Search Results

Using a wireless medium for tractor-trailer communication will bring new cybersecurity challenges and requirements which requires new development and lifecycle considerations.

Abstract This work introduces the concept of a dual-layer specification structure for standards that separate interoperability functions, such as backward compatibility, localization, and deployment, from those essential to reliability, security, and functionality. The latter group of features, which constitute the actual standard, make up the baseline layer for instructions, while all the elements required for interoperability are specified in a second layer, known as a Protocols, Operations, Usage, and Formats (POUF) document. We applied this technique in the development of a standard for Uptane [1], a security framework for over-the-air (OTA) software updates used in many automobiles. This standard is a good candidate for a dual-layer specification because it requires communication between entities, but does not require a specific format for this communication.

V2X signals are looking up

This exercise confirms the necessity of a more restrictive cybersecurity posture in automotive peripherals with access to critical systems, in particular VDAs, and especially when such peripherals present a wireless interface.

This paper gives a definition of the SDV concept, provides views from different aspects, discusses the progress in vehicle E/E architecture, especially zone-based architecture with centralized computation, and various technologies including High-Performance Computing (HPC) platform, standardized vehicle software architecture, advanced onboard communication, Over-The-Air (OTA) update, and cybersecurity etc. that collectively enable the realization of SDV.

The Commonwealth Center for Advanced Manufacturing (CCAM), a non-profit consortium based in Prince George County, Virginia, uses a 3D visualization lab to expand beyond the walls of its 62,000-square-foot brick and mortar facility and deliver a collaborative development for researchers in industry, academia, and government.

It is essential to note that cybersecurity threats not only arise from inherent protocol defects but also consider software implementation vulnerabilities.

Abstract The importance of in-vehicle network security has increased with an increase in automated and connected vehicles. Hence, many attacks and countermeasures have been proposed to secure the controller area network (CAN), which is an existent in-vehicle network protocol. At the same time, new protocols-such as FlexRay and Ethernet-which are faster and more reliable than CAN have also been proposed. European OEMs have adopted FlexRay as a control network that can perform the fundamental functions of a vehicle. However, there are few studies regarding FlexRay security. In particular, studies on attacks against FlexRay are limited to theoretical studies or simulation-based experiments. Hence, the vulnerability of FlexRay is unclear. Understanding this vulnerability is necessary for the application of countermeasures and improving the security of future vehicles. In this article, we highlight the vulnerability of FlexRay found in the experiments conducted on a real FlexRay network.

Through this work, Wind River and Airbiquity look to enable secure and intelligent software updates and data management for these vehicles through over-the-air (OTA) programming technology. The work may also lead to similar solutions for traditional aerospace and unmanned aircraft system (UAS) industries.

Abstract Vehicular communications face unique security issues in wireless communications. While new vehicles are equipped with a large set of communication technologies, product life cycles are long and software updates are not widespread. The result is a host of outdated and unpatched technologies being used on the street. This has especially severe security impacts because autonomous vehicles are pushing into the market, which will rely, at least partly, on the integrity of the provided information. We provide an overview of the currently deployed communication systems and their security weaknesses and features to collect and compare widely used security mechanisms. In this survey, we focus on technologies that work in an ad hoc manner. This includes Long-Term Evolution mode 4 (LTE-PC5), Wireless Access in Vehicular Environments (WAVE), Intelligent Transportation Systems at 5 Gigahertz (ITS-G5), and Bluetooth.

Join other young professionals in the mobility industry at the COMVEC™ meeting.

Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in current automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, countermeasures and evaluation methods.

Abstract With the adoption of Vehicle-to-everything (V2X) technology, security and privacy of vehicles are paramount. To avoid tracking while preserving vehicle/driver’s privacy, modern vehicular public key infrastructure provision vehicles with multiple short-term pseudonym certificates. However, provisioning a large number of pseudonym certificates can lead to an enormous growth of Certificate Revocation Lists (CRLs) during its revocation process. One possible approach to avoid such CRL growth is by relying on activation code (AC)-based solutions. In such solutions, the vehicles are provisioned with batches of encrypted certificates, which are decrypted periodically via the ACs (broadcasted by the back-end system). When the system detects a revoked vehicle, it simply does not broadcast the respective vehicle’s AC. As a result, revoked vehicles do not receive their respective AC and are prevented from decrypting their certificates.