Refine Your Search

Topic

Search Results

Technical Paper

Cybersecurity Testing and Validation

2017-03-28
2017-01-1655
We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment. ...An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. ...The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels.
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Technical Paper

Hypervisor Implementation in Vehicle Networks

2020-04-14
2020-01-1334
The hypervisor offers many benefits to the vehicle architecture, both operationally and with cybersecurity. The proposed mitigant provides the structure to partition the various VMs. This allows for the different functions to be managed within their own distinct VM. ...While the cybersecurity applications are numerous, there are also the operational benefits. The hypervisor is designed to not only manage the VMs, but also to increase the efficiency of these via resource management.
Journal Article

Threat Analysis and Risk Assessment in Automotive Cyber Security

2013-04-08
2013-01-1415
The process of hazard analysis and risk assessment (H&R or HARA) is well-established in standards and methods for functional safety, such as the automotive functional safety standard ISO 26262. Considering the parallel discipline of cyber security, it is necessary to establish an analogous process of threat analysis and risk assessment (T&R) in order to identify potential security attacks and the risk associated with these attacks if they were successful. While functional safety H&R processes could be used for threat analysis, these methods need extension and adaptation to the cyber security domain. This paper describes how such a method has been developed based on the approach described in ISO 26262 and the related MISRA Safety Analysis Guidelines. In particular key differences are described in the understanding of the severity of a security attack, and the factors that contribute to the probability of a successful attack.
Technical Paper

Securing J1939 Communications Using Strong Encryption with FIPS 140-2

2017-03-28
2017-01-0020
Since 2001, all sensitive information of U.S. Federal Agencies has been protected by strong encryption mandated by the Federal Information Processing Standards (FIPS) 140-2 Security Requirements. The requirements specify a formal certification process. The process ensures that validated encryption modules have implemented the standard, and have passed a rigorous testing and review processes. Today, this same strong security protection has become possible for vehicle networks using modern, cost-effective encryption in hardware. This paper introduces the motivation and context for the encryption diagnostics security in terms of all vehicles in general, not just trucks which use SAE J1939 communications. Several practical scenarios for using such encryption hardware and the advantages of using hardware compared to software private-key encryption and public-key encryption are described.
Technical Paper

Investigation of Vehicular Networks and its Main Security Issues

2014-04-01
2014-01-0336
Vehicular Network is an emerging and developing technology to improve traffic management and safety issues, and enable a wide range of value-added services such as collision warning/avoidance. Many applications have been designed to provide safety and comfort for passengers. This technology is a prolific area for attackers who will attempt to challenge the network with their malicious or rational attacks. In this paper we elaborate what a vehicular network is, different kinds of communication in this field, main mechanism and related parts and how vehicular networks work then we introduce some of its applications. After primary familiarity with this system we investigate to different type of attacker, more important security issues, How to secure vehicular networks (security requirements and some tools and methods to achieve secure vehicular networks), difficulties and providing viable security solutions, and at the end briefly explanation of related standards.
Technical Paper

Securing the Secret Key

2019-01-16
2019-01-0097
Recent advances in automotive technologies have paved way to a new era of connectivity. Advanced Driver Assistance Systems are getting deployed in automobiles; many companies are developing driverless cars; connected cars are no more a work of mere research. [1] Vehicle manufacturers are developing ways to interface mobile devices with vehicles. However, all these advances in technology has introduced security risks. Unlike traditional computing systems, the security risk of an automobile can be fatal and can result in loss of lives [2]. The in-vehicle network of an automobile was originally designed to operate in a closed environment and hence network security was not considered during its design [3]. Several studies have already shown that an in-vehicle network can be easily compromised and an intruder can take full control of the vehicle. Researchers are working on various ways to solve this problem. Securing the in-vehicle communication by encrypting the messages is one such way.
Technical Paper

Challenges in the Regulatory Framework of Automated Driving

2019-01-09
2019-26-0097
Automated Driving (AD) is foreseen to be one of the major social and technological challenges in the coming years. Many manufacturers are developing new models with cutting-edge functionalities, which are not included in the scope of the current regulatory framework. Apart from demonstrating their know-how and expertise about AD, their willingness to sell their AD models in the European market is accelerating the rule-making system. However, which is the roadmap for the European regulatory framework? Policy makers and regulatory bodies are pushing their boundaries at all levels (national and international) in order to introduce modifications in existing regulations. These regulations will enable the introduction of these new functionalities into the market. Without decreasing the standards of safety and security, the implementation of a clear and harmonized regulatory framework and approval process is extremely needed.
Research Report

Unsettled Legal Issues Facing Automated Vehicles

2020-02-28
EPR2020005
This SAE EDGE Research Report explores the many legal issues raised by the advent of automated vehicles. While promised to bring major changes to our lives, there are significant legal challenges that have to be overcome before they can see widespread use. A century’s worth of law and regulation were written with only human drivers in mind, meaning they have to be amended before machines can take the wheel. Everything from key federal safety regulations down to local parking laws will have to shift in the face of AVs. This report undertakes an examination of the AV laws of Nevada, California, Michigan, and Arizona, along with two failed federal AV bills, to better understand how lawmakers have approached the technology. States have traditionally regulated a great deal of what happens on the road, but does that still make sense in a world with AVs? Would the nascent AV industry be able to survive in a world with fifty potential sets of rules?
Technical Paper

Integrating STPA into ISO 26262 Process for Requirement Development

2017-03-28
2017-01-0058
Developing requirements for automotive electric/electronic systems is challenging, as those systems become increasingly software-intensive. Designs must account for unintended interactions among software features, combined with unforeseen environmental factors. In addition, engineers have to iteratively make architectural tradeoffs and assign responsibilities to each component in the system to accommodate new safety requirements as they are revealed. ISO 26262 is an industry standard for the functional safety of automotive electric/electronic systems. It specifies various processes and procedures for ensuring functional safety, but does not limit the methods that can be used for hazard and safety analysis. System Theoretic Process Analysis (STPA) is a new technique for hazard analysis, in the sense that hazards are caused by unsafe interactions between components (including humans) as well as component failures and faults.
Research Report

Unsettled Technology Opportunities for Vehicle Health Management and the Role for Health-Ready Components

2020-03-17
EPR2020003
Game-changing opportunities abound for the application of vehicle health management (VHM) across multiple transportation-related sectors, but key unresolved issues continue to impede progress. VHM technology is based upon the broader field of advanced analytics. Much of traditional analytics efforts to date have been largely descriptive in nature and offer somewhat limited value for large-scale enterprises. Analytics technology becomes increasingly valuable when it offers predictive results or, even better, prescriptive results, which can be used to identify specific courses of action. It is this focus on action which takes analytics to a higher level of impact, and which imbues it with the potential to materially impact the success of the enterprise. Artificial intelligence (AI), specifically machine learning technology, shows future promise in the VHM space, but it is not currently adequate by itself for high-accuracy analytics.
Technical Paper

Foreseeable Misuse in Automated Driving Vehicles - The Human Factor in Fatal Accidents of Complex Automation

2017-03-28
2017-01-0059
Today, highly automated driving is paving the road for full autonomy. Highly automated vehicles can monitor the environment and make decisions more accurately and faster than humans to create safer driving conditions while ultimately achieving full automation to relieve the driver completely from participating in driving. As much as this transition from advanced driving assistance systems to fully automated driving will create frontiers for re-designing the in-vehicle experience for customers, it will continue to pose significant challenges for the industry as it did in the past and does so today. As we transfer more responsibility, functionality and control from human to machine, technologies become more complex, less transparent and making constant safe-guarding a challenge. With automation, potential misuse and insufficient system safety design are important factors that can cause fatal accidents, such as in TESLA autopilot incident.
Technical Paper

Megatrends - Connectivity and Automation Expanding the Boundaries of Personal Mobility: Technology Leadership Brief

2012-10-08
2012-01-9026
Personal mobility is being transformed by the advent of vehicle connectivity and automation. While significant individually, their interrelationships promise to bring unprecedented levels of traffic efficiency. Car-makers are talking about a crash-less society and transportation engineers are talking about the end of congestion - a tall order indeed: can this really be? In this decade we can expect to see the effects of sensor-based active safety systems bringing the crash rate down, as these technologies continue to expand across a wider range of vehicle models. Connectivity for infotainment purposes is already a major market driver, and control assist for convenience purposes is laying the groundwork for semi-automated and automated driving. Direct vehicle-vehicle connectivity opens up new capabilities. What is the government role in these developments - an essential player or a bystander? How can they enable or inhibit market activity in these domains?
Research Report

Unsettled Impacts of Integrating Automated Electric Vehicles into a Mobility-as-a-Service Ecosystem and Effects on Traditional Transportation and Ownership

2019-12-20
EPR2019004
The current business model of the automotive industry is based on individual car ownership, yet new ridesharing companies such as Uber and Lyft are well capitalized to invest in large, commercially operated, on-demand mobility service vehicle fleets. Car manufacturers like Tesla want to incorporate personal car owners into part-time fleet operation by utilizing the company’s fleet service. These robotaxi fleets can be operated profitably when the technology works in a reliable manner and regulators allow driverless operation. Although Mobility-as-a-Service (MaaS) models of private and commercial vehicle fleets can complement public transportation models, they may contribute to lower public transportation ridership and thus higher subsidies per ride. This can lead to inefficiencies in the utilization of existing public transportation infrastructure.
Journal Article

Chip and Board Level Digital Forensics of Cummins Heavy Vehicle Event Data Recorders

2020-04-14
2020-01-1326
Crashes involving Cummins powered heavy vehicles can damage the electronic control module (ECM) containing heavy vehicle event data recorder (HVEDR) records. When ECMs are broken and data cannot be extracted using vehicle diagnostics tools, more invasive and low-level techniques are needed to forensically preserve and decode HVEDR data. A technique for extracting non-volatile memory contents using non-destructive board level techniques through the available in-circuit debugging port is presented. Additional chip level data extraction techniques can also provide access to the HVEDR data. Once the data is obtained and preserved in a forensically sound manner, the binary record is decoded to reveal typical HVDER data like engine speed, vehicle speed, accelerator pedal position, and other status data. The memory contents from the ECM can be written to a surrogate and decoded with traditional maintenance and diagnostic software.
Technical Paper

Enabling Efficient Functional Safety Audits - The Missing Link between ISO 26262 and Automotive SPICE

2019-04-02
2019-01-0144
In the field of electric and electronic (E/E) design for the automotive industry, there are separate traditions related to functional safety and software quality assurance. Both relying on the evaluation of the processes used; Automotive SPICE provides detailed guidance on how to perform this evaluation whilst ISO 26262 does not and simply mention Automotive SPICE as one possible solution. ISO 26262 additionally requires for an evaluation of the functional safety achieved by the product and uses the process evaluation (or functional safety audit in ISO 26262 terms) to support the final functional safety assessment. The purpose is to evaluate the implementation of the necessary safety processes according to the claimed scope defined in the safety plan. Automotive SPICE does not make a distinction on whether the application of the software under evaluation is safety related or not.
Technical Paper

Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling

2018-04-03
2018-01-0014
Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians. Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated. In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack.
Technical Paper

Modelify: Semi-Automatic Conversion of Control Systems C Code to Simulink Models

2016-04-05
2016-01-0020
Over the last decade, the automotive industry has embraced model-based development for control systems. Many of these companies have chosen Simulink from MathWorks to design and simulate these models. However, a remaining issue is the fact that many control systems were initially written in C and are still being used. Some companies have attempted to manually convert these C systems to Simulink models but have found this method to be too costly, error-prone, and time consuming. EnSoft decided to tackle this problem by providing a semi-automated conversion using our Atlas for C tool. Atlas is a tool that maps software and creates a relation map for all parts of the program. It then offers the developer tools to query and visualize this graph. We have developed Modelify, a tool built on this framework that performs the necessary queries on a C project and creates equivalent Simulink models and subsystems.
X