Search Results

ISO/SAE 21434 Final International Standard was released September 2021 to great fanfare and is the most prominent standard in Automotive Cybersecurity. As members of the Joint Working Group (JWG) we spent 5 years developing the 84 pages of precise wording acceptable to hundreds of contributors, during which time the auto industry had been undergoing a metamorphosis probably unmatched in its hundred-year history. ...The application to an Agile method may require interpreting the standard from another angle, which could involve reordering the sequence of activities and work products, breaking down the acceptable criteria of some work products to allow rapid iterations, and verifications of meta data or intermediate work products. In cybersecurity engineering, the Agile method has its unique strength comparing to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks ...In cybersecurity engineering, the Agile method has its unique strength comparing to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks

CAN bus network proved to be efficient and dynamic for small compact cars as well as heavy-duty vehicles (HDV). However, HDVs are more susceptible to malicious attacks due to lack of security in their intra-vehicle communication protocols. SAE proposed a new standard named J1939-91C for CAN-FD networks which provides methods for establishing trust and securing mutual messages with optional encryption. J1939-91C ensures message authenticity, integrity, and confidentiality by implementing complex cryptographic operations including hash functions and random key generation. In this paper, the three main phases of the proposed standard, i.e., Network Formation, Rekeying, and Message Exchange, are simulated and tested on Electronic Control Units (ECUs) supporting CAN-FD network to evaluate the vehicle system performance such as security overhead (i.e. processing time and network bandwidth).

Access control enforces security policies for controlling critical resources. For V2X autonomous military vehicle fleets, network middleware systems such as ROS expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or adequately supporting access revocation within a distributed fleet. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.

This paper will outline the project progress over its initial two-year lifetime, including: • Development of hardware-based monitoring solutions and supporting software to demonstrate the ability to perform on-chip cyber threat identification and mitigation • Construction of a multi-component testbed representing a flexible and functional in-vehicle architecture for real environment trials to train, test, validate and demonstrate automotive cybersecurity solutions • A vision of what the future will hold when deploying this type of cyber security detection and mitigation solution within connected and autonomous vehicles.

But unfortunately, automotive cybersecurity researchers hardly produce a comprehensive detection method due to the confidential nature of controller area network (CAN) DBC format files, which is a standard long maintained by car manufacturers.

We also analyze how useful Cybersecurity Assurance Levels (CALs) are in this process and how quantitative as well as qualitative metrics can be utilized as evidence.

Furthermore, the mechanism to update the firmware with these offensive capabilities can be done wirelessly, which confirms the necessity for a more restrictive cybersecurity posture on utilizing wireless links for diagnosing vehicles with sensitive missions.

Cybersecurity of high-power charging infrastructure for electric vehicles (EVs) is critical to the safety and re-liability of and consumer confidence in this publicly accessible technology. ...Cybersecurity of high-power charging infrastructure for electric vehicles (EVs) is critical to the safety and re-liability of and consumer confidence in this publicly accessible technology. Cybersecurity vulnerabilities of high-power EV charging infrastructure may also present risks to broader transportation and energy-infrastructure systems. ...This paper details a methodology used to analyze and prioritize high-consequence events that could result from cybersecurity sabotage to high-power charging infrastructure. The highest prioritized events are evaluated under laboratory conditions for severity of impact and complexity of cybersecurity manipulation.

Cybersecurity (CS) is crucial and significantly important in every product that is connected to the network/internet. ...Hence making it very important to guarantee that every single connected device shall have cybersecurity measures implemented to ensure the safety of the entire system. Looking into the forecasted worldwide growth in the Electric Vehicles (EV's) segment , CS researchers have recently identified several vulnerabilities that exist in EV's, EVSE devices, communications to electric vehicles (EVs), and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. ...Additional Processes have been defined in the Process Reference and Assessment Model for the CS Engineering in order to incorporate the cybersecurity related processes in the ASPICE scope. This paper aims at providing a model & brief overview to establish a correlation between the ASPICE, ISO/SAE 21434 and the ISO26262 functional safety standards for development of a secured Cybersecurity Software with all the considerations that an organization can undertake.

Classical vehicle production had over a long period limitation in bringing the driving commands to the actuators for vehicle motion (Engine, Steering, Braking). Steering columns, hydraulic tubes or steel cables needed to be placed between driver and actuator. Change begun with introduction of e-gas systems. Mechanical cables were replaced by thin electric signal wires. For addressing the steering and braking systems, the technical solutions and legal standardizations were not given at this point of time. Nowadays the OEM are starting huge EE-Architecture transformation for manifold reasons and they have the chance to get rid of long hydraulic tubes for braking and solid metal columns for steering. X-by-wire is the keyword, also driven by the plans for higher AD (Autonomous Driving) levels for automated driving vehicles. Driven by new requirement (AD) it also offers new opportunities to design the vehicle in-cabin room.

With the increasing connectivity and complexity of modern automobiles, cybersecurity has become one of the most important properties of a vehicle. Various strategies have been proposed to enhance automotive cybersecurity. ...Various strategies have been proposed to enhance automotive cybersecurity. Digital twin (DT), regarded as one of the top 10 strategic technology trends by Gartner in 2018 and 2019, establishes digital representations in a virtual world and raises new ideas to benefit real-life objects. ...In this paper, we explored the possibility of using digital twin technology to improve automotive cybersecurity. We designed two kinds of digital twin models, named mirror DT and autonomous DT, and corresponding environments to support cybersecurity design, development, and maintenance in an auto's lifecycle, as well as technique training.

The lack of inherent security controls makes traditional controller area network (CAN) buses vulnerable to Machine-In-The-Middle (MITM) cybersecurity attacks. Conventional MITM attacks imply inserting a physical device to split the network and forward data from one side to another.

Additional complicating factors, such as cybersecurity concerns combined with a first responder’s legal authority, may pose challenges for traditional data collection.

The separation of cybersecurity consideration in RMTO in comparison to AV has barely been touched upon, as most available research and consideration has mainly been focused on AV. ...Though security-by-design is still in the infant state within the automotive cybersecurity. For our development, an adaptable security-by-design approach for RMTO will cover Security Engineering Lifecycle, Logical Security Layered Concept, and Security Architecture. ...A Threat Analysis and Risk Assessment (TARA) of the RMTO as defined in the international automotive cybersecurity standard ISO/SAE 21434 and UNECE WP29 would be carried out and a formalization of the highest level of threats discovered in the RMTO system with a corresponding mitigation action.

By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.

As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. ...Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity, Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. ...Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle’s design.

Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.

To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. ...With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process. In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.

Impact of Electric Vehicle Charging on Grid Energy Buffering discusses the unsettled issues and requirements needed to realize the potential of EV batteries for demand response and grid services, such as improved battery management, control strategies, and enhanced cybersecurity. Hybrid and fuel cell EVs have significant potential to act as “peakers” for longer duration buffering, and this approach has the potential to provide all the long-term energy buffering required by a VRE-intensive grid.

Facial recognition software (FRS) is a form of biometric security that detects a face, analyzes it, converts it to data, and then matches it with images in a database. This technology is currently being used in vehicles for safety and convenience features, such as detecting driver fatigue, ensuring ride share drivers are wearing a face covering, or unlocking the vehicle. Public transportation hubs can also use FRS to identify missing persons, intercept domestic terrorism, deter theft, and achieve other security initiatives. However, biometric data is sensitive and there are numerous remaining questions about how to implement and regulate FRS in a way that maximizes its safety and security potential while simultaneously ensuring individual’s right to privacy, data security, and technology-based equality.