Search Results

Therefore, engineers should ensure that systems are designed free of unreasonable risks to motor vehicle safety, including those that may result due to existence of potential cybersecurity vulnerabilities. The automotive industry is making vehicle cybersecurity an organizational priority.

The focus of this training is on the cybersecurity lifecycle for automotive products. In addition to a brief refresher on the content of the standard, important aspects of ISO/SAE 21434 that play an important role along the automotive lifecycle are discussed in detail. ...Starting with the topic "Culture & Competence", through cybersecurity planning to audits and assessments and post-development activities. The learning concept provides a holistic methodology geared toward the automotive ecosystem. 

The ever-increasing networking and automation of vehicles make cybersecurity a core requirement for future vehicles and their components. Automobile manufacturers and suppliers are confronted with new requirements that address the cybersecurity of vehicle IT/OT.

Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. ...Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. This is achieved through a Satisfiability Modulo Theory (SMT) solver, which operates on symbolic values for program inputs instead of using their concrete counterparts.

Abstract The United Nation Economic Commission for Europe (UNECE) Regulation 155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle’s lifecycle. ...Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. ...An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval.

We also analyze how useful Cybersecurity Assurance Levels (CAL) are in this process and how quantitative as well as qualitative metrics can be utilized as evidence.

Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.

Honda airs it out Honda's aerodynamic and NVH development gets a breath of fresh air from its first full-scale wind tunnel in North America. Two-wheeled tech: The latest in motorcycle applications Drawing heavily from automotive advances, the latest in connectivity, safety and convenience are infiltrating the moto world. Nobium: magic metal for battery anodes? Increased cell capacity and rapid recharging in thermal extremes are potential benefits of electrode chemistries fortified by the humble element Nb. Editorial Reconsidering hybrids Supplier Eye Preparing for a lumpy EV transition SAE WCX 2022: ICE won't melt amid shift to EVs ICE life-extension: searching for more solutions Stellantis' Hurricane is coming Bringing back the hot hatch: 2023 Toyota GR Corolla 2022 Jeep Grand Cherokee plugs in Q&A Eunjoo Hopkins, vehicle synthesis manager for the 2022 Jeep Grand Cherokee 4xe, talks about meeting vehicle-integration "science goals" for the hybridized 2022 Grand Cherokee.

To help address the issue of message authentication on the Controller Area Network (CAN) bus, researchers at Virginia Tech and Ford Motor Company have developed a proof-of-concept time-evolving watermark-based authentication mechanism that offers robust, cryptographically controlled confirmation of a CAN message's authenticity. This watermark is injected as a common-mode signal on both CAN-HI and CAN-LO bus voltages and has been proven using a low-cost software-defined radio (SDR) testbed. This paper extends prior analysis on the design and proof-of-concept to consider robustness testing over the range of voltages, both steady state drifts and transients, as are commonly witnessed within a vehicle. Overall performance results, along with a dynamic watermark amplitude control, validate the concept as being a practical near-term approach at improving authentication confidence of messages on the CAN bus.

With the rapid development of connected and autonomous vehicles, more sophisticated automotive systems running large portions of software and implementing a variety of communication interfaces are being developed. The ever-expanding codebase increases the risk for software vulnerabilities, while at the same time the large number of communication interfaces make the systems more susceptible to be targeted by attackers. As such, it is of utmost importance for automotive organizations to identify potential vulnerabilities early and continuously in the development lifecycle in an automated manner. In this paper, we suggest a practical approach for integrating fuzz testing into a Continuous Integration (CI) pipeline for automotive systems. As a first step, we have performed a Threat Analysis and Risk Assessment (TARA) of a general E/E architecture to identify high-risk interfaces and functions.

Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in current automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, countermeasures and evaluation methods.

Abstract There are already a number of cybersecurity activities introduced in the development process in the automotive industry. For example, security testing of automotive components is often performed at the late stages of development.

This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.

As a promising strategic industry group that is rapidly evolving around the world, autonomous vehicle is entering a critical phase of commercialization from demonstration to end markets. The global automotive industry and governments are facing new common topics and challenges brought by autonomous vehicle, such as how to test, assess, and administrate the autonomous vehicle to ensure their safe running in real traffic situations and proper interactions with other road users. Starting from the facts that the way to autonomous driving is the process of a robot or a machine taking over driving tasks from a human. This paper summarizes the main characteristics of autonomous vehicle which are different from traditional one, then demonstrates the limitations of the existing certification mechanism and related testing methods when applied to autonomous vehicle.

The paper includes a description of cybersecurity measures to protect the vehicle against malicious attacks.

The scope of this SAE Recommended Practice is to require the use of the same Security Services as defined by the International Standard ISO/CD 15764, modified by the Class of Security as determined by the resource provider and referenced in Table 1, Extended Data Link Security References.

Editorial The consolidation plot thickens The Navigator As the world turns to C-V2X, Europe picks WiFi Complexity of Autonomous-Systems Simulation, Validation Soars to the Clouds Scalable, cloud-based architectures are gaining greater acceptance for simulating and testing the myriad development aspects of automated driving. Connectivity Solutions for AVs The promises of fully connected autonomous vehicles are great, but so are the challenges. What M&E Can Teach the AV Industry About Data Media & entertainment offers important learnings on data retention, management, scalability and security. The Rodney Dangerfield of Automated-Driving Sensors Radar and lidar get all the attention, but Inertial Measurement Units are the backbone of sensor fusion. Suppliers are scrambling to make IMUs more accurate-and much less expensive. The Sense-itive Side of Autonomous Vehicles BASF is exploring how specific materials-and even paint colors and finishes-can improve the capabilities of AV sensors.

Editorial Trust, testing and transition SAE Standards News SAE updates J3016 automated-driving graphic View from a Visionary Chris Urmson helped give birth to vehicle autonomy. His company, Aurora, is leading the technology to maturity and widespread adoption. Extending EV Range Using AV Programming Intelligent programming of autonomous electric vehicles offers potentially big energy savings, according to a study by IAV. Intel Study: Autonomous Vehicles Expected to be Common-in 50 Years New U.S. consumer survey sees most Americans "expect" AVs, though many currently fear the technology. Europe's Latest AV Testing Facilities Key for Swift Autonomous Adoption The need for data sharing and commonality in burgeoning AV technologies is bringing new meaning to the words 'proving grounds.' End Public 'Shadow' Driving! The best way to test and train AI for autonomous vehicles is through proper simulation, systems engineering, and an end-state scenario matrix.

Abstract In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases, and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive electronic control unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench, and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.

As an annual subscription, the Wiley Cyber Security Collection Add-On is available for purchase along with one or both of the following: Wiley Aerospace Collection Wiley Automotive Collection The titles from the Wiley Cyber Security Collection are included in the SAE MOBILUS® eBook Package. Titles: Network Forensics Penetration Testing Essentials Security in Fixed and Wireless Networks, 2nd Edition The Network Security Test Lab: A Step-by-Step Guide Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition Computer Security Handbook, Set, 6th Edition Threat Modeling: Designing for Security Other available Wiley collections: Wiley SAE MOBILUS eBook Package Wiley Aerospace Collection Wiley Automotive Collection Wiley Computer Systems Collection Add-On (purchasable with the Wiley Aerospace Collection and/or the Wiley Automotive Collection)