Search Results

Abstract In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases, and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive electronic control unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench, and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.

Abstract Vehicle-to-Vehicle (V2V) communication is a vehicular communication technology to reduce traffic accidents and congestion. To protect V2V communication, multiple security standards have been developed. This article provides an overview of the China V2V security draft standard and compares it to the American IEEE1609.2 V2V standard and to the Security Credential Management System (SCMS). The article provides an overview of the Chinese cryptographic algorithms used in the China V2V standard, and points out differences in the certificate format, such as the lack of implicit certificates in the China V2V standard. The China V2V PKI architecture is similar to the American SCMS, however, the Chinese system utilizes a set of Root Certificate Authorities (CA) that are trusted via an out-of-band channel whereas the American SCMS supports elector-based addition and revocation of Root CAs.

This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.

Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification.

There continues to be massive advancements in modern connected vehicles and with these advancements, connectivity continues to rapidly become more integral to the way these vehicles are designed and operated. Vehicle connectivity was originally introduced for the purpose of providing software updates to the vehicle’s main system software, and we have seen the adoption of Over The Air updates (OTA) become mainstream with most OEMs. The exploitation of this connectivity is far more reaching than just basic software updates. In the latest vehicles it is possible to update software not just on the main vehicle systems, but to potentially update embedded software in all smart ECUs within the vehicle. Only using the connectivity to push data to the vehicle is not making full use of the potential of this increased connectivity. Being able to collect vehicle data for offline analysis and processing also brings huge benefits to the use of this technology.

Abstract Vehicle to Everything (V2X) allows vehicles, pedestrians, and infrastructure to share information for the purpose of preventing accidents, enhancing road safety, and improving the efficiency and energy consumption of transportation. Although V2X messages are authenticated, their content is not validated. Sensor errors or adversarial attacks can cause messages to be perturbed and, therefore, increase the likelihood of traffic jams, compromise the decision process of other vehicles, or provoke fatal crashes. In this article, we introduce V2X Core Anomaly Detection System (VCADS), a system based on the theory presented in [1] and built for the fields provided in the periodic messages shared across vehicles (i.e., Basic Safety Messages, BSMs). VCADS uses physics-based models to constrain the values in each field and detect anomalies by finding the numerical difference between a field and independent derivations of the same field.

Introduction to Managing Energy Data: The Internet of Things (IoT) revolution (eg. the vast spread of smart meters worldwide) is generating massive amounts of energy data, drastically transforming the sector and current energy systems. This digital transformation gives rise to more intelligent ways of managing energy and brings about opportunities for energy companies to improve their business models and services. This course contains a brief introduction to the topics presented in the course, from smart meters and smart metering data to data science.

This SAE Information Report J2836 establishes the instructions for the documents required for the variety of potential functions for PEV communications, energy transfer options, interoperability and security. This includes the history, current status and future plans for migrating through these documents created in the Hybrid Communication and Interoperability Task Force, based on functional objective (e.g., (1) if I want to do V2G with an off-board inverter, what documents and items within them do I need, (2) What do we intend for V3 of SAE J2953, …).

Abstract The innovations of vehicle connectivity have been increasing dramatically to enhance the safety and user experience of driving, while the rising numbers of interfaces to the external world also bring security threats to vehicles. Many security countermeasures have been proposed and discussed to protect the systems and services against attacks. To provide an overview of the current states in this research field, we conducted a systematic mapping study (SMS) on the topic area “security countermeasures of in-vehicle communication systems.” A total of 279 papers are identified based on the defined study identification strategy and criteria. We discussed four research questions (RQs) related to the security countermeasures, validation methods, publication patterns, and research trends and gaps based on the extracted and classified data. Finally, we evaluated the validity threats and the whole mapping process.

Automotive system functionalities spread over a wide range of sub-domains ranging from non-driving related components to complex autonomous driving related components. The requirements to design and develop these components span across software, hardware, firmware, etc. elements. The successful development of these components to achieve the needs from the stockholders requires accurate understanding and traceability of the requirements of these component systems. The high-level customer requirements transformation into low level granularity requires an efficient requirement engineer. The manual understanding of the customer requirements from the requirement documents are influenced by the context and the knowledge gap of the requirement engineer in understanding and transforming the requirements.

Abstract Over the past forty years, the Electronic Control Unit (ECU) technology has grown in both sophistication and volume in the automotive sector, and modern vehicles may comprise hundreds of ECUs. ECUs typically communicate via a bus-based network architecture to collectively support a broad range of safety-critical capabilities, such as obstacle avoidance, lane management, and adaptive cruise control. However, this technology evolution has also brought about risks: if ECU firmware is compromised, then vehicle safety may be compromised. Recent experiments and demonstrations have shown that ECU firmware is not only poorly protected but also that compromised firmware may pose safety risks to occupants and bystanders.

By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.

Abstract Vehicular communications face unique security issues in wireless communications. While new vehicles are equipped with a large set of communication technologies, product life cycles are long and software updates are not widespread. The result is a host of outdated and unpatched technologies being used on the street. This has especially severe security impacts because autonomous vehicles are pushing into the market, which will rely, at least partly, on the integrity of the provided information. We provide an overview of the currently deployed communication systems and their security weaknesses and features to collect and compare widely used security mechanisms. In this survey, we focus on technologies that work in an ad hoc manner. This includes Long-Term Evolution mode 4 (LTE-PC5), Wireless Access in Vehicular Environments (WAVE), Intelligent Transportation Systems at 5 Gigahertz (ITS-G5), and Bluetooth.

As an annual subscription, the Wiley Cyber Security Collection Add-On is available for purchase along with one or both of the following: Wiley Aerospace Collection Wiley Automotive Collection The titles from the Wiley Cyber Security Collection are included in the SAE MOBILUS® eBook Package. Titles: Network Forensics Penetration Testing Essentials Security in Fixed and Wireless Networks, 2nd Edition The Network Security Test Lab: A Step-by-Step Guide Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition Computer Security Handbook, Set, 6th Edition Threat Modeling: Designing for Security Other available Wiley collections: Wiley SAE MOBILUS eBook Package Wiley Aerospace Collection Wiley Automotive Collection Wiley Computer Systems Collection Add-On (purchasable with the Wiley Aerospace Collection and/or the Wiley Automotive Collection)

The scope of this SAE Recommended Practice is to require the use of the same Security Services as defined by the International Standard ISO/CD 15764, modified by the Class of Security as determined by the resource provider and referenced in Table 1, Extended Data Link Security References.

This Technical Governance is part of the SAE UCS Architecture Library and is primarily concerned with the UCS Architecture Model (AS6518) starting at Revision A and its user extensions. Users of the Model may extend it in accordance with AS6513 to meet the needs of their UCS Products. UCS Products include software components, software configurations and systems that provide or consume UCS services. For further information, refer to AS6513 Revision A or later. Technical Governance is part of the UCS Architecture Framework. This framework governs the UCS views expressed as Packages and Diagrams in the UCS Architecture Model.

This aerospace standard outlines the minimum requirements for the quality assurance program of a distributor of new aircraft or aerospace parts and material. It is designed to aid in the surveillance and accreditation of a distributor who procures new parts and materials and resells these products to customers or other distributors in the aviation or aerospace industry, i.e., a PASS THROUGH distributor. This standard may be used to determine the adequacy and implementation of the distributor’s quality assurance program.

Editorial The consolidation plot thickens The Navigator As the world turns to C-V2X, Europe picks WiFi Complexity of Autonomous-Systems Simulation, Validation Soars to the Clouds Scalable, cloud-based architectures are gaining greater acceptance for simulating and testing the myriad development aspects of automated driving. Connectivity Solutions for AVs The promises of fully connected autonomous vehicles are great, but so are the challenges. What M&E Can Teach the AV Industry About Data Media & entertainment offers important learnings on data retention, management, scalability and security. The Rodney Dangerfield of Automated-Driving Sensors Radar and lidar get all the attention, but Inertial Measurement Units are the backbone of sensor fusion. Suppliers are scrambling to make IMUs more accurate-and much less expensive. The Sense-itive Side of Autonomous Vehicles BASF is exploring how specific materials-and even paint colors and finishes-can improve the capabilities of AV sensors.

Truck Tech War! Ford, GM, and Ram arm their profit-pumping half-ton pickups for the 2020s' efficiency battle. Mobility mecca: WCX 2018 Provocative thought leaders, emerging disruptors, and the industry's best networking and career guidance all under one big roof: the 2018 SAE World Congress Experience is coming April 10-12. Mercedes adopts Harman UX for A-Class The 'smart' architecture is capable of OTA updates and features more-accurate voice recognition. Spark of genius Mazda's Skyactiv-X-the nexus of gasoline and diesel tech-remains on track for 2019 production. We test-drive recent prototypes to check development status. Taking aim at the drowsy-driver threat Hyundai Mobis is leveraging Level 4 tech to move 'departed' drivers safely off the road. Editorial: Fear and loathing on the path to Level 4 driving Supplier Eye Variability, risk and the value stream The Navigator How will automated vehicles deal with potholes?

This document describes a process for use by ADHP integrators of EEE parts and sub-assemblies (items) that have been targeted for other applications. This document does not describe specific tests to be conducted, sample sizes to be used, nor results to be obtained; instead, it describes a process to define and accomplish application-specific qualification; that provides confidence to both the ADHP integrators, and the integrators’ customers, that the item will performs its function(s) reliably in the ADHP application.