Refine Your Search

Topic

Author

Affiliation

Search Results

Technical Paper

Common Vulnerability Considerations as an Integral Part of the Automotive Cybersecurity Engineering Process

2022-10-05
2022-28-0304
To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. ...With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process. In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.
Technical Paper

Communication Requirements for Plug-In Electric Vehicles

2011-04-12
2011-01-0866
This paper is the second in the series of documents designed to record the progress of a series of SAE documents - SAE J2836™, J2847, J2931, & J2953 - within the Plug-In Electric Vehicle (PEV) Communication Task Force. This follows the initial paper number 2010-01-0837, and continues with the test and modeling of the various PLC types for utility programs described in J2836/1™ & J2847/1. This also extends the communication to an off-board charger, described in J2836/2™ & J2847/2 and includes reverse energy flow described in J2836/3™ and J2847/3. The initial versions of J2836/1™ and J2847/1 were published early 2010. J2847/1 has now been re-opened to include updates from comments from the National Institute of Standards Technology (NIST) Smart Grid Interoperability Panel (SGIP), Smart Grid Architectural Committee (SGAC) and Cyber Security Working Group committee (SCWG).
Technical Paper

Connected Vehicles - A Testing Approach and Methodology

2021-09-22
2021-26-0450
With the introduction of Connected Vehicles, it is possible to extend the limited horizon of vehicles on the road by collective perceptions, where vehicles periodically share their information with other vehicles and servers using cloud. Nevertheless, by the time the connected vehicle spread expands, it is critical to understand the validation techniques which can be used to ensure a flawless transfer of data and connectivity. Connected vehicles are mainly characterized by the smartphone application which is provided to the end customers to access the connectivity features in the vehicle. The end result which is delivered to the customer is through the integrated telematics unit in the vehicle which communicates through a communication layer with the cloud platform. The cloud server in turn interacts with the final application layer of the mobile application given to the customer.
Technical Paper

Consequence-Driven Cybersecurity for High-Power Electric Vehicle Charging Infrastructure

2023-04-11
2023-01-0047
Cybersecurity of high-power charging infrastructure for electric vehicles (EVs) is critical to the safety, reliability, and consumer confidence in this publicly accessible technology. ...Cybersecurity of high-power charging infrastructure for electric vehicles (EVs) is critical to the safety, reliability, and consumer confidence in this publicly accessible technology. Cybersecurity vulnerabilities in high-power EV charging infrastructure may also present risks to broader transportation and energy-infrastructure systems. ...This paper details a methodology used to analyze and prioritize high-consequence events that could result from cybersecurity sabotage to high-power charging infrastructure. The highest prioritized events are evaluated under laboratory conditions for the severity of impact and the complexity of cybersecurity manipulation.
Technical Paper

Considerations for Requirements and Specifications of a Digital Thread in Aircraft Data Life Cycle Management

2024-03-05
2024-01-1946
The aircraft lifecycle involves thousands of transactions and an enormous amount of data being exchanged across the stakeholders in the aircraft ecosystem. This data pertains to various aircraft life cycle stages such as design, manufacturing, certification, operations, maintenance, and disposal of the aircraft. All participants in the aerospace ecosystem want to leverage the data to deliver insight and add value to their customers through existing and new services while protecting their own intellectual property. The exchange of data between stakeholders in the ecosystem is involved and growing exponentially. This necessitates the need for standards on data interoperability to support efficient maintenance, logistics, operations, and design improvements for both commercial and military aircraft ecosystems. A digital thread defines an approach and a system which connects the data flows and represents a holistic view of an asset data across its lifecycle.
Technical Paper

Contextual Study of Security and Privacy in V2X Communication for Architecture & Networking products

2024-10-17
2024-28-0038
In recent times there has been an upward trend in "Connected Vehicles", which has significantly improved not only the driving experience but also the "ownership of the car". The use of state-of-the-art wireless technologies, such as vehicle-to-everything (V2X) connectivity, is crucial for its dependability and safety. V2X also effectively extends the information flow between the transportation ecosystem pedestrians, public infrastructure (traffic management system) and parking infrastructure, charging and fuel stations, Etc. V2X has a lot of potential to enhance traffic flow, boost traffic safety, and provide drivers and operators with new services. One of the fundamental issues is maintaining trustworthy and quick communication between cars and infrastructure. While establishing stable connectivity, reducing interference, and controlling the fluctuating quality of wireless transmissions, we have to ensure the Security and Privacy of V2I.
Technical Paper

Cyber Security in the Automotive Domain – An Overview

2017-03-28
2017-01-1652
Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Technical Paper

Cybersecurity Approval Criteria: Application of UN R155

2024-07-02
2024-01-2983
The UN R155 regulation is the first automotive cybersecurity regulation and has made security a mandatory approval criterion for new vehicle types. ...These recommendations aim to enhance the comprehensiveness of the security assessment associated with UN R155, fostering a more uniform approach to evaluating cybersecurity in the context of vehicle type approvals.
Journal Article

Cybersecurity Metrics for Automotive Systems

2021-04-06
2021-01-0138
With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging, and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.
Technical Paper

Cybersecurity Rating Framework and Its Application to J1939-91C Standard

2024-04-09
2024-01-2803
UNECE R155 explicitly references ISO/SAE 21434 and mandates a certified cybersecurity management system (CSMS) as a prerequisite for automotive manufacturers to achieve vehicle type approval and sell new vehicle types. ...However, the gap in the CSMS framework is a lack in a standardized system that provides guidance and common criteria for automakers to measure a vehicle’s level of compliance and compute a publicly accepted cybersecurity rating. To help establish increased consumer confidence, OEMs and smart mobility stakeholders could take additional proactive steps to ensure the safety and security of their products. ...This paper addresses the above requirement and discusses the cybersecurity rating framework (CSRF) that could establish a framework for rating vehicle cybersecurity by standardizing the measurement criteria, parameter vectors, process, and tools.
Technical Paper

Cybersecurity Testing and Validation

2017-03-28
2017-01-1655
We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment. ...An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. ...The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels.
Journal Article

Cybersecurity Vulnerabilities for Off-Board Commercial Vehicle Diagnostics

2023-04-11
2023-01-0040
The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic.
Research Report

Cybersecurity and Digital Trust Issues in Connected and Automated Vehicles

2024-04-22
EPR2024009
On the other hand, the potential risks associated with CAV deployment related to technical vulnerabilities are safety and cybersecurity issues that may arise from flawed hardware and software. Cybersecurity and Digital Trust Issues in Connected and Automated Vehicles elaborates on these topics as unsettled cybersecurity and digital trust issues in CAVs and follows with recommendations to fill in the gaps in this evolving field. ...Cybersecurity and Digital Trust Issues in Connected and Automated Vehicles elaborates on these topics as unsettled cybersecurity and digital trust issues in CAVs and follows with recommendations to fill in the gaps in this evolving field. ...This report also highlights the importance of establishing robust cybersecurity protocols and fostering digital trust in these vehicles to ensure safe and secure deployment in our modern transportation system.
Technical Paper

Cybersecurity by Agile Design

2023-04-11
2023-01-0035
ISO/SAE 21434 [1] Final International Standard was released September 2021 to great fanfare and is the most prominent standard in Automotive Cybersecurity. As members of the Joint Working Group (JWG) the authors spent 5 years developing the 84 pages of precise wording acceptable to hundreds of contributors. ...The application to Agile may require interpreting the standard from another angle, which could involve reordering the sequence of activities and work products, breaking down the acceptable criteria of some work products to allow rapid iterations, and verifications of meta data or intermediate work products. In cybersecurity engineering, Agile has its unique strength compared to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks. ...In cybersecurity engineering, Agile has its unique strength compared to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks.
Technical Paper

Cybersecurity in EV’s: Approach for Systematic Secured SW Development through ISO/SAE 21434 & ASPICE

2023-04-11
2023-01-0046
Cybersecurity (CS) is crucial and significantly important in every product that is connected to the network/internet. ...Hence making it very important to guarantee that every single connected device shall have cybersecurity measures implemented to ensure the safety of the entire system. Looking into the forecasted worldwide growth in the electric vehicles (EV’s) segment, CS researchers have recently identified several vulnerabilities that exist in EV’s, electric vehicle supply equipment (EVSE) devices, communications to EVs, and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. ...Additional processes have been defined in the process reference and assessment model for the CS engineering in order to incorporate the cybersecurity related processes in the ASPICE scope. This paper aims at providing a model & brief overview to establish a correlation between the ASPICE, ISO/SAE 21434 and the ISO 26262 functional safety (FS) standards for development of a secured cybersecurity software with all the considerations that an organization can undertake.
X