Refine Your Search

Topic

Search Results

Technical Paper

Cybersecurity Metrics for Automotive Systems

2021-04-06
2021-01-0138
With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Article

Challenges ahead: cybersecurity and the aerospace supply chain

2018-07-24
Supply chains, now being targeted as a pathway to the vital core of organizations around the world, have become a vital part of the industry’s cybersecurity strategy, says Kirsten Koepsel, author of SAE International’s latest book, The Aerospace Supply Chain and Cyber Security – Challenges Ahead, now available.
Technical Paper

Information Security Risk Management of Vehicles

2018-04-03
2018-01-0015
The results of this work is allowed to identify a number of cybersecurity threats of the automated security-critical automotive systems, which reduces the efficiency of operation, road safety and system safety. ...According to the evaluating criterion of board electronics, the presence of poorly-protected communication channels, the 75% of the researched modern vehicles do not meet the minimum requirements of cybersecurity due to the danger of external blocking of vital systems. The revealed vulnerabilities of the security-critical automotive systems lead to the necessity of developing methods for mechanical and electronic protection of the modern vehicle. ...The law of normal distribution of the mid-points of the expert evaluation of the cyber-security of a modern vehicle has been determined. Based on the system approach, ranking of the main cybersecurity treats is performed.
Book

Supply Chain Vulnerabilities Impacting Commercial Aviation

2019-09-04
Written by Kirsten Koepsel, a lawyer and engineer whose work has focused on aviation cybersecurity, Supply Chain Vulnerabilities Impacting Commercial Aviation addresses the big question facing aircraft manufacturers today: keep the work in house or outsource it? ...Supply Chain Vulnerabilities Impacting Commercial Aviation discusses the differences in requirements depending on the buyer of the aircraft (governmental or not), ranging from delivery delays to risks linked to cybersecurity and the Internet of Things (IoT), including possible problems with faulty sensors and counterfeit parts.
Technical Paper

UDS Security Access for highly-constrained ECUs

2022-03-29
2022-01-0132
Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the facilities that are necessary to realise industry-standard cybersecurity controls. ...Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the facilities that are necessary to realise industry-standard cybersecurity controls. Such systems must still be protected with a sufficient level of rigor against attackers who wish to modify their operation or extract confidential information from them. ...While the classic UDS service $27 (Security Access) has a reputation for poor cybersecurity, there is nothing inherent in the way it operates which prevents a secure access-control from being implemented.
Magazine

Automotive Engineering: February 2017

2017-02-02
SAE Standards News VS committees fully engaged on cybersecurity. Honda's new 10-speed is a slick shifter SAE Level 3 'hand off' challenging AI researchers Lightweight door module aims to trim vehicle weight Exclusive first drive: Torotrak's V-Charge technology New 10-speed auto delights in 2017 Ford F-150 Power and more underscore 2018 Toyota Camry I.D.
Book

The Aerospace Supply Chain and Cyber Security - Challenges Ahead

2018-07-20
The Aerospace Supply Chain and Cyber Security - Challenges Ahead looks at the current state of commercial aviation and cyber security, how information technology and its attractiveness to cyber attacks is affecting it, and the way supply chains have become a vital part of the industry's cyber-security strategy. More than ever before, commercial aviation relies on information and communications technology.
Training / Education

Introduction to Cyber Security for Commercial Aviation

2022-04-07
Despite the advantages of electronic flight bags (EFB), passenger entertainment and email access during flights, and the ability to access aircraft repair manuals electronically, computer interconnectivity throughout aviation has opened the aviation sector to cyber-attacks that could impact flights, data, and safety. This two-day seminar is intended to introduce aviation professionals to the need to implement cyber security throughout commercial aviation including the supply chain.
Standard

E/E Data Link Security

2019-07-12
CURRENT
J2186_201907
This SAE Recommended Practice establishes a uniform practice for protecting vehicle components from "unauthorized" access through a vehicle data link connector (DLC). The document defines a security system for motor vehicle and tool manufacturers. It will provide flexibility to tailor systems to the security needs of the vehicle manufacturer. The vehicle modules addressed are those that are capable of having solid state memory contents accessed or altered through the data link connector. Improper memory content alteration could potentially damage the electronics or other vehicle modules; risk the vehicle compliance to government legislated requirements; or risk the vehicle manufacturer's security interests. This document does not imply that other security measures are not required nor possible.
Technical Paper

Attacking vehicles with ransomware: Watch the horizon

2022-03-29
2022-01-0358
Ransomware use is rampant throughout most industries. With the number of successful ransomware attacks through the industrial economy, this feels like a tsunami of attacks. These attacks seemingly originate from anywhere with an internet connection. There are vast numbers of bad actors creating these attacks, all focused on your systems. With the large number of attacks, it is granted there have been many breaches. While there have been a large number of successful attacks, each attack’s objectives have varied. These have historically been to generate revenue in the form of fees for the decrypt key or a promise not to publish exfiltrated data. The landscape has become saturated with ransomware attacks on consumers and the enterprise. There has been extensive training for staff in an effort to mitigate these issues. The next potential targets are vehicles and ground systems. These, as targets, have not been evaluated via a full risk assessment to the recommended extent.
Standard

Hardware Protected Security for Ground Vehicles

2020-02-10
CURRENT
J3101_202002
Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper. Examples are: Creating a new key fob Re-flashing ECU firmware Reading/exporting PII out of the ECU Using a subscription-based feature Performing some service on an ECU Transferring ownership of the vehicle Some of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive.
Journal Article

Simple Cryptographic Key Management Scheme of the Electronic Control Unit in the Lifecycle of a Vehicle

2020-12-31
Abstract Connecting vehicles to various network services increases the risk of in-vehicle cyberattacks. For automotive industries, the supply chain for assembling a vehicle consists of many different organizations such as component suppliers, system suppliers, and car manufacturers (CMs). Moreover, once a vehicle has shipped from the factory of the CM, resellers, dealers, and owners of the vehicle may add and replace the optional authorized and third-party equipment. Such equipment may have serious security vulnerabilities that may be targeted by a malicious attacker. The key management system of a vehicle must be applicable to all use cases. We propose a novel key management system adaptable to the electronic control unit (ECU) lifecycle of a vehicle. The scope of our system is not only the vehicle product line but also the third-party vendors of automotive accessories and vehicle maintenance facilities, including resellers, dealers, and vehicle users.
Standard

Determination of Cost Benefits from Implementing a Blockchain Solution

2021-08-19
CURRENT
ARP6984
This SAE Aerospace Recommended Practice (ARP) provides insights on how to perform a Cost Benefit Analysis (CBA) to determine the Return on Investment (ROI) that would result from implementing a blockchain solution to a new or an existing business process. The word “blockchain” refers to a method of documenting when data transactions occur using a distributed ledger with desired immutable qualities. The scope of the current document is on enterprise blockchain which gives the benefit of standardized cryptography, legal enforceability and regulatory compliance. The document analyzes the complexity involved with this technology, lists some of the different approaches that can be used for conducting a CBA, and differentiates its analysis depending on whether the application uses a public or a private distributed network.
Standard

Security for Plug-In Electric Vehicle Communications

2018-02-15
CURRENT
J2931/7_201802
This SAE Information Report J2931/7 establishes the security requirements for digital communication between Plug-In Electric Vehicles (PEV), the Electric Vehicle Supply Equipment (EVSE) and the utility, ESI, Advanced Metering Infrastructure (AMI) and/or Home Area Network (HAN).
Research Report

Unsettled Legal Issues Facing Data in Autonomous, Connected, Electric, and Shared Vehicles

2021-09-13
EPR2021019
Modern automobiles collect around 25 gigabytes of data per hour and autonomous vehicles are expected to generate more than 100 times that number. In comparison, the Apollo Guidance Computer assisting in the moon launches had only a 32-kilobtye hard disk. Without question, the breadth of in-vehicle data has opened new possibilities and challenges. The potential for accessing this data has led many entrepreneurs to claim that data is more valuable than even the vehicle itself. These intrepid data-miners seek to explore business opportunities in predictive maintenance, pay-as-you-drive features, and infrastructure services. Yet, the use of data comes with inherent challenges: accessibility, ownership, security, and privacy. Unsettled Legal Issues Facing Data in Autonomous, Connected, Electric, and Shared Vehicles examines some of the pressing questions on the minds of both industry and consumers. Who owns the data and how can it be used?
X