Search Results

With the rapid development of connected and autonomous vehicles, more sophisticated automotive systems running large portions of software and implementing a variety of communication interfaces are being developed. The ever-expanding codebase increases the risk for software vulnerabilities, while at the same time the large number of communication interfaces make the systems more susceptible to be targeted by attackers. As such, it is of utmost importance for automotive organizations to identify potential vulnerabilities early and continuously in the development lifecycle in an automated manner. In this paper, we suggest a practical approach for integrating fuzz testing into a Continuous Integration (CI) pipeline for automotive systems. As a first step, we have performed a Threat Analysis and Risk Assessment (TARA) of a general E/E architecture to identify high-risk interfaces and functions.

The caveat to these additional capabilities is issues like cybersecurity, complexity, etc. This paper is an exploration into FuSa and CAVs and will present a systematic approach to understand challenges and propose potential framework, Intelligent Vehicle Monitoring for Safety and Security (IVMSS) to handle faults/malfunctions in CAVs, and specifically autonomous systems.

Facial recognition software (FRS) is a form of biometric security that detects a face, analyzes it, converts it to data, and then matches it with images in a database. This technology is currently being used in vehicles for safety and convenience features, such as detecting driver fatigue, ensuring ride share drivers are wearing a face covering, or unlocking the vehicle. Public transportation hubs can also use FRS to identify missing persons, intercept domestic terrorism, deter theft, and achieve other security initiatives. However, biometric data is sensitive and there are numerous remaining questions about how to implement and regulate FRS in a way that maximizes its safety and security potential while simultaneously ensuring individual’s right to privacy, data security, and technology-based equality.

Here, we discuss the On-Board Diagnostic (OBD) regulations for next generation BEV/HEV, its vulnerabilities and cybersecurity threats that come with hacking. We propose three cybersecurity attack detection and defense methods: Cyber-Attack detection algorithm, Time-Based CAN Intrusion Detection Method and, Feistel Cipher Block Method. ...These control methods autonomously diagnose a cybersecurity problem in a vehicle’s onboard system using an OBD interface, such as OBD-II when a fault caused by a cyberattack is detected, All of this is achieved in an internal communication network structure.

We also analyze how useful Cybersecurity Assurance Levels (CAL) are in this process and how quantitative as well as qualitative metrics can be utilized as evidence.

Although ISO/SAE 21434 recommends the development of an assurance case for cybersecurity, the precise nature of a cybersecurity case is not explicitly defined within the standard. ...In the case of cybersecurity, this problem is exacerbated by the increasing complexity of vehicular onboard systems, their inherent obscurity due to their heterogenous architecture, emergent behaviors, and the disparate motivations and resources of potential threat agents.

With the rapid development of vehicle intelligent and networking technology, the IT security of automotive systems becomes an important area of research. In addition to the basic vehicle control, intelligent advanced driver assistance systems, infotainment systems will all exchange data with in-vehicle network. Unfortunately, current communication network protocols, including Controller Area Network (CAN), FlexRay, MOST, and LIN have no security services, such as authentication or encryption, etc. Therefore, the vehicle are unprotected against malicious attacks. Since CAN bus is actually the most widely used field bus for in-vehicle communications in current automobiles, the security aspects of CAN bus is focused on. Based on the analysis of the current research status of CAN bus network security, this paper summarizes the CAN bus potential security vulnerabilities and the attack means.

By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.

To help address the issue of message authentication on the Controller Area Network (CAN) bus, researchers at Virginia Tech and Ford Motor Company have developed a proof-of-concept time-evolving watermark-based authentication mechanism that offers robust, cryptographically controlled confirmation of a CAN message's authenticity. This watermark is injected as a common-mode signal on both CAN-HI and CAN-LO bus voltages and has been proven using a low-cost software-defined radio (SDR) testbed. This paper extends prior analysis on the design and proof-of-concept to consider robustness testing over the range of voltages, both steady state drifts and transients, as are commonly witnessed within a vehicle. Overall performance results, along with a dynamic watermark amplitude control, validate the concept as being a practical near-term approach at improving authentication confidence of messages on the CAN bus.

In addition, due to the cyber-security risk, the security functions to ensure the integrity of the message has to be considered.

Also, all the existing methods for vehicular communication rely on a centralized server which itself invite massive cyber-security threats. These threats and challenges can be addressed by using the Blockchain (BC) technology, where each transaction is logged in a decentralized immutable BC ledger.

As vehicles become increasingly connected with the external world, they face a growing range of security vulnerabilities. Researchers, hobbyists, and hackers have compromised security keys used by vehicles' electronic control units (ECUs), modified ECU software, and hacked wireless transmissions from vehicle key fobs and tire monitoring sensors. Malware can infect vehicles through Internet connectivity, onboard diagnostic interfaces, devices tethered wirelessly or physically to the vehicle, malware-infected aftermarket devices or spare parts, and onboard Wi-Fi hotspot. Once vehicles are interconnected, compromised vehicles can also be used to attack the connected transportation system and other vehicles. Securing connected vehicles impose a range of unique new challenges. This paper describes some of these unique challenges and presents an end-to-end cloud-assisted connected vehicle security framework that can address these challenges.

With the rapid development of connected vehicles, the cybersecurity has become an important topic in the automotive network. A spoof ECU can be used to hack the automotive network.

Autonomous driving represents the ultimate goal of future automobile development. As a collaborative application that integrates vehicles, road infrastructure, network and cloud, autonomous driving business requires a high-degree dynamic cooperation among multiple resources such as data, computing and communications that are distributed throughout the system. In order to meet the anticipated high demand for resources and performance requirements of autonomous driving, and to ensure the safety and comfort of the vehicle users and pedestrians, a top concern of autonomous driving is to understand the system requirements for resources and conduct an in-depth analysis of the autonomous driving business. In this context, this paper presents a comprehensive analysis of the typical business for autonomous driving and establishes an analysis model for five common capabilities, i.e. collection, transmission, intelligent computing, human-machine interaction (HMI), and security.

It is deemed that currently the intelligent connected vehicle (ICV) is in its early stage of development, and it will go through multiple development stages in the future to realize its final goal—autonomous driving. Based on the existing ICV researches, this paper believes that ICV can be used to improve the efficiency and safety of freeway. The current research of ICV has two main directions: one focuses on the traffic flow characteristics of vehicles with different attributes, the other is concerned with using ICV to reduce congestion. From the policies issued by countries around the world and the development plans promoted by major vehicle manufacturers, the future development trends and challenges of ICV are analyzed. ICV must overcome all the shortcomings to achieve its final goal, including insufficient hardware capabilities or excessive cost, and the degree of intelligence that needs to be improved.

This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.

Advanced Autonomous Vehicles (AV) for SAE Level 3 and Level 4 functions will lead to a new understanding of the operation phase in the overall product lifecycle. Regulations such as the EU Implementing Act and the German L4 Act (AFGBV) request a continuous field surveillance, the handling of critical E/E faults and software updates during operation. This is required to enhance the Operational Design Domain (ODD) during operation, offering Functions on Demand (FoD), by increasing software features within these autonomous vehicle systems over the entire digital product lifecycle, and to avoid and reduce downtime by a malfunction of the Autonomous Driving (AD) software stack.

Unmanned ground vehicles (UGVs) may encounter difficulties accommodating environmental uncertainties and system degradations during harsh conditions. However, human experience and onboard intelligence can may help mitigate such cases. Unfortunately, human operators have cognition limits when directly supervising multiple UGVs. Ideally, an automated decision aid can be designed that empowers the human operator to supervise the UGVs. In this paper, we consider a connected UGV platoon under cyber attacks that may disrupt safety and degrade performance. An observer-based resilient control strategy is designed to mitigate the effects of vehicle-to-vehicle (V2V) cyber attacks. In addition, each UGV generates both internal and external evaluations based on the platoons performance metrics. A cloud-based trust-based information management system collects these evaluations to detect abnormal UGV platoon behaviors.