Search Results

The UN R155 regulation is the first automotive cyber security regulation and has made security a mandatory approval criterion for new vehicle types. This establishes internationally harmonized security requirements for market approval. As a result, the application of the regulation presents manufacturers and suppliers with the challenge of demonstrating compliance. At process level the implementation of a Cyber Security Management System (CSMS) is required while at product level, the Threat Assessment and Risk Analysis (TARA) forms the basis to identify relevant threats and corresponding mitigation strategies. Overall, an issued type approval is internationally recognized by the member states of the UN 1958 Agreement. International recognition implies that uniform assessment criteria are applied to demonstrate compliance and to decide whether security efforts are sufficient.

., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384.

The article also focus on innovative approaches that have recently adopted my many cybersecurity professionals for secured operation of ITS involving block-chain, artificial intelligence, and Machine Learning.

Advanced Autonomous Vehicles (AV) for SAE Level 3 and Level 4 functions will lead to a new understanding of the operation phase in the overall product lifecycle. Regulations such as the EU Implementing Act and the German L4 Act (AFGBV) request a continuous field surveillance, the handling of critical E/E faults and software updates during operation. This is required to enhance the Operational Design Domain (ODD) during operation, offering Functions on Demand (FoD), by increasing software features within these autonomous vehicle systems over the entire digital product lifecycle, and to avoid and reduce downtime by a malfunction of the Autonomous Driving (AD) software stack.

Access control enforces security policies for controlling critical resources. For V2X (Vehicle to Everything) autonomous military vehicle fleets, network middleware systems such as ROS (Robotic Operating System) expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or writing expressive policies for distributed fleets. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.

Classic vehicle production had limitations in bringing the driving commands to the actuators for vehicle motion (engine, steering and braking). Steering columns, hydraulic tubes or steel cables needed to be placed between the driver and actuator. Change began with the introduction of e-gas systems. Mechanical cables were replaced by thin, electric signal wires. The technical solutions and legal standardizations for addressing the steering and braking systems, were not defined at this time. Today, OEMs are starting E/E-Architecture transformations for manifold reasons and now have the chance to remove the long hydraulic tubes for braking and the solid metal columns used for steering. X-by-wire is the way forward and allows for higher Autonomous Driving (AD) levels for automated driving vehicles. This offers new opportunities to design the vehicle in-cabin space. This paper will start with the introduction of x-by-wire technologies.

Using a wireless medium for tractor-trailer communication will bring new cybersecurity challenges and requirements which requires new development and lifecycle considerations.

As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. ...Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity, Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. ...Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle’s design.

By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.

Facial recognition software (FRS) is a form of biometric security that detects a face, analyzes it, converts it to data, and then matches it with images in a database. This technology is currently being used in vehicles for safety and convenience features, such as detecting driver fatigue, ensuring ride share drivers are wearing a face covering, or unlocking the vehicle. Public transportation hubs can also use FRS to identify missing persons, intercept domestic terrorism, deter theft, and achieve other security initiatives. However, biometric data is sensitive and there are numerous remaining questions about how to implement and regulate FRS in a way that maximizes its safety and security potential while simultaneously ensuring individual’s right to privacy, data security, and technology-based equality.

Additionally, we go beyond the attack vectors listed in UN-R155 - using our own analysis, experience and insights, we explored other attack vectors that will also affect vehicle cybersecurity.

Ransomware is not a new method of malware infection. This historically had been experienced in the enterprise in nearly every industry. This has been especially problematic in the medical and manufacturing fields. As the attackers saturate the specifically targeted industries, the attackers will expand their target industries. One of these which has not been significantly explored by the ransomware groups are the embedded systems and automobile environment. This set of targets is massive and provides for a vast attack potential. While this has not experienced this attack methodology at length, the research and efforts are creeping towards this as a natural extension of the business. The research focusses on the history of ransomware, uses in the enterprise, possible attack vectors with ground vehicles, and defenses to be explored and implemented to secure automobiles, fleets, and the industries.

Here, we discuss the On-Board Diagnostic (OBD) regulations for next generation BEV/HEV, its vulnerabilities and cybersecurity threats that come with hacking. We propose three cybersecurity attack detection and defense methods: Cyber-Attack detection algorithm, Time-Based CAN Intrusion Detection Method and, Feistel Cipher Block Method. ...These control methods autonomously diagnose a cybersecurity problem in a vehicle’s onboard system using an OBD interface, such as OBD-II when a fault caused by a cyberattack is detected, All of this is achieved in an internal communication network structure.

Their associated information technology and cyber physical systems—along with an exponentially resultant number of interconnections—present a massive cybersecurity challenge. Unlike the physical security challenge, which was treated in earnest throughout the last decades, cyber-attacks on airports keep coming, but most airport lack essential means to confront such cyber-attacks. ...These missing means are not technical tools, but rather holistic regulatory directives, technical and process standards, guides, and best practices for airports cybersecurity—even airport cybersecurity concepts and basic definitions are missing in certain cases. Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity. ...Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity.

With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging, and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.

Day by day, airports adopt more IoT devices. However, airports are not exempt from possible failures due to malware’s proliferation that can abuse vulnerabilities. Computer criminals can access, corrupt, and extract information from individuals or companies. This paper explains the development of a propagation model, which started with a Delphi process. We discuss the preliminary implications for airports of the simulation model built from the Delphi recommendations.

It is deemed that currently the intelligent connected vehicle (ICV) is in its early stage of development, and it will go through multiple development stages in the future to realize its final goal—autonomous driving. Based on the existing ICV researches, this paper believes that ICV can be used to improve the efficiency and safety of freeway. The current research of ICV has two main directions: one focuses on the traffic flow characteristics of vehicles with different attributes, the other is concerned with using ICV to reduce congestion. From the policies issued by countries around the world and the development plans promoted by major vehicle manufacturers, the future development trends and challenges of ICV are analyzed. ICV must overcome all the shortcomings to achieve its final goal, including insufficient hardware capabilities or excessive cost, and the degree of intelligence that needs to be improved.

Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.

Autonomous vehicles might one day be able to implement privacy preserving driving patterns which humans may find too difficult to implement. In order to measure the difference between location privacy achieved by humans versus location privacy achieved by autonomous vehicles, this paper measures privacy as trajectory anonymity, as opposed to single location privacy or continuous privacy. This paper evaluates how trajectory privacy for randomized driving patterns could be twice as effective for autonomous vehicles using diverted paths compared to Google Map API generated shortest paths. The result shows vehicles mobility patterns could impact trajectory and location privacy. Moreover, the results show that the proposed metric outperforms both K-anonymity and KDT-anonymity.

Unmanned ground vehicles (UGVs) may encounter difficulties accommodating environmental uncertainties and system degradations during harsh conditions. However, human experience and onboard intelligence can may help mitigate such cases. Unfortunately, human operators have cognition limits when directly supervising multiple UGVs. Ideally, an automated decision aid can be designed that empowers the human operator to supervise the UGVs. In this paper, we consider a connected UGV platoon under cyber attacks that may disrupt safety and degrade performance. An observer-based resilient control strategy is designed to mitigate the effects of vehicle-to-vehicle (V2V) cyber attacks. In addition, each UGV generates both internal and external evaluations based on the platoons performance metrics. A cloud-based trust-based information management system collects these evaluations to detect abnormal UGV platoon behaviors.