Search Results

COMVEC™ conference is the only North American event that addresses vehicles and equipment spanning on-highway, off-highway, agricultural, construction, industrial, military, and mining sectors.

If you are not able to attend WCX 2022 in-person, you will have the opportunity to join a selected number of live technical and executive discussions online that will advance your skill set in propulsion, connectivity security and safety as well as the business of technology.

Reviewer Acknowledgment

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

This SAE Recommended Practice establishes a uniform practice for protecting vehicle components from "unauthorized" access through a vehicle data link connector (DLC). The document defines a security system for motor vehicle and tool manufacturers. It will provide flexibility to tailor systems to the security needs of the vehicle manufacturer. The vehicle modules addressed are those that are capable of having solid state memory contents accessed or altered through the data link connector. Improper memory content alteration could potentially damage the electronics or other vehicle modules; risk the vehicle compliance to government legislated requirements; or risk the vehicle manufacturer's security interests. This document does not imply that other security measures are not required nor possible.

Ransomware is not a new method of malware infection. This historically had been experienced in the enterprise in nearly every industry. This has been especially problematic in the medical and manufacturing fields. As the attackers saturate the specifically targeted industries, the attackers will expand their target industries. One of these which has not been significantly explored by the ransomware groups are the embedded systems and automobile environment. This set of targets is massive and provides for a vast attack potential. While this has not experienced this attack methodology at length, the research and efforts are creeping towards this as a natural extension of the business. The research focusses on the history of ransomware, uses in the enterprise, possible attack vectors with ground vehicles, and defenses to be explored and implemented to secure automobiles, fleets, and the industries.

Abstract The expansion of the internet has made everyone’s personal and professional lives more transparent. There are network security issues because people like sharing resources under the right conditions. Academics have demonstrated significant interest in situation awareness, which includes situation prediction, situation appraisal, and event detection, rather than focusing on the security of a single device in the network. Multi-stage attack forecasting and security situation awareness are two significant issues for network supervisors because the future usually is unknown. Hence, this study suggests combined intuitionistic fuzzy sets and deep neural network (CIFS-DNN) for network security situation prediction. The goal is to provide network administrators with a resource they can use as a point of reference while they formulate and carry out preventive actions in the event of a network assault.

Abstract ICVs are expected to make the transportation safer, cleaner, and more comfortable in the near future. However, the trend of connectivity has greatly increased the attack surfaces of vehicles, which makes in-vehicle networks more vulnerable to cyberattacks which then causes serious security and safety issues. In this article, we therefore systematically analyzed cyberattacks and corresponding countermeasures for in-vehicle networks of intelligent and connected vehicles (ICVs). Firstly, we analyzed the security risk of ICVs and proposed an in-vehicle network model from a hierarchical point of view. Then, we discussed possible cyberattacks at each layer of proposed network model.

This SAE Aerospace Recommended Practice (ARP) provides insights on how to perform a Cost Benefit Analysis (CBA) to determine the Return on Investment (ROI) that would result from implementing a blockchain solution to a new or an existing business process. The word “blockchain” refers to a method of documenting when data transactions occur using a distributed ledger with desired immutable qualities. The scope of the current document is on enterprise blockchain which gives the benefit of standardized cryptography, legal enforceability and regulatory compliance. The document analyzes the complexity involved with this technology, lists some of the different approaches that can be used for conducting a CBA, and differentiates its analysis depending on whether the application uses a public or a private distributed network.

Abstract Connected vehicles and intelligent transportation systems are currently evolving into highly interconnected digital environments. Due to the interconnectivity of different systems and complex communication flows, a joint risk analysis for combining safety and security from a system perspective does not yet exist. We introduce a novel method for joint risk assessment in the automotive sector as a combination of the Diamond Model, Failure Mode and Effects Analysis (FMEA), and Factor Analysis of Information Risk (FAIR). These methods have been sequentially composed, which results in a comprehensive risk management approach to information security in an intelligent transport system (ITS). The Diamond Model serves to identify and structurally describe threats and scenarios, the widely accepted FMEA provides threat analysis by identifying possible error combinations, and FAIR provides a quantitative estimation of probabilities for the frequency and magnitude of risk events.

This SAE Information Report J2931/7 establishes the security requirements for digital communication between Plug-In Electric Vehicles (PEV), the Electric Vehicle Supply Equipment (EVSE) and the utility, ESI, Advanced Metering Infrastructure (AMI) and/or Home Area Network (HAN).

Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper. Examples are: Creating a new key fob Re-flashing ECU firmware Reading/exporting PII out of the ECU Using a subscription-based feature Performing some service on an ECU Transferring ownership of the vehicle Some of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive.

The new generation vehicles these days are managed by networked controllers. A large portion of the networks is planned with more security which has recently roused researchers to exhibit various attacks against the system. This paper talks about the liabilities of the Controller Area Network (CAN) inside In-vehicle communication protocol and a few potentials that could take due advantage of it. Moreover, this paper presents a few security measures proposed in the present examination status to defeat the attacks. In any case, the fundamental objective of this paper is to feature a comprehensive methodology known as Intrusion Detection System (IDS), which has been a significant device in getting network data in systems over many years. To the best of our insight, there is no recorded writing on a through outline of IDS execution explicitly in the CAN transport network system.

Abstract In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases, and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive electronic control unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench, and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.

This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.

Introduction to Managing Energy Data: The Internet of Things (IoT) revolution (eg. the vast spread of smart meters worldwide) is generating massive amounts of energy data, drastically transforming the sector and current energy systems. This digital transformation gives rise to more intelligent ways of managing energy and brings about opportunities for energy companies to improve their business models and services. This course contains a brief introduction to the topics presented in the course, from smart meters and smart metering data to data science.

This SAE Information Report J2836 establishes the instructions for the documents required for the variety of potential functions for PEV communications, energy transfer options, interoperability and security. This includes the history, current status and future plans for migrating through these documents created in the Hybrid Communication and Interoperability Task Force, based on functional objective (e.g., (1) if I want to do V2G with an off-board inverter, what documents and items within them do I need, (2) What do we intend for V3 of SAE J2953, …).

Abstract The innovations of vehicle connectivity have been increasing dramatically to enhance the safety and user experience of driving, while the rising numbers of interfaces to the external world also bring security threats to vehicles. Many security countermeasures have been proposed and discussed to protect the systems and services against attacks. To provide an overview of the current states in this research field, we conducted a systematic mapping study (SMS) on the topic area “security countermeasures of in-vehicle communication systems.” A total of 279 papers are identified based on the defined study identification strategy and criteria. We discussed four research questions (RQs) related to the security countermeasures, validation methods, publication patterns, and research trends and gaps based on the extracted and classified data. Finally, we evaluated the validity threats and the whole mapping process.