Refine Your Search

Topic

Author

Affiliation

Search Results

Technical Paper

Cybersecurity by Agile Design

2023-04-11
2023-01-0035
ISO/SAE 21434 Final International Standard was released September 2021 to great fanfare and is the most prominent standard in Automotive Cybersecurity. As members of the Joint Working Group (JWG) we spent 5 years developing the 84 pages of precise wording acceptable to hundreds of contributors, during which time the auto industry had been undergoing a metamorphosis probably unmatched in its hundred-year history. ...The application to an Agile method may require interpreting the standard from another angle, which could involve reordering the sequence of activities and work products, breaking down the acceptable criteria of some work products to allow rapid iterations, and verifications of meta data or intermediate work products. In cybersecurity engineering, the Agile method has its unique strength comparing to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks ...In cybersecurity engineering, the Agile method has its unique strength comparing to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks
Technical Paper

Evaluation of Vehicle System Performance of an SAE J1939-91C Network Security Implementation

2023-04-11
2023-01-0041
CAN bus network proved to be efficient and dynamic for small compact cars as well as heavy-duty vehicles (HDV). However, HDVs are more susceptible to malicious attacks due to lack of security in their intra-vehicle communication protocols. SAE proposed a new standard named J1939-91C for CAN-FD networks which provides methods for establishing trust and securing mutual messages with optional encryption. J1939-91C ensures message authenticity, integrity, and confidentiality by implementing complex cryptographic operations including hash functions and random key generation. In this paper, the three main phases of the proposed standard, i.e., Network Formation, Rekeying, and Message Exchange, are simulated and tested on Electronic Control Units (ECUs) supporting CAN-FD network to evaluate the vehicle system performance such as security overhead (i.e. processing time and network bandwidth).
Technical Paper

Access Control Mechanisms and Requirements for Autonomous Robotic Fleets

2023-04-11
2023-01-0104
Access control enforces security policies for controlling critical resources. For V2X autonomous military vehicle fleets, network middleware systems such as ROS expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or adequately supporting access revocation within a distributed fleet. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.
Technical Paper

Hardware-Based Cyber Security for Connected Vehicles

2023-04-11
2023-01-0038
This paper will outline the project progress over its initial two-year lifetime, including: • Development of hardware-based monitoring solutions and supporting software to demonstrate the ability to perform on-chip cyber threat identification and mitigation • Construction of a multi-component testbed representing a flexible and functional in-vehicle architecture for real environment trials to train, test, validate and demonstrate automotive cybersecurity solutions • A vision of what the future will hold when deploying this type of cyber security detection and mitigation solution within connected and autonomous vehicles.
Technical Paper

Consequence-Driven Cybersecurity for High Power Electric Vehicle Charging Infrastructure

2023-04-11
2023-01-0047
Cybersecurity of high-power charging infrastructure for electric vehicles (EVs) is critical to the safety and re-liability of and consumer confidence in this publicly accessible technology. ...Cybersecurity of high-power charging infrastructure for electric vehicles (EVs) is critical to the safety and re-liability of and consumer confidence in this publicly accessible technology. Cybersecurity vulnerabilities of high-power EV charging infrastructure may also present risks to broader transportation and energy-infrastructure systems. ...This paper details a methodology used to analyze and prioritize high-consequence events that could result from cybersecurity sabotage to high-power charging infrastructure. The highest prioritized events are evaluated under laboratory conditions for severity of impact and complexity of cybersecurity manipulation.
Technical Paper

Cybersecurity in EV's: Approach for Systematic Secured SW Development through ISO21434 & ASPICE

2023-04-11
2023-01-0046
Cybersecurity (CS) is crucial and significantly important in every product that is connected to the network/internet. ...Hence making it very important to guarantee that every single connected device shall have cybersecurity measures implemented to ensure the safety of the entire system. Looking into the forecasted worldwide growth in the Electric Vehicles (EV's) segment , CS researchers have recently identified several vulnerabilities that exist in EV's, EVSE devices, communications to electric vehicles (EVs), and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. ...Additional Processes have been defined in the Process Reference and Assessment Model for the CS Engineering in order to incorporate the cybersecurity related processes in the ASPICE scope. This paper aims at providing a model & brief overview to establish a correlation between the ASPICE, ISO/SAE 21434 and the ISO26262 functional safety standards for development of a secured Cybersecurity Software with all the considerations that an organization can undertake.
Technical Paper

Challenges with Introduction of X-by-Wire Technologies to Passenger Vehicles and Light Trucks with Respect to Functional Safety, Cybersecurity and Availability

2023-04-11
2023-01-0581
Classical vehicle production had over a long period limitation in bringing the driving commands to the actuators for vehicle motion (Engine, Steering, Braking). Steering columns, hydraulic tubes or steel cables needed to be placed between driver and actuator. Change begun with introduction of e-gas systems. Mechanical cables were replaced by thin electric signal wires. For addressing the steering and braking systems, the technical solutions and legal standardizations were not given at this point of time. Nowadays the OEM are starting huge EE-Architecture transformation for manifold reasons and they have the chance to get rid of long hydraulic tubes for braking and solid metal columns for steering. X-by-wire is the keyword, also driven by the plans for higher AD (Autonomous Driving) levels for automated driving vehicles. Driven by new requirement (AD) it also offers new opportunities to design the vehicle in-cabin room.
Technical Paper

Digital-Twin-Based Approaches and Applications for Improving Automotive Cybersecurity in Different Lifecycle Stages

2023-04-11
2023-01-0036
With the increasing connectivity and complexity of modern automobiles, cybersecurity has become one of the most important properties of a vehicle. Various strategies have been proposed to enhance automotive cybersecurity. ...Various strategies have been proposed to enhance automotive cybersecurity. Digital twin (DT), regarded as one of the top 10 strategic technology trends by Gartner in 2018 and 2019, establishes digital representations in a virtual world and raises new ideas to benefit real-life objects. ...In this paper, we explored the possibility of using digital twin technology to improve automotive cybersecurity. We designed two kinds of digital twin models, named mirror DT and autonomous DT, and corresponding environments to support cybersecurity design, development, and maintenance in an auto's lifecycle, as well as technique training.
Technical Paper

An Adaptable Security-By-Design Approach for Addressing Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle

2023-04-11
2023-01-0579
The separation of cybersecurity consideration in RMTO in comparison to AV has barely been touched upon, as most available research and consideration has mainly been focused on AV. ...Though security-by-design is still in the infant state within the automotive cybersecurity. For our development, an adaptable security-by-design approach for RMTO will cover Security Engineering Lifecycle, Logical Security Layered Concept, and Security Architecture. ...A Threat Analysis and Risk Assessment (TARA) of the RMTO as defined in the international automotive cybersecurity standard ISO/SAE 21434 and UNECE WP29 would be carried out and a formalization of the highest level of threats discovered in the RMTO system with a corresponding mitigation action.
Technical Paper

Research on the Development Path and Policy Recommendations of Vehicle Infrastructure Cooperation

2022-12-22
2022-01-7065
By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.
Technical Paper

Identification and Verification of Attack-Tree Threat Models in Connected Vehicles

2022-12-22
2022-01-7087
As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. ...Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity, Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. ...Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle’s design.
Technical Paper

Enhanced Penetration Testing for Automotive Cybersecurity

2022-12-16
2022-01-7123
Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.
Technical Paper

Common Vulnerability Considerations as an Integral Part of the Automotive Cybersecurity Engineering Process

2022-10-05
2022-28-0304
To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. ...With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process. In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.
Research Report

Impact of Electric Vehicle Charging on Grid Energy Buffering

2022-09-26
EPR2022022
Impact of Electric Vehicle Charging on Grid Energy Buffering discusses the unsettled issues and requirements needed to realize the potential of EV batteries for demand response and grid services, such as improved battery management, control strategies, and enhanced cybersecurity. Hybrid and fuel cell EVs have significant potential to act as “peakers” for longer duration buffering, and this approach has the potential to provide all the long-term energy buffering required by a VRE-intensive grid.
Research Report

Legal Issues Facing Automated Vehicles, Facial Recognition, and Privacy Rights

2022-07-28
EPR2022016
Facial recognition software (FRS) is a form of biometric security that detects a face, analyzes it, converts it to data, and then matches it with images in a database. This technology is currently being used in vehicles for safety and convenience features, such as detecting driver fatigue, ensuring ride share drivers are wearing a face covering, or unlocking the vehicle. Public transportation hubs can also use FRS to identify missing persons, intercept domestic terrorism, deter theft, and achieve other security initiatives. However, biometric data is sensitive and there are numerous remaining questions about how to implement and regulate FRS in a way that maximizes its safety and security potential while simultaneously ensuring individual’s right to privacy, data security, and technology-based equality.
X