Controller area network (CAN) is used as a legacy protocol for in-vehicle communication. However, it lacks basic security features such as message authentication, integrity, confidentiality, etc., because the sender information in the message is missing. Hence, it is prone to different attacks like spoofing attacks, denial of service attacks, man in the middle and masquerade attacks. Researchers have proposed various techniques to detect and prevent these attacks, which can be split into two classes: (a) MAC-based techniques and (b) intrusion detection-based techniques. Further, intrusion detection systems can be divided into four categories: (i) message parameter- based, (ii) entropy-based, (iii) machine Learning-based and (iv) fingerprinting-based. This paper details state-of- the-art survey of fingerprinting-based intrusion detection techniques. In addition, the advantages and limitations of different fingerprinting-based intrusion detection techniques methods will be discussed.
This paper is the second in the series of documents designed to record the progress of a series of SAE documents - SAE J2836™, J2847, J2931, & J2953 - within the Plug-In Electric Vehicle (PEV) Communication Task Force. This follows the initial paper number 2010-01-0837, and continues with the test and modeling of the various PLC types for utility programs described in J2836/1™ & J2847/1. This also extends the communication to an off-board charger, described in J2836/2™ & J2847/2 and includes reverse energy flow described in J2836/3™ and J2847/3. The initial versions of J2836/1™ and J2847/1 were published early 2010. J2847/1 has now been re-opened to include updates from comments from the National Institute of Standards Technology (NIST) Smart Grid Interoperability Panel (SGIP), Smart Grid Architectural Committee (SGAC) and Cyber Security Working Group committee (SCWG).
Abstract The automotive industry intends to create new services that involve sharing vehicle control information via a wide area network. In modern vehicles, an in-vehicle network shares information between more than 70 electronic control units (ECUs) inside a vehicle while it is driven. However, such a complicated system configuration can result in security vulnerabilities. The possibility of cyber-attacks on vehicles via external services has been demonstrated in many research projects. As advances in vehicle systems (e.g., autonomous drive) progress, the number of vulnerabilities to be exploited by cyber-attacks will also increase. Therefore, future vehicles need security measures to detect unknown cyber-attacks. We propose anomaly-based intrusion detection to detect unknown cyber-attacks for the Control Area Network (CAN) protocol, which is popular as a communication protocol for in-vehicle networks.
This document is the Architecture Description (AD) for the SAE Unmanned Systems (UxS) Control Segment (UCS) Architecture Library Revision A or, simply, the UCS Architecture. The architecture is expressed by a library of SAE publications as referenced herein. The other publications in the UCS Architecture Library Revision A are: AS6513A, AS6518A, AS6522A, and AS6969A.
Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.
In recent years, with increase in external connectivity (V2X, telematics, mobile projection, BYOD) the automobile is becoming a target of cyberattacks and intrusions. Any such intrusion reduces customer trust in connected cars and negatively impacts brand image (like the recent Jeep Cherokee hack). To protect against intrusion, several mechanisms are available. These range from a simple secure CAN to a specialized symbiote defense software. A few systems (e.g. V2X) implement detection of an intrusion (defined as a misbehaving entity). However, most of the mechanisms require a system-wide change which adds to the cost and negatively impacts the performance. In this paper, we are proposing a practical and scalable approach to intrusion detection. Some benefits of our approach include use of existing security mechanisms such as TrustZone® and watermarking with little or no impact on cost and performance. In addition, our approach is scalable and does not require any system-wide changes.
Abstract The importance of in-vehicle network security has increased with an increase in automated and connected vehicles. Hence, many attacks and countermeasures have been proposed to secure the controller area network (CAN), which is an existent in-vehicle network protocol. At the same time, new protocols-such as FlexRay and Ethernet-which are faster and more reliable than CAN have also been proposed. European OEMs have adopted FlexRay as a control network that can perform the fundamental functions of a vehicle. However, there are few studies regarding FlexRay security. In particular, studies on attacks against FlexRay are limited to theoretical studies or simulation-based experiments. Hence, the vulnerability of FlexRay is unclear. Understanding this vulnerability is necessary for the application of countermeasures and improving the security of future vehicles. In this article, we highlight the vulnerability of FlexRay found in the experiments conducted on a real FlexRay network.
As an annual subscription, the Wiley Cyber Security Collection Add-On is available for purchase along with one or both of the following: Wiley Aerospace Collection Wiley Automotive Collection The titles from the Wiley Cyber Security Collection are included in the SAE MOBILUS® eBook Package. Titles: Network Forensics Penetration Testing Essentials Security in Fixed and Wireless Networks, 2nd Edition The Network Security Test Lab: A Step-by-Step Guide Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition Computer Security Handbook, Set, 6th Edition Threat Modeling: Designing for Security Other available Wiley collections: Wiley SAE MOBILUS eBook Package Wiley Aerospace Collection Wiley Automotive Collection Wiley Computer Systems Collection Add-On (purchasable with the Wiley Aerospace Collection and/or the Wiley Automotive Collection)
Connectivity and autonomy in vehicles promise improved efficiency, safety and comfort. The increasing use of embedded systems and the cyber element bring with them many challenges regarding cyberattacks which can seriously compromise driver and passenger safety. Beyond penetration testing, assessment of the security vulnerabilities of a component must be done through the design phase of its life cycle. This paper describes the development of a benchtop testbed which allows for the assurance of safety and security of components with all capabilities from Model-in-loop to Software-in-loop to Hardware-in-loop testing. Environment simulation is obtained using the AV simulator, CARLA which provides realistic scenarios and sensor information such as Radar, Lidar etc. MATLAB runs the vehicle, powertrain and control models of the vehicle allowing for the implementation and testing of customized models and algorithms.
Robert Bosch GmBH proposed in 2012 a new version of communication protocol named as Controller area network with Flexible Data-Rate (CANFD), that supports data frames up to 64 bytes compared to 8 bytes of CAN. With limited data frame size of CAN message, and it is impossible to be encrypted and secured. With this new feature of CAN FD, we propose a hardware design - CAN crypto FPGA chip to secure data transmitted through CAN FD bus by using AES-128 and SHA-1 algorithms with a symmetric key. AES-128 algorithm will provide confidentiality of CAN message and SHA-1 algorithm with a symmetric key (HMAC) will provide integrity and authentication of CAN message. The design has been modeled and verified by using Verilog HDL – a hardware description language, and implemented successfully into Xilinx FPGA chip by using simulation tool ISE (Xilinx).
This document describes machine-to-machine (M2M) communication to enable cooperation between two or more participating entities or communication devices possessed or controlled by those entities. The cooperation supports or enables performance of the dynamic driving task (DDT) for a subject vehicle with driving automation feature(s) engaged. Other participants may include other vehicles with driving automation feature(s) engaged, shared road users (e.g., drivers of manually operated vehicles or pedestrians or cyclists carrying personal devices), or road operators (e.g., those who maintain or operate traffic signals or workzones). Cooperative driving automation (CDA) aims to improve the safety and flow of traffic and/or facilitate road operations by supporting the movement of multiple vehicles in proximity to one another. This is accomplished, for example, by sharing information that can be used to influence (directly or indirectly) DDT performance by one or more nearby road users.
This SAE Information Report SAE J2931 establishes the requirements for digital communication between Plug-In Electric Vehicles (PEV), the Electric Vehicle Supply Equipment (EVSE) and the utility or service provider, Energy Services Interface (ESI), Advanced Metering Infrastructure (AMI) and Home Area Network (HAN). This is the third version of this document and completes the effort that specifies the digital communication protocol stack between Plug-in Electric Vehicles (PEV) and the Electric Vehicle Supply Equipment (EVSE). The purpose of the stack outlined in Figure 1 and defined by Layers 3 to 6 of the OSI Reference Model (Figure 1) is to use the functions of Layers 1 and 2 specified in SAE J2931/4 and export the functionalities to Layer 7 as specified in SAE J2847/2 (as of August 1, 2012, revision) and SAE J2847/1 (targeting revision at the end of 2012).
Modern vehicles have multiple electronic control units (ECU) to control various subsystems such as the engine, brakes, steering, air conditioning, and infotainment. These ECUs are networked together to share information directly with each other. This in-vehicle network provides a data opportunity for improved maintenance, fleet management, warranty and legal issues, reliability, and accident reconstruction. Data Acquisition from Light-Duty Vehicles Using OBD and CAN is a guide for the reader on how to acquire and correctly interpret data from the in-vehicle network of light-duty (LD) vehicles. The reader will learn how to determine what data is available on the vehicle's network, acquire messages and convert them to scaled engineering parameters, apply more than 25 applicable standards, and understand 15 important test modes.
As mobility software becomes increasingly complex and connected, so does the risk of human error and system safety. To combat this, New York-based software company AdaCore will work with Nvidia Corporation of Santa Clara, California to apply open-source Ada and SPARK programming languages for select software security firmware elements in highly-complex, safety-critical systems like Nvidia’s DRIVE AGX automated and autonomous vehicle solutions.
Through this work, Wind River and Airbiquity look to enable secure and intelligent software updates and data management for these vehicles through over-the-air (OTA) programming technology. The work may also lead to similar solutions for traditional aerospace and unmanned aircraft system (UAS) industries.