Refine Your Search

Topic

Author

Affiliation

Search Results

Technical Paper

Trucking Forward: Intrusion Detection for SAE J1708/J1587 Networks in Heavy-Duty Vehicles

2024-04-09
2024-01-2805
While current cybersecurity endeavors in the heavy-duty (HD) vehicle space focus on securing conventional communication technologies such as the controller area network (CAN), there is a notable deficiency in defensive research concerning legacy technologies, particularly those utilized between trucks and trailers. ...To the best of current knowledge, this publication marks the first presentation of cybersecurity defense research on the SAE J1708/J1587 protocol stack.
Technical Paper

Cyber Security Rating Framework and its Application to J1939-1C Standard

2024-04-09
2024-01-2803
Cyber Security Rating Framework and its Application to J1939-1C Standard Present day automotives are becoming smart and more software driven. Conversely every line of code equals to a possible threat to the vehicle, passenger as well as the OEM. To hit the brakes on the alarming increase in cyber-threats, Government bodies have introduced standards and regulations globally. UNECE's WP.29 R155 & R156 regulations and ISO/SAE 21434 standards are mandatory for all OEMS. However, the gap is a framework and a standard that provides guidance and common criteria for automakers to measure the vehicle's level of compliance and compute a publicly accepted cyber security rating. This paper addresses the above requirement and discusses the Cyber Security Rating Framework (CSRF) that establishes a standard for rating vehicle cyber security by standardizing the measurement criteria, parameter vectors, process and tools.
Technical Paper

A Zero Trust Architecture for Automotive Networks

2024-04-09
2024-01-2793
Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper describes the strategies and challenges involved in securing vehicle networks through the implementation of an automotive Zero Trust Architecture (ZTA). ...This ZTA solution leverages the best cybersecurity practices from the IT industry and preexisting vehicle architecture components. For example, the vehicle gateway electronic control unit (ECU) is utilized to enforce cyber policy, monitor the network, distribute keys, and implement network segmentation. ...This research successfully demonstrates that using Zero Trust principles in an on-vehicle network greatly improves the cybersecurity posture with manageable impact to system performance, cost, and deployment.
Technical Paper

Vehicle E/E Architecture and Key Technologies Enabling Software-Defined Vehicle

2024-04-09
2024-01-2035
This paper gives a definition of the SDV concept, provides views from different aspects, discusses the latest progress in vehicle E/E architecture, especially the centralized and zone-based architecture, and various technologies including High-Performance Computing (HPC) platform, vehicle Operating System (OS), Over-The-Air (OTA) Update, advanced communication, connectivity, cybersecurity, and cloud service, etc. that enable SDV.
Technical Paper

The Interference of Functional Safety and Cyber Security in the Context of Fail-Operational Systems

2024-04-09
2024-01-2808
The development of highly automated driving functions (AD) recently drives the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is rapidly increasing and especially in vehicles with highly automated functions, there is high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who are no longer occupied with driving tasks.
Technical Paper

A Comprehensive Training Approach for Automotive Cybersecurity Engineering

2024-04-09
2024-01-2800
The publication of ISO/SAE DIS 21434 “Road vehicles — Cybersecurity engineering” represents a major step forward for cybersecurity engineering in the automotive domain. ...While ISO/SAE 21434 is the first international standard for automotive cybersecurity there is also a new type approval regulation on automotive cybersecurity (UN R155) for the European market. ...Thus the challenges for embedded automotive systems engineers are increasing while frameworks, tools, and shared concepts for cybersecurity engineering and training are scarce. Furthermore, cybersecurity training in the automotive domain includes very detailed domain knowledge and challenges related to cybersecurity and embedded systems engineering.
Technical Paper

Applying Concolic Testing to the Automotive Domain

2024-04-09
2024-01-2802
Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. ...Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. This is achieved through a Satisfiability Modulo Theory (SMT) solver, which operates on symbolic values for program inputs instead of using their concrete counterparts.
Technical Paper

Integrating Functional and Component-Level Threat Analyses in Automotive Systems: A Holistic Approach to Risk Assessment

2024-04-09
2024-01-2797
This method's detailed approach ensures that cybersecurity requirements can be readily implemented as a part of feature design, addressing the concerns of feature owners directly. ...Unified Threat Modeling: Leveraging techniques from systems engineering and cybersecurity domains to create a single, unified, and analytical threat model that takes into account both functional and component perspectives. 2.
Technical Paper

Vehicle Cyber Engineering (VCE) Test Bed with Cyber Security Labs as a Service (CLaaS)

2024-04-09
2024-01-2796
The VCE Test Beds have been connected with an AWS cloud based “Cyber-Security Labs as a Service “ (CLaaS) system which allows students and researcher to access the test beds from anyplace that they have a secure internet connection. ...VCE students are assigned predefined virtual machines to perform designated cybersecurity experiments. The ClaaS system has a very low administrative overhead associated with experiment setup and management.
Technical Paper

Security Requirements for Vehicle Security Gateways

2024-04-09
2024-01-2806
The NMFTA's Vehicle Cybersecurity Requirements Woking Group (VCRWG), comprised of fleets, OEMs and cybersecurity experts, has worked the past few years to produce security requirements for Vehicle Network Gateways. ...Vehicle Network Gateways play an important role in vehicle cybersecurity they are the component responsible for assuring vehicle network operations in the presence of untrustworthy devices on the aftermarket or diagnostics connectors.
Technical Paper

Evaluating Network Security Configuration (NSC) Practices in Vehicle-related Android Applications

2024-04-09
2024-01-2881
The growth of vehicle connectivity has raised heightened concerns about user security and data privacy. This rise highlights the important role of mobile applications for vehicles, as vehicles not only provide digital convenience but become key to public safety and trust. Despite their importance, these vehicle apps also suffer from the same vulnerabilities that affect the broader Android ecosystem, particularly being susceptible to man-in-the-middle attacks due to insecure custom SSL/TLS implementations. In response, Google introduced the Network Security Configuration (NSC) as a configuration-based solution to improve the security of certificate validation practices. NSC was initially developed to enhance the security of Android applications by providing developers with a framework to customize network security settings. However, recent studies have shown that it is often not being leveraged appropriately to enhance security.
Technical Paper

Automated TARA Framework for Cybersecurity Compliance of Heavy Duty Vehicles

2024-04-09
2024-01-2809
Consequently, rise of this technological trend is bringing forth safety and cybersecurity challenges in form of new threats, hazards and vulnerabilities. As per the recent UN vehicle regulation 155, several risk-based security models and assessment frameworks have been proposed to counter the growing cybersecurity issues, however they lack compliance with the latest requirements of ISO/SAE 21434 standard. ...As per the recent UN vehicle regulation 155, several risk-based security models and assessment frameworks have been proposed to counter the growing cybersecurity issues, however they lack compliance with the latest requirements of ISO/SAE 21434 standard.
Technical Paper

Considerations for Requirements, Specifications, and Framework of a Digital Thread in Aircraft Data Life Cycle Management

2024-03-05
2024-01-1946
In the aerospace community, the digital thread is a powerful concept to facilitate an asset's tracking, analysis, and performance improvement across its entire lifecycle. The digital thread constitutes numerous flows of information as a digital representation of events related to product information throughout the product lifecycle. The digital thread provides the data and structure necessary to obtain data from real-world events and align that data with the virtual design objects and their real-time physical transformations over the object lifecycle stages and as the operational state changes. The number of Unmanned Aircraft Systems (UAS) has been growing over the past few years and will continue to grow at a faster pace in the near future. UAS faces many challenges in certification, airspace management, operations, supply chain, and maintenance.
Technical Paper

Early Lifecycle STPA for Safety and Cybersecurity: MBSE and Digital Engineering Considerations

2024-03-05
2024-01-1948
Systems Theoretic Process Analysis (STPA) is emerging as an excellent methodology for pulling the start of the safety and cybersecurity design activities forward to the concept of operations stage of a project. It is much cheaper to correct fundamental functional and architectural problems in a system design early before the structure of the system gets baked into a rigid form and becomes difficult and expensive to change.
Technical Paper

Integration and Optimization of Geneva Mechanism in the Car Door Handle

2024-01-16
2024-26-0285
The car door handle is an essential component of any vehicle, as it plays a crucial role in providing access to the cabin and ensuring safety of the passenger. The primary function of the car door handle is to allow entry and exit from the vehicle while preventing unauthorized access. In addition to this, car door handles also play a critical role in ensuring passenger safety by keeping the door closed during accidents or when there is a significant amount of G-force acting on the vehicle. A typical car door handle comprises several components including the structure, cover, bowden lever, bracket, pins and other child parts. The structure provides the ergonomics and rigidity for grabbing the handle, while the cover gives the handle an aesthetic appearance. The Bowden lever facilitates the unlatching of the door and the intermediate parts ensure that the handle operates smoothly.
Technical Paper

The Operation Phase as the Currently Underestimated Phase of the (Safety and Legal) Product Lifecycle of Autonomous Vehicles for SAE L3/L4 – Lessons Learned from Existing European Operations and Development of a Deployment and Surveillance Blueprint

2023-12-29
2023-01-1906
Advanced Autonomous Vehicles (AV) for SAE Level 3 and Level 4 functions will lead to a new understanding of the operation phase in the overall product lifecycle. Regulations such as the EU Implementing Act and the German L4 Act (AFGBV) request a continuous field surveillance, the handling of critical E/E faults and software updates during operation. This is required to enhance the Operational Design Domain (ODD) during operation, offering Functions on Demand (FoD), by increasing software features within these autonomous vehicle systems over the entire digital product lifecycle, and to avoid and reduce downtime by a malfunction of the Autonomous Driving (AD) software stack.
Technical Paper

Access Control Requirements for Autonomous Robotic Fleets

2023-04-11
2023-01-0104
Access control enforces security policies for controlling critical resources. For V2X (Vehicle to Everything) autonomous military vehicle fleets, network middleware systems such as ROS (Robotic Operating System) expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or writing expressive policies for distributed fleets. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.
X