Refine Your Search

Topic

Search Results

Viewing 1 to 17 of 17
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Technical Paper

Research on Vehicle Cybersecurity Based on Dedicated Security Hardware and ECDH Algorithm

2017-09-23
2017-01-2005
Vehicle cybersecurity consists of internal security and external security. Dedicated security hardware will play an important role in car’s internal and external security communication. ...For certain AURIX MCU consisting of HSM, the experiment result shows that cheaper 32-bit HSM’s AES calculating speed is 25 times of 32-bit main controller, so HSM is an effective choice to realize cybersecurity. After comparing two existing methods that realize secure CAN communication, A Modified SECURE CAN scheme is proposed, and differences of the three schemes are analyzed.
Technical Paper

Wireless Charging for EV/HEV with Prescriptive Analytics, Machine Learning, Cybersecurity and Blockchain Technology: Ongoing and Future Trends

2019-04-02
2019-01-0790
Due to the rapid development in the technological aspect of the autonomous vehicle (AV), there is a compelling need for research in the field vehicle efficiency and emission reduction without affecting the performance, safety and reliability of the vehicle. Electric vehicle (EV) with rechargeable battery has been proved to be a practical solution for the above problem. In order to utilize the maximum capacity of the battery, a proper power management and control mechanism need to be developed such that it does not affect the performance, reliability and safety of vehicle. Different optimization techniques along with deterministic dynamic programming (DDP) approach are used for the power distribution and management control. The battery-operated electric vehicle can be recharged either by plug-in a wired connection or by the inductive mean (i.e. wirelessly) with the help of the electromagnetic field energy.
Technical Paper

Securing Connected Vehicles End to End

2014-04-01
2014-01-0300
As vehicles become increasingly connected with the external world, they face a growing range of security vulnerabilities. Researchers, hobbyists, and hackers have compromised security keys used by vehicles' electronic control units (ECUs), modified ECU software, and hacked wireless transmissions from vehicle key fobs and tire monitoring sensors. Malware can infect vehicles through Internet connectivity, onboard diagnostic interfaces, devices tethered wirelessly or physically to the vehicle, malware-infected aftermarket devices or spare parts, and onboard Wi-Fi hotspot. Once vehicles are interconnected, compromised vehicles can also be used to attack the connected transportation system and other vehicles. Securing connected vehicles impose a range of unique new challenges. This paper describes some of these unique challenges and presents an end-to-end cloud-assisted connected vehicle security framework that can address these challenges.
Technical Paper

The Study of Secure CAN Communication for Automotive Applications

2017-03-28
2017-01-1658
Cyber security is becoming increasingly critical in the car industry. Not only the entry points to the external world in the car need to be protected against potential attack, but also the on-board communication in the car require to be protected against attackers who may try to send unauthorized CAN messages. However, the current CAN network was not designed with security in mind. As a result, the extra measures have to be taken to address the key security properties of the secure CAN communication, including data integrity, authenticity, confidentiality and freshness. While integrity and authenticity can be achieved by using a relatively straightforward algorithms such as CMAC (Cipher-based Message Authentication Code) and Confidentiality can be handled by a symmetric encryption algorithm like AES128 (128-bit Advanced Encryption Standard), it has been recognized to be more challenging to achieve the freshness of CAN message.
Technical Paper

Test Method for the SAE J3138 Automotive Cyber Security Standard

2020-04-14
2020-01-0142
This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.
Technical Paper

Securing J1939 Communications Using Strong Encryption with FIPS 140-2

2017-03-28
2017-01-0020
Since 2001, all sensitive information of U.S. Federal Agencies has been protected by strong encryption mandated by the Federal Information Processing Standards (FIPS) 140-2 Security Requirements. The requirements specify a formal certification process. The process ensures that validated encryption modules have implemented the standard, and have passed a rigorous testing and review processes. Today, this same strong security protection has become possible for vehicle networks using modern, cost-effective encryption in hardware. This paper introduces the motivation and context for the encryption diagnostics security in terms of all vehicles in general, not just trucks which use SAE J1939 communications. Several practical scenarios for using such encryption hardware and the advantages of using hardware compared to software private-key encryption and public-key encryption are described.
Technical Paper

Investigation of Vehicular Networks and its Main Security Issues

2014-04-01
2014-01-0336
Vehicular Network is an emerging and developing technology to improve traffic management and safety issues, and enable a wide range of value-added services such as collision warning/avoidance. Many applications have been designed to provide safety and comfort for passengers. This technology is a prolific area for attackers who will attempt to challenge the network with their malicious or rational attacks. In this paper we elaborate what a vehicular network is, different kinds of communication in this field, main mechanism and related parts and how vehicular networks work then we introduce some of its applications. After primary familiarity with this system we investigate to different type of attacker, more important security issues, How to secure vehicular networks (security requirements and some tools and methods to achieve secure vehicular networks), difficulties and providing viable security solutions, and at the end briefly explanation of related standards.
Technical Paper

Communication between Plug-in Vehicles and the Utility Grid

2010-04-12
2010-01-0837
This paper is the first in a series of documents designed to record the progress of the SAE J2293 Task Force as it continues to develop and refine the communication requirements between Plug-In Electric Vehicles (PEV) and the Electric Utility Grid. In February, 2008 the SAE Task Force was formed and it started by reviewing the existing SAE J2293 standard, which was originally developed by the Electric Vehicle (EV) Charging Controls Task Force in the 1990s. This legacy standard identified the communication requirements between the Electric Vehicle (EV) and the EV Supply Equipment (EVSE), including off-board charging systems necessary to transfer DC energy to the vehicle. It was apparent at the first Task Force meeting that the communications requirements between the PEV and utility grid being proposed by industry stakeholders were vastly different in the type of communications and messaging documented in the original standard.
Technical Paper

Hardware/Software Co-Design of an Automotive Embedded Firewall

2017-03-28
2017-01-1659
The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.
Technical Paper

A Blockchain-Backed Database for Qualified Parts

2019-03-19
2019-01-1343
Certain standard parts in the aerospace industry require qualification as a prerequisite to manufacturing, signifying that the manufacturer’s capacity to produce parts consistent with the performance specifications has been audited by a neutral third-party auditor, key customer, and/or group of customers. In at least some cases, a certifying authority provides manufacturers with certificates of qualification which they can then present to prospective customers, and/or lists qualified suppliers in a Qualified Parts List or Qualified Supplier List available from that qualification authority. If this list is in an infrequently updated and/or inconsistently styled format as might be found in a print or PDF document, potential customers wishing to integrate qualification information into their supplier tracking systems must use a potentially error-prone manual process that could lead to later reliance on out-of-date or even forged data.
Technical Paper

CAN Crypto FPGA Chip to Secure Data Transmitted Through CAN FD Bus Using AES-128 and SHA-1 Algorithms with A Symmetric Key

2017-03-28
2017-01-1612
Robert Bosch GmBH proposed in 2012 a new version of communication protocol named as Controller area network with Flexible Data-Rate (CANFD), that supports data frames up to 64 bytes compared to 8 bytes of CAN. With limited data frame size of CAN message, and it is impossible to be encrypted and secured. With this new feature of CAN FD, we propose a hardware design - CAN crypto FPGA chip to secure data transmitted through CAN FD bus by using AES-128 and SHA-1 algorithms with a symmetric key. AES-128 algorithm will provide confidentiality of CAN message and SHA-1 algorithm with a symmetric key (HMAC) will provide integrity and authentication of CAN message. The design has been modeled and verified by using Verilog HDL – a hardware description language, and implemented successfully into Xilinx FPGA chip by using simulation tool ISE (Xilinx).
Technical Paper

Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling

2018-04-03
2018-01-0014
Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians. Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated. In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack.
Technical Paper

High Performance Processor Architecture for Automotive Large Scaled Integrated Systems within the European Processor Initiative Research Project

2019-04-02
2019-01-0118
Autonomous driving systems and connected mobility are the next big developments for the car manufacturers and their suppliers during the next decade. To achieve the high computing power needs and fulfill new upcoming requirements due to functional safety and security, heterogeneous processor architectures with a mixture of different core architectures and hardware accelerators are necessary. To tackle this new type of hardware complexity and nevertheless stay within monetary constraints, high performance computers, inspired by state of the art data center hardware, could be adapted in order to fulfill automotive quality requirements. The European Processor Initiative (EPI) research project tries to come along with that challenge for next generation semiconductors. To be as close as possible to series development needs for the next upcoming car generations, we present a hybrid semiconductor system-on-chip architecture for automotive.
Research Report

Unsettled Topics Concerning Automated Driving Systems and the Transportation Ecosystem

2019-11-05
EPR2019005
Over the last 100 years, the automobile has become integrated in a fundamental way into the broader economy. A broad and deep ecosystem has emerged, and critical components of this ecosystem include insurance, after-market services, automobile retail sales, automobile lending, energy suppliers (e.g., gas stations), medical services, advertising, lawyers, banking, public planners, and law enforcement. These components - which together represent almost $2 trillion of the U.S. economy - are in equilibrium based on the current capabilities of automotive technology. However, the advent of autonomous vehicles (AVs) and technologies like electrification have the potential to significantly disrupt the automotive ecosystem. The critical cog governing the rate and pace of this shift is the management of the test and verification of AVs.
X