicle-mounted information security. The CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks, modifying attacks, and so on. On the basis of the existing work, this paper proposes an authentication method that combines Hash-based Message Authentication Code (HMAC)-SHA256 and Tiny Encryption Algorithm (TEA) algorithms. This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself as it achieves the identity authentication between the gateway and multiple electronic control units (ECUs).

Abstract The United Nation Economic Commission for Europe (UNECE) Regulation 155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle’s lifecycle. ...Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. ...An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval.

Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper outlines the strategies and challenges of implementing an automotive Zero Trust Architecture (ZTA) to secure intra-vehicle networks. ...This research successfully met the four requirements and demonstrated that using ZT principles in an on-vehicle network greatly improved the cybersecurity posture with manageable impact to system performance and deployment.

In the “What’s Next for Aerospace and Defense: A Vision for 2050” study, AIA, New York City-based McKinsey & Company, and other industry partners reveal a comprehensive 30-year, Industry 4.0 forecast of air travel and spaceflight based on improvements in automation and digitization, next-generation materials, alternative energy sources and storage, and increased data throughput.

SAE EDGE Research Reports provide examinations significant topics facing mobility industry today including Connected Automated Vehicle Technologies Electrification Advanced Manufacturing

Abstract Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering.

 Sometimes mandatory, often voluntary, security frameworks are created to provide federal and commercial organizations with an effective roadmap for securing information technology (IT) systems. The goal is to reduce risk levels and prevent or mitigate cyberattacks. To accomplish this task, security frameworks typically provide a series of documented, agreed upon, and understood policies, procedures, and processes necessary to secure the confidentiality, integrity, and availability of information systems and data.

The Role of Autonomous Unmanned Ground Vehicle Technologies in Defense Applications Information Warfare - Staying Protected at the Edge Designing Connectivity Solutions for an Electric Aircraft Future Redesigning the Systems Engineering Process to Speed Development of E-Propulsion Aircraft Four RF Technology Trends You Need to Know for Satellite Communication Device Design Manufacturer Reduces Risk and Improves Quality of Military Radar Receivers Instrumentation for Fabrication and Testing of High-Speed Single-Rotor and Compound-Rotor Systems Precision data acquisition is required to generate a comprehensive set of measurements of the blade surface pressures, pitch link loads, hub loads, rotor wakes and performance of high-speed single-rotor and compound-rotor systems to support the development of next-generation rotorcraft.

The Sky is No Longer the Limit Celebrating 75 Years of Air Force Technology Air Force Technology Timeline Leveraging New Technologies for Mil/Aero Electronic Systems MOSA Enclosure Design for Military Systems Three Challenges to 5G's Military Success How to Specify and Select RF Filters Investigation of Requirements and Capabilities of Next-Generation Mine Warfare Unmanned Underwater Vehicles Model-based systems engineering (MBSE) tools, including functional flow block diagrams and functional hierarchies, are used to logically define mine countermeasure (MCM) UUV operations and support the development of alternative concepts of operations. On the Pulsed Laser Ablation of Metals and Semiconductors A comparison of effects across disparate experimental regimes through the study of pulsed laser ablation over several orders of magnitude in pulse duration, fluence, and material properties.

Hundreds of aerospace executives, engineers, scientists, and academics are gathering in London this week for Aerospace Systems and Technology Conference (ASTC) 2018 from SAE International in Warrendale, Pennsylvania. Discussions during the three-day industry event center on the theme of innovating air mobility. Aerospace thought leaders are at ASTC discussing current challenges, the latest enabling technologies, and future opportunities, including those related to urban air mobility (UAM) and supersonic aircraft.

Abstract The automotive industry intends to create new services that involve sharing vehicle control information via a wide area network. In modern vehicles, an in-vehicle network shares information between more than 70 electronic control units (ECUs) inside a vehicle while it is driven. However, such a complicated system configuration can result in security vulnerabilities. The possibility of cyber-attacks on vehicles via external services has been demonstrated in many research projects. As advances in vehicle systems (e.g., autonomous drive) progress, the number of vulnerabilities to be exploited by cyber-attacks will also increase. Therefore, future vehicles need security measures to detect unknown cyber-attacks. We propose anomaly-based intrusion detection to detect unknown cyber-attacks for the Control Area Network (CAN) protocol, which is popular as a communication protocol for in-vehicle networks.

Abstract Over the past forty years, the Electronic Control Unit (ECU) technology has grown in both sophistication and volume in the automotive sector, and modern vehicles may comprise hundreds of ECUs. ECUs typically communicate via a bus-based network architecture to collectively support a broad range of safety-critical capabilities, such as obstacle avoidance, lane management, and adaptive cruise control. However, this technology evolution has also brought about risks: if ECU firmware is compromised, then vehicle safety may be compromised. Recent experiments and demonstrations have shown that ECU firmware is not only poorly protected but also that compromised firmware may pose safety risks to occupants and bystanders.

October 29-31, 2019 │ Novi, MI

October 29-31, 2019 │ Novi, MI

To better inform and equip mobility engineers dealing with these challenges, SAE International has released a new book series from Juan R. Pimentel that explores automated vehicle safety concepts and technologies.

Automated software tools are eliminating weeks, if not months, from the Risk Management Framework (RMF) accreditation process by virtually eliminating the time of the initial hardening while also providing the required documentation. By doing so, technology integrators can significantly reduce the time to build, test, and deploy new technologies in Security Technical Implementation Guide (STIG)-compliant environments.