Search Results

Technical Paper

Identification and Verification of Attack-Tree Threat Models in Connected Vehicles

2022-12-22

2022-01-7087

As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. ...Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity, Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. ...Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle’s design.

Research Report

Unsettled Issues Regarding Autonomous Vehicles and Open-source Software

2021-04-21

EPR2021009

Unsettled Issues Regarding Autonomous Vehicles and Open-source Software introduces the impact of software in advanced automotive applications, the role of open-source communities in accelerating innovation, and the important topic of safety and cybersecurity. As electronic functionality is captured in software and a bigger percentage of that software is open-source code, some critical challenges arise concerning security and validation.

Research Report

Automated Vehicles and Infrastructure Enablers: Connectivity

2023-06-13

EPR2023013

IOOs and ADS developers agree that cost, communications, interoperability, cybersecurity, operation, maintenance, and other issues undercut efforts to deploy a comprehensive connected infrastructure.

Technical Paper

Secure Deterministic L2/L3 Ethernet Networking for Integrated Architectures

2017-09-19

2017-01-2103

Cybersecurity attacks exploit vulnerabilities related to the increased complexity and connectivity of critical infrastructure systems. ...Network security is a core component of the overall cyber-security and defense-in-depth capability for distributed architectures. Protection mechanism for information, interface and system integrity, communication availability, and data confidentiality are required for design of safe and secure integrated embedded infrastructure.

Technical Paper

Hypervisor Implementation in Vehicle Networks

2020-04-14

2020-01-1334

The hypervisor offers many benefits to the vehicle architecture, both operationally and with cybersecurity. The proposed mitigant provides the structure to partition the various VMs. This allows for the different functions to be managed within their own distinct VM. ...While the cybersecurity applications are numerous, there are also the operational benefits. The hypervisor is designed to not only manage the VMs, but also to increase the efficiency of these via resource management.

Technical Paper

Applying Concolic Testing to the Automotive Domain

2024-04-09

2024-01-2802

Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. ...Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. This is achieved through a Satisfiability Modulo Theory (SMT) solver, which operates on symbolic values for program inputs instead of using their concrete counterparts.

Technical Paper

Integrating Functional and Component-Level Threat Analyses in Automotive Systems: A Holistic Approach to Risk Assessment

2024-04-09

2024-01-2797

This method's detailed approach ensures that cybersecurity requirements can be readily implemented as a part of feature design, addressing the concerns of feature owners directly. ...This paper will discuss the merits of asset based approach to cybersecurity over attack based recognizing the inherent strengths and limitations of both methods and underscores the need for a unified approach.

Technical Paper

A Zero Trust Architecture for Automotive Networks

2024-04-09

2024-01-2793

Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper outlines the strategies and challenges of implementing an automotive Zero Trust Architecture (ZTA) to secure intra-vehicle networks. ...This research successfully met the four requirements and demonstrated that using ZT principles in an on-vehicle network greatly improved the cybersecurity posture with manageable impact to system performance and deployment.

Journal Article

In-Vehicle Diagnostic System for Prognostics and OTA Updates of Automated/Autonomous Vehicles

2020-04-14

2020-01-1373

The paper includes a description of cybersecurity measures to protect the vehicle against malicious attacks.

Technical Paper

Vehicle E/E Architecture and Key Technologies Enabling Software-Defined Vehicle

2024-04-09

2024-01-2035

This paper gives a definition of the SDV concept, provides views from different aspects, discusses the progress in vehicle E/E architecture, especially zone-based architecture with centralized computation, and various technologies including High-Performance Computing (HPC) platform, standardized vehicle software architecture, advanced onboard communication, Over-The-Air (OTA) update, and cybersecurity etc. that collectively enable the realization of SDV.

Research Report

Impact of Electric Vehicle Charging on Grid Energy Buffering

2022-09-26

EPR2022022

Impact of Electric Vehicle Charging on Grid Energy Buffering discusses the unsettled issues and requirements needed to realize the potential of EV batteries for demand response and grid services, such as improved battery management, control strategies, and enhanced cybersecurity. Hybrid and fuel cell EVs have significant potential to act as “peakers” for longer duration buffering, and this approach has the potential to provide all the long-term energy buffering required by a VRE-intensive grid.

Technical Paper

Processing Fuzz Testing Results into an Evidence Report

2023-04-11

2023-01-0039

We also analyze how useful Cybersecurity Assurance Levels (CAL) are in this process and how quantitative as well as qualitative metrics can be utilized as evidence.

Technical Paper

An Intrusion Detection System Based on the Double-Decision-Tree Method for In-Vehicle Network

2023-04-11

2023-01-0044

But unfortunately, automotive cybersecurity researchers hardly produce a comprehensive detection method due to the confidential nature of Controller Area Network (CAN) DBC format files, which is a standard long maintained by car manufacturers.

Technical Paper

Secure Controller Area Network Logging

2021-04-06

2021-01-0136

Practical encryption is an important tool in improving the cybersecurity posture of vehicle data loggers and engineering tools. However, low-cost embedded systems struggle with reliably capturing and encrypting all frames on the vehicle networks.

Journal Article

System Security and System Safety Engineering: Differences and Similarities and a System Security Engineering Process Based on the ISO 26262 Process Framework

2013-04-08

2013-01-1419

Less emphasis has been placed to-date on helping ensure cybersecurity of cyber-physical automotive systems. However, this is changing as both the world and the automotive industry become more aware of the potential ramifications of cyber-attacks on vehicles.

Technical Paper

Security Mechanisms Design for In-Vehicle Network Gateway

2018-04-03

2018-01-0018

With the rapid development of connected vehicles, the cybersecurity has become an important topic in the automotive network. A spoof ECU can be used to hack the automotive network.

Technical Paper

Enabling the security of global time in software-defined vehicles (SGTS, MACsec)

2024-07-02

2024-01-2978

., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384.

Technical Paper

Optimizing CAN Bus Security with In-Place Cryptography

2019-01-16

2019-01-0098

In-vehicle networks used for inter-ECU communication, most commonly the CAN bus, were not designed with cybersecurity in mind, and as a result, communication by corrupt devices connected to the bus is not authenticated.

Technical Paper

Vulnerability analysis of DoIP implementation based on model learning

2024-04-09

2024-01-2807

It is essential to note that cybersecurity threats not only arise from inherent protocol defects but also consider software implementation vulnerabilities.

Technical Paper

Using Ethernet or a Wireless Harness and Named Data Networking in Autonomous Tractor-Trailer Communication

2023-04-11

2023-01-0924

Using a wireless medium for tractor-trailer communication will bring new cybersecurity challenges and requirements which requires new development and lifecycle considerations.