Refine Your Search

Search Results

Viewing 1 to 16 of 16
Technical Paper

Attacking vehicles with ransomware: Watch the horizon

2022-03-29
2022-01-0358
Ransomware use is rampant throughout most industries. With the number of successful ransomware attacks through the industrial economy, this feels like a tsunami of attacks. These attacks seemingly originate from anywhere with an internet connection. There are vast numbers of bad actors creating these attacks, all focused on your systems. With the large number of attacks, it is granted there have been many breaches. While there have been a large number of successful attacks, each attack’s objectives have varied. These have historically been to generate revenue in the form of fees for the decrypt key or a promise not to publish exfiltrated data. The landscape has become saturated with ransomware attacks on consumers and the enterprise. There has been extensive training for staff in an effort to mitigate these issues. The next potential targets are vehicles and ground systems. These, as targets, have not been evaluated via a full risk assessment to the recommended extent.
Technical Paper

UDS Security Access for highly-constrained ECUs

2022-03-29
2022-01-0132
Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the facilities that are necessary to realise industry-standard cybersecurity controls. ...Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the facilities that are necessary to realise industry-standard cybersecurity controls. Such systems must still be protected with a sufficient level of rigor against attackers who wish to modify their operation or extract confidential information from them. ...While the classic UDS service $27 (Security Access) has a reputation for poor cybersecurity, there is nothing inherent in the way it operates which prevents a secure access-control from being implemented.
Technical Paper

Towards Establishing Continuous-X Pipeline Using Modular Software-in-the-Loop Test Environments

2021-09-22
2021-26-0412
Software-in-the-Loop (SiL) test environments are the ideal virtual platforms for enabling continuous-development, -integration, -testing -delivery or -deployment commonly referred as Continuous-X (CX) of the complex functionalities in the current automotive industry. This trend especially is contributed by several factors such as the industry wide standardization of the model exchange formats, interfaces as well as architecture definitions. The approach of frontloading software testing with SiL test environments is predominantly advocated as well as already adopted by various Automotive OEMs, thereby the demand for innovating applicable methods is increasing. However, prominent usage of the existing monolithic architecture for interaction of various elements in the SiL environment, without regarding the separation between functional and non-functional test scope, is reducing the usability and thus limiting significantly the cost saving potential of CX with SiL.
Technical Paper

Deep Learning Based Real Time Vulnerability Fixes Verification Mechanism for Automotive Firmware/Software

2021-04-06
2021-01-0183
Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification.
Technical Paper

Cybersecurity Metrics for Automotive Systems

2021-04-06
2021-01-0138
With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.
Research Report

Unsettled Topics Concerning Automated Driving Systems and the Development Ecosystem

2020-03-17
EPR2020004
With over 100 years of operation, the current automobile industry has settled into an equilibrium with the development of methodologies, regulations, and processes for improving safety. In addition, a nearly $2-trillion market operates in the automotive ecosystem with connections into fields ranging from insurance to advertising. Enabling this ecosystem is a well-honed, tiered supply chain and an established development environment. Autonomous vehicle (AV) technology is a leap forward for the existing automotive industry; now the automobile is expected to manage perception and decision-making tasks. The safety technologies associated with these tasks were presented in an earlier SAE EDGE™ Research Report, “Unsettled Technology Areas in Autonomous Vehicle Test and Validation.”
Research Report

Unsettled Issues in Determining Appropriate Modeling Fidelity for Automated Driving Systems Simulation

2019-12-06
EPR2019007
This SAE EDGE™ Research Report identifies key unsettled issues of interest to the automotive industry regarding the challenges of achieving optimal model fidelity for developing, validating, and verifying vehicles capable of automated driving. Three main issues are outlined that merit immediate interest: First, assuring that simulation models represent their real-world counterparts, how to quantify simulation model fidelity, and how to assess system risk. Second, developing a universal simulation model interface and language for verifying, simulating, and calibrating automated driving sensors. Third, characterizing and determining the different requirements for sensor, vehicle, environment, and human driver models. SAE EDGE™ Research Reports are preliminary investigations of new technologies.
Research Report

Unsettled Topics Concerning Automated Driving Systems and the Transportation Ecosystem

2019-11-05
EPR2019005
Over the last 100 years, the automobile has become integrated in a fundamental way into the broader economy. A broad and deep ecosystem has emerged, and critical components of this ecosystem include insurance, after-market services, automobile retail sales, automobile lending, energy suppliers (e.g., gas stations), medical services, advertising, lawyers, banking, public planners, and law enforcement. These components - which together represent almost $2 trillion of the U.S. economy - are in equilibrium based on the current capabilities of automotive technology. However, the advent of autonomous vehicles (AVs) and technologies like electrification have the potential to significantly disrupt the automotive ecosystem. The critical cog governing the rate and pace of this shift is the management of the test and verification of AVs.
Technical Paper

High Performance Processor Architecture for Automotive Large Scaled Integrated Systems within the European Processor Initiative Research Project

2019-04-02
2019-01-0118
Autonomous driving systems and connected mobility are the next big developments for the car manufacturers and their suppliers during the next decade. To achieve the high computing power needs and fulfill new upcoming requirements due to functional safety and security, heterogeneous processor architectures with a mixture of different core architectures and hardware accelerators are necessary. To tackle this new type of hardware complexity and nevertheless stay within monetary constraints, high performance computers, inspired by state of the art data center hardware, could be adapted in order to fulfill automotive quality requirements. The European Processor Initiative (EPI) research project tries to come along with that challenge for next generation semiconductors. To be as close as possible to series development needs for the next upcoming car generations, we present a hybrid semiconductor system-on-chip architecture for automotive.
Technical Paper

A Blockchain-Backed Database for Qualified Parts

2019-03-19
2019-01-1343
Certain standard parts in the aerospace industry require qualification as a prerequisite to manufacturing, signifying that the manufacturer’s capacity to produce parts consistent with the performance specifications has been audited by a neutral third-party auditor, key customer, and/or group of customers. In at least some cases, a certifying authority provides manufacturers with certificates of qualification which they can then present to prospective customers, and/or lists qualified suppliers in a Qualified Parts List or Qualified Supplier List available from that qualification authority. If this list is in an infrequently updated and/or inconsistently styled format as might be found in a print or PDF document, potential customers wishing to integrate qualification information into their supplier tracking systems must use a potentially error-prone manual process that could lead to later reliance on out-of-date or even forged data.
Technical Paper

Challenges in the Regulatory Framework of Automated Driving

2019-01-09
2019-26-0097
Automated Driving (AD) is foreseen to be one of the major social and technological challenges in the coming years. Many manufacturers are developing new models with cutting-edge functionalities, which are not included in the scope of the current regulatory framework. Apart from demonstrating their know-how and expertise about AD, their willingness to sell their AD models in the European market is accelerating the rule-making system. However, which is the roadmap for the European regulatory framework? Policy makers and regulatory bodies are pushing their boundaries at all levels (national and international) in order to introduce modifications in existing regulations. These regulations will enable the introduction of these new functionalities into the market. Without decreasing the standards of safety and security, the implementation of a clear and harmonized regulatory framework and approval process is extremely needed.
Technical Paper

Information Security Risk Management of Vehicles

2018-04-03
2018-01-0015
The results of this work is allowed to identify a number of cybersecurity threats of the automated security-critical automotive systems, which reduces the efficiency of operation, road safety and system safety. ...According to the evaluating criterion of board electronics, the presence of poorly-protected communication channels, the 75% of the researched modern vehicles do not meet the minimum requirements of cybersecurity due to the danger of external blocking of vital systems. The revealed vulnerabilities of the security-critical automotive systems lead to the necessity of developing methods for mechanical and electronic protection of the modern vehicle. ...The law of normal distribution of the mid-points of the expert evaluation of the cyber-security of a modern vehicle has been determined. Based on the system approach, ranking of the main cybersecurity treats is performed.
Technical Paper

Hardware/Software Co-Design of an Automotive Embedded Firewall

2017-03-28
2017-01-1659
The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
X