Search Results

Abstract The secure boot has successfully protected systems from executing untrusted software (SW), but low-power controllers lack sufficient time to check every memory cell while satisfying real-time functional safety requirements. Automotive controllers need to maintain security through multiple cycles of remote, unsupervised operation and safely reach a secure state when an anomaly is detected. To accelerate the boot time, we propose Sliced Secure Boot: build fingerprints by slicing orthogonally through memory blocks, protect each cell with a reusable fingerprint using a reproducible pattern with sufficient entropy, and randomly check one fingerprint pattern during boot. We do not claim that sampling offers equivalent protection to exhaustive checks but demonstrate that careful sampling can provide a sufficient level of detection while maintaining compatibility with both startup time and functional safety requirements.

This exercise confirms the necessity of a more restrictive cybersecurity posture in automotive peripherals with access to critical systems, in particular VDAs, and especially when such peripherals present a wireless interface.

The new generation vehicles these days are managed by networked controllers. A large portion of the networks is planned with more security which has recently roused researchers to exhibit various attacks against the system. This paper talks about the liabilities of the Controller Area Network (CAN) inside In-vehicle communication protocol and a few potentials that could take due advantage of it. Moreover, this paper presents a few security measures proposed in the present examination status to defeat the attacks. In any case, the fundamental objective of this paper is to feature a comprehensive methodology known as Intrusion Detection System (IDS), which has been a significant device in getting network data in systems over many years. To the best of our insight, there is no recorded writing on a through outline of IDS execution explicitly in the CAN transport network system.

Using a wireless medium for tractor-trailer communication will bring new cybersecurity challenges and requirements which requires new development and lifecycle considerations.

We also analyze how useful Cybersecurity Assurance Levels (CAL) are in this process and how quantitative as well as qualitative metrics can be utilized as evidence.

CAN bus network proved to be efficient and dynamic for small compact cars as well as heavy-duty vehicles (HDV). However, HDVs are more susceptible to malicious attacks due to lack of security in their intra-vehicle communication protocols. SAE proposed a new standard named J1939-91C for CAN-FD networks which provides methods for establishing trust and securing mutual messages with optional encryption. J1939-91C ensures message authenticity, integrity, and confidentiality by implementing complex cryptographic operations including hash functions and random key generation. In this paper, the three main phases of J1939-91C, i.e., Network Formation, Rekeying, and Message Exchange, are simulated and tested on Electronic Control Units (ECUs) supporting CAN-FD network. Numerous test vectors were generated and validated to support SAE J1939-91C. The mentioned vectors were produced by simulating different encryption and hashing algorithms with variable message and key lengths.

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic.

Cybersecurity (CS) is crucial and significantly important in every product that is connected to the network/internet. ...Hence making it very important to guarantee that every single connected device shall have cybersecurity measures implemented to ensure the safety of the entire system. Looking into the forecasted worldwide growth in the electric vehicles (EV’s) segment, CS researchers have recently identified several vulnerabilities that exist in EV’s, electric vehicle supply equipment (EVSE) devices, communications to EVs, and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. ...Additional processes have been defined in the process reference and assessment model for the CS engineering in order to incorporate the cybersecurity related processes in the ASPICE scope. This paper aims at providing a model & brief overview to establish a correlation between the ASPICE, ISO/SAE 21434 and the ISO 26262 functional safety (FS) standards for development of a secured cybersecurity software with all the considerations that an organization can undertake.

Breathing Life into Artificial Intelligence and Next Generation Autonomous Aerospace Systems Robotic Rotational Molding Creates New Opportunities for Military and Aerospace Applications Rim-Driven Electric Aircraft Propulsion High-Speed Midwave Infrared Cameras Enable Military Test Range Tracking System What Today's Advances in Radar Technology Mean for Testing and Training Tackling Ruggedization Challenges for RF Communications in Software Defined Radios AUVSI XPONENTIAL 2023 The Blueprint for Autonomy Multi-Scale Structuring of the Polar Ionosphere Understanding a radically new sensing capability for polar ionospheric science introduced by observational evidence recently provided by the electronically steerable Resolute Bay Incoherent Scatter Radar (RISR). Stepped-Frequency Distributed Radar for Through-the-Wall Sensing A technical analysis of the effectiveness of distributed radar for through-the-wall sensing applications.

This document applies to the development of Plans for integrating and managing electronic components in equipment for the military and commercial aerospace markets; as well as other ADHP markets that wish to use this document. Examples of electronic components, as described in this document, include resistors, capacitors, diodes, integrated circuits, hybrids, application specific integrated circuits, wound components, and relays. It is critical for the Plan owner to review and understand the design, materials, configuration control, and qualification methods of all “as-received” electronic components, and their capabilities with respect to the application; identify risks, and where necessary, take additional action to mitigate the risks. The technical requirements are in Clause 3 of this standard, and the administrative requirements are in Clause 4.

This document applies to the development of Plans for integrating and managing COTS assemblies in electronic equipment and Systems for the commercial, military, and space markets; as well as other ADHP markets that wish to use this document.

Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.

This document describes a set of recommended actions to take to increase the likelihood of safe vehicle operation when a device (external test equipment, data collection device, etc.) whose normal operation has been compromised by a source external to the vehicle is connected to the vehicle’s diagnostic system. The term “diagnostic system” is intended to be a generic way to reference all the different ways that diagnostic commands might be injected into the system. The guidance in this document is intended to improve security without significantly impacting the ability for franchised dealer or independent aftermarket external test tools to perform legitimate diagnosis and maintenance functions. The goal is that intrusive services are only allowed to be performed when the vehicle is in a Safe State such that even if the intrusive service were to be initiated with adversarial intent the consequences of such a service would still be acceptable.

The flexible data rate capability in CAN (commonly called CAN FD) is implemented as a transport layer in order to allow for functional safety, cybersecurity, extended transport capability, and backward compatibility with SAE J1939DA.

An Holistic Approach to Verifying Cybersecurity in Design A powerful new generation of test and sim solutions aims to address specific security concerns associated with automotive designs.

This document describes a process for use by ADHP integrators of EEE parts and sub-assemblies (items) that have been targeted for other applications. This document does not describe specific tests to be conducted, sample sizes to be used, nor results to be obtained; instead, it describes a process to define and accomplish application-specific qualification; that provides confidence to both the ADHP integrators, and the integrators’ customers, that the item will performs its function(s) reliably in the ADHP application.

Honda airs it out Honda's aerodynamic and NVH development gets a breath of fresh air from its first full-scale wind tunnel in North America. Two-wheeled tech: The latest in motorcycle applications Drawing heavily from automotive advances, the latest in connectivity, safety and convenience are infiltrating the moto world. Nobium: magic metal for battery anodes? Increased cell capacity and rapid recharging in thermal extremes are potential benefits of electrode chemistries fortified by the humble element Nb. Editorial Reconsidering hybrids Supplier Eye Preparing for a lumpy EV transition SAE WCX 2022: ICE won't melt amid shift to EVs ICE life-extension: searching for more solutions Stellantis' Hurricane is coming Bringing back the hot hatch: 2023 Toyota GR Corolla 2022 Jeep Grand Cherokee plugs in Q&A Eunjoo Hopkins, vehicle synthesis manager for the 2022 Jeep Grand Cherokee 4xe, talks about meeting vehicle-integration "science goals" for the hybridized 2022 Grand Cherokee.

To help address the issue of message authentication on the Controller Area Network (CAN) bus, researchers at Virginia Tech and Ford Motor Company have developed a proof-of-concept time-evolving watermark-based authentication mechanism that offers robust, cryptographically controlled confirmation of a CAN message's authenticity. This watermark is injected as a common-mode signal on both CAN-HI and CAN-LO bus voltages and has been proven using a low-cost software-defined radio (SDR) testbed. This paper extends prior analysis on the design and proof-of-concept to consider robustness testing over the range of voltages, both steady state drifts and transients, as are commonly witnessed within a vehicle. Overall performance results, along with a dynamic watermark amplitude control, validate the concept as being a practical near-term approach at improving authentication confidence of messages on the CAN bus.

With the rapid development of connected and autonomous vehicles, more sophisticated automotive systems running large portions of software and implementing a variety of communication interfaces are being developed. The ever-expanding codebase increases the risk for software vulnerabilities, while at the same time the large number of communication interfaces make the systems more susceptible to be targeted by attackers. As such, it is of utmost importance for automotive organizations to identify potential vulnerabilities early and continuously in the development lifecycle in an automated manner. In this paper, we suggest a practical approach for integrating fuzz testing into a Continuous Integration (CI) pipeline for automotive systems. As a first step, we have performed a Threat Analysis and Risk Assessment (TARA) of a general E/E architecture to identify high-risk interfaces and functions.