In agriculture industry, increasing use of Vehicle Internet of Things (IoT), telematics and emerging technologies are resulting in smarter machines with connected solutions. Inter and Intra Communication with vehicle to vehicle and inside vehicle - Electronic Control Unit (ECU) to ECU or ECU (Electronic Control Unit) to sensor, requirement for flow of data increased in-turn resulting in increased need for secure communication. In this paper, we focus on functional verification and validation of secure Controller Area Network (CAN) for intra vehicular communication to establish confidentiality, integrity, authenticity, and freshness of data, supporting safety, advanced automation, protection of sensitive data and IP (Intellectual Property) protection. Network security algorithms and software security processes are the layers supporting to achieve our cause.
In conjunction with an increasing number of related laws and regulations (such as UNECE R155 and ISO 21434), these drive security requirements in different domains and areas. 2 In this paper we examine the upcoming trends in EE architectures and investigate the underlying cyber-security threats and corresponding security requirements that lead to potential requirements for “Automotive Embedded Hardware Trust Anchors” (AEHTA).
Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the elements that are necessary to realize industry-standard cybersecurity controls. ...Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the elements that are necessary to realize industry-standard cybersecurity controls. For example, they may not have hardware cryptographic accelerators, segregated areas of memory for storing keys, or one-time programmable memory areas. ...While the UDS service $27 (Security Access) has a reputation for poor cybersecurity, there is nothing inherent in the way it operates which prevents a secure access-control from being implemented.
Vehicles have more connectivity options now-a-days and these increasing connection options are giving more chances for an intruder to exploit the system. So, the vehicle manufacturers need to make the ECU in the vehicle more secure. To make the system secure, the embedded system must secure all the assets in the system. Examples of assets are Software, Kernel or Operating system, cryptographic Keys, Passwords, user data, etc. In this, securing the Kernel is extremely important as an intruder can even exploit the operating system characteristics just by changing the kernel code without introducing a trojan in the system. Also, the Kernel is the one entity that manages all permissions, so, if the kernel is hacked, these permissions also get compromised. The proposed approach is to make the kernel secure by doing the integrity check periodically of the kernel code loaded into the main memory of the system.
The underlying systems are susceptible to safety and cybersecurity attacks as the involved ECUs are interconnected. The security attacks can lead to disrupting the safe operation of the vehicle while causing injury to the passengers. ...Consequently, the functional safety requirements and cybersecurity requirements can be aligned with each other. In this article, a case study of the application of the THARA framework is presented through the risk analysis of safety and security threats applicable to the rearview camera (RVC) feature of the vehicle.
Passenger vehicles have made astounding technological leaps in recent years. Unfortunately, little of that progress has trickled down to other segments of the transportation industry leaving opportunities for massive gains in safety and performance. In particular, the electric drum brakes on most consumer trailers differ little from those on trailers over 70 years ago. Careful examination of current production passenger vehicle hardware and trailering provided the opportunity to produce a design and test vehicle for a plausible, practical, and performant trailer braking system for the future. This study equips the trailer with high control frequency antilock braking and dynamic torque distribution through use of passenger vehicle grade apply hardware.
In order to enhance customer experience  and to reduce time to market, the manufacturers are constantly in need of being able to update software/firmware of the Electronic Control units (ECU) when the vehicle is in field operations. The updates could be a bug fix or a new feature release. Until the recent years, the updation of software/firmware used to be done using a physical hardwired connection to the Vehicle in a workshop. However, with the element of connectivity being added to the vehicle, the updation of software can be done remotely and wirelessly over the air using a feature called Flash over the air (FOTA)  and Software over the air (SOTA) . In order to safeguard the telematics  ECU from tampering or hacking, the manufacturers are doing away with the ports on the underlying hardware through which manual flashing used to be done. This means that, the only option available to flash or update the ECU is using FOTA/SOTA.
With the development of vehicle intelligence and the Internet of Vehicles, how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently. The Controller Area Network (CAN) bus is currently a very widely used vehicle-mounted bus, and its security largely determines the degree of vehicle-mounted information security. The CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks, modifying attacks, and so on. On the basis of the existing work, this paper proposes an authentication method that combines Hash-based Message Authentication Code (HMAC)-SHA256 and Tiny Encryption Algorithm (TEA) algorithms. This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself as it achieves the identity authentication between the gateway and multiple electronic control units (ECUs).
Ensuring cybersecurity in an ECU network is challenging as there is no centralized authority in the vehicle to provide security as a service. ...While progress has been made to address cybersecurity vulnerabilities, many of these approaches have focused on enterprise, software-centric systems and require more computational resources than typically available for onboard vehicular devices.
This paper proposes a domain-centralized powertrain E/E (electrical and/or electronic) architecture for all-electric vehicles that features: a powerful master controller (domain controller) that implements most of the functionality of the domain; a set of smart actuators for electric motor(s), HV (High Voltage) battery pack, and thermal management; and a gateway that routes all hardware signals, including digital and analog I/O, and field bus signals between the domain controller and the rest of the vehicle that is outside of the domain. Major functional safety aspects of the architecture are presented and a safety architecture is proposed. The work represents an early E/E architecture proposal. In particular, detailed partitioning of software components over the domain’s Electronic Control Units (ECUs) has not been determined yet; instead, potential partitioning schemes are discussed.
Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in current automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, countermeasures and evaluation methods.
Abstract Connecting vehicles to various network services increases the risk of in-vehicle cyberattacks. For automotive industries, the supply chain for assembling a vehicle consists of many different organizations such as component suppliers, system suppliers, and car manufacturers (CMs). Moreover, once a vehicle has shipped from the factory of the CM, resellers, dealers, and owners of the vehicle may add and replace the optional authorized and third-party equipment. Such equipment may have serious security vulnerabilities that may be targeted by a malicious attacker. The key management system of a vehicle must be applicable to all use cases. We propose a novel key management system adaptable to the electronic control unit (ECU) lifecycle of a vehicle. The scope of our system is not only the vehicle product line but also the third-party vendors of automotive accessories and vehicle maintenance facilities, including resellers, dealers, and vehicle users.
Abstract Over the past forty years, the Electronic Control Unit (ECU) technology has grown in both sophistication and volume in the automotive sector, and modern vehicles may comprise hundreds of ECUs. ECUs typically communicate via a bus-based network architecture to collectively support a broad range of safety-critical capabilities, such as obstacle avoidance, lane management, and adaptive cruise control. However, this technology evolution has also brought about risks: if ECU firmware is compromised, then vehicle safety may be compromised. Recent experiments and demonstrations have shown that ECU firmware is not only poorly protected but also that compromised firmware may pose safety risks to occupants and bystanders.
Abstract There are already a number of cybersecurity activities introduced in the development process in the automotive industry. For example, security testing of automotive components is often performed at the late stages of development.
Abstract Modern vehicles integrate Internet of Things (IoT) components to bring value-added services to both drivers and passengers. These components communicate with the external world through different types of interfaces including the on-board diagnostics (OBD-II) port, a mandatory interface in all vehicles in the United States and Europe. While this transformation has driven significant advancements in efficiency and safety, it has also opened a door to a wide variety of cyberattacks, as the architectures of vehicles were never designed with external connectivity in mind, and accordingly, security has never been pivotal in the design. As standardized, the OBD-II port allows not only direct access to the internal network of the vehicle but also installing software on the Electronic Control Units (ECUs).
Abstract Secure boot, although known for more than 20 years, frequent attacks from hackers that show numerous ways to bypass the security mechanism, including electronic control units (ECUs) of the automotive industry. This paper investigates the major causes of security weaknesses of secure boot implementations. Based on penetration test experiences, we start from an attacker’s perspective to identify and outline common implementation weaknesses. Then, from a Tier-One perspective, we analyze challenges in the research and development process of ECUs between original equipment manufacturers (OEMs) and suppliers that amplify the probability of such weakness. The paper provides recommendations to increase the understanding of implementing secure boot securely on both sides and derives a set of reference requirements as a starting point for secure boot ECU requirements.
Abstract Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering.
Abstract The importance of in-vehicle network security has increased with an increase in automated and connected vehicles. Hence, many attacks and countermeasures have been proposed to secure the controller area network (CAN), which is an existent in-vehicle network protocol. At the same time, new protocols-such as FlexRay and Ethernet-which are faster and more reliable than CAN have also been proposed. European OEMs have adopted FlexRay as a control network that can perform the fundamental functions of a vehicle. However, there are few studies regarding FlexRay security. In particular, studies on attacks against FlexRay are limited to theoretical studies or simulation-based experiments. Hence, the vulnerability of FlexRay is unclear. Understanding this vulnerability is necessary for the application of countermeasures and improving the security of future vehicles. In this article, we highlight the vulnerability of FlexRay found in the experiments conducted on a real FlexRay network.
Abstract In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses.