Refine Your Search

Topic

Author

Affiliation

Search Results

Journal Article

(R)evolution of E/E Architectures

2015-04-14
2015-01-0196
Functionalities such as automated driving, connectivity and cyber-security have gained increasing importance over the past few years. The importance of these functionalities will continue to grow as these cutting-edge technologies mature and market acceptance increases.
Journal Article

A Centrally Managed Identity-Anonymized CAN Communication System*

2018-05-16
Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.
Journal Article

A Comprehensive Attack and Defense Model for the Automotive Domain

2019-01-17
Abstract In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses.
Journal Article

A Comprehensive Risk Management Approach to Information Security in Intelligent Transport Systems

2021-05-05
Abstract Connected vehicles and intelligent transportation systems are currently evolving into highly interconnected digital environments. Due to the interconnectivity of different systems and complex communication flows, a joint risk analysis for combining safety and security from a system perspective does not yet exist. We introduce a novel method for joint risk assessment in the automotive sector as a combination of the Diamond Model, Failure Mode and Effects Analysis (FMEA), and Factor Analysis of Information Risk (FAIR). These methods have been sequentially composed, which results in a comprehensive risk management approach to information security in an intelligent transport system (ITS). The Diamond Model serves to identify and structurally describe threats and scenarios, the widely accepted FMEA provides threat analysis by identifying possible error combinations, and FAIR provides a quantitative estimation of probabilities for the frequency and magnitude of risk events.
Technical Paper

A Controller Area Network Bus Identity Authentication Method Based on Hash Algorithm

2021-07-14
2021-01-5077
With the development of vehicle intelligence and the Internet of Vehicles, how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently. The Controller Area Network (CAN) bus is currently a very widely used vehicle-mounted bus, and its security largely determines the degree of vehicle-mounted information security. The CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks, modifying attacks, and so on. On the basis of the existing work, this paper proposes an authentication method that combines Hash-based Message Authentication Code (HMAC)-SHA256 and Tiny Encryption Algorithm (TEA) algorithms. This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself as it achieves the identity authentication between the gateway and multiple electronic control units (ECUs).
Journal Article

A Distributed “Black Box” Audit Trail Design Specification for Connected and Automated Vehicle Data and Software Assurance

2020-10-14
Abstract Automotive software is increasingly complex and critical to safe vehicle operation, and related embedded systems must remain up to date to ensure long-term system performance. Update mechanisms and data modification tools introduce opportunities for malicious actors to compromise these cyber-physical systems, and for trusted actors to mistakenly install incompatible software versions. A distributed and stratified “black box” audit trail for automotive software and data provenance is proposed to assure users, service providers, and original equipment manufacturers (OEMs) of vehicular software integrity and reliability. The proposed black box architecture is both layered and diffuse, employing distributed hash tables (DHT), a parity system and a public blockchain to provide high resilience, assurance, scalability, and efficiency for automotive and other high-assurance systems.
Technical Paper

A Domain-Centralized Automotive Powertrain E/E Architecture

2021-04-06
2021-01-0786
This paper proposes a domain-centralized powertrain E/E (electrical and/or electronic) architecture for all-electric vehicles that features: a powerful master controller (domain controller) that implements most of the functionality of the domain; a set of smart actuators for electric motor(s), HV (High Voltage) battery pack, and thermal management; and a gateway that routes all hardware signals, including digital and analog I/O, and field bus signals between the domain controller and the rest of the vehicle that is outside of the domain. Major functional safety aspects of the architecture are presented and a safety architecture is proposed. The work represents an early E/E architecture proposal. In particular, detailed partitioning of software components over the domain’s Electronic Control Units (ECUs) has not been determined yet; instead, potential partitioning schemes are discussed.
Journal Article

A Novel Assessment and Administration Method of Autonomous Vehicle

2020-04-14
2020-01-0708
As a promising strategic industry group that is rapidly evolving around the world, autonomous vehicle is entering a critical phase of commercialization from demonstration to end markets. The global automotive industry and governments are facing new common topics and challenges brought by autonomous vehicle, such as how to test, assess, and administrate the autonomous vehicle to ensure their safe running in real traffic situations and proper interactions with other road users. Starting from the facts that the way to autonomous driving is the process of a robot or a machine taking over driving tasks from a human. This paper summarizes the main characteristics of autonomous vehicle which are different from traditional one, then demonstrates the limitations of the existing certification mechanism and related testing methods when applied to autonomous vehicle.
Article

A how-to for car hackers

2016-09-22
The automotive cyber wars are just getting started. Regardless of what side of the battle you’re on, there are valuable insights into the other guy’s strategies and tactics in an excellent new book, The Car Hacker's Handbook .
Best Practice

AVSC Best Practice for Data Collection for Automated Driving System-Dedicated Vehicles (ADS-DVs) to Support Event Analysis

2020-09-23
CURRENT
AVSC00004202009
As technology and functionality of vehicle systems change, so do data recording needs. In ADS-dedicated vehicles (DV), the ADS perceives the environment and handles vehicle motion control, i.e., the dynamic driving task (DDT), as described in SAE J3016. When an ADS takes the place of a human driver, its sensing, processing, and control systems necessitate new considerations for data recording. Data recording is important to crash reconstruction, system performance investigations, and event analysis. It enables industry-wide improvements in ADS safety. This best practice makes recommendations for the ADS-DV data needed to support: (1) information about what the ADS "saw" and "did" and (2) identify the technology-relevant factors that contributed to the event.
Journal Article

Accelerated Secure Boot for Real-Time Embedded Safety Systems

2019-07-08
Abstract Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering.
Article

Addressing configuration controls in an era of multiple security frameworks

2019-07-04
 Sometimes mandatory, often voluntary, security frameworks are created to provide federal and commercial organizations with an effective roadmap for securing information technology (IT) systems. The goal is to reduce risk levels and prevent or mitigate cyberattacks. To accomplish this task, security frameworks typically provide a series of documented, agreed upon, and understood policies, procedures, and processes necessary to secure the confidentiality, integrity, and availability of information systems and data.
Technical Paper

Adopting Aviation Safety Knowledge into the Discussions of Safe Implementation of Connected and Autonomous Road Vehicles

2021-04-06
2021-01-0074
The development of connected and autonomous vehicles (CAVs) is progressing fast. Yet, safety and standardization-related discussions are limited due to the recent nature of the sector. Despite the effort that is initiated to kick-start the study, awareness among practitioners is still low. Hence, further effort is required to stimulate this discussion. Among the available works on CAV safety, some of them take inspiration from the aviation sector that has strict safety regulations. The underlying reason is the experience that has been gained over the decades. However, the literature still lacks a thorough association between automation in aviation and the CAV from the safety perspective. As such, this paper motivates the adoption of safe-automation knowledge from aviation to facilitate safer CAV systems.
Technical Paper

An Analysis of Secure Software Development Lifecycle from an Automotive Development Perspective

2016-04-05
2016-01-0040
The modern vehicle development is highly dependent on software. The software development plays an extremely important role in vehicle safety and security. In order to ensure software high quality and safety standards, we have investigated the secure software development process and analyzed the works in this area. Based on our analysis, we have identified the similarities and differences between the secure software development process and the existing vehicle development process. We then made suggestions on how to adopt the secure software development process in the overall vehicle development process.
Technical Paper

An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security

2020-04-14
2020-01-0145
This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. ...Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. ...As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges.
Technical Paper

Analyze This! Sound Static Analysis for Integration Verification of Large-Scale Automotive Software

2019-04-02
2019-01-1246
Safety-critical embedded software has to satisfy stringent quality requirements. One such requirement, imposed by all contemporary safety standards, is that no critical run-time errors must occur. Runtime errors can be caused by undefined or unspecified behavior of the programming language; examples are buffer overflows or data races. They may cause erroneous or erratic behavior, induce system failures, and constitute security vulnerabilities. A sound static analyzer reports all such defects in the code, or proves their absence. Sound static program analysis is a verification technique recommended by ISO/FDIS 26262 for software unit verification and for the verification of software integration. In this article we propose an analysis methodology that has been implemented with the static analyzer Astrée. It supports quick turn-around times and gives highly precise whole-program results.
Technical Paper

Android Defense in Depth Strategy in an Automobile Ecosystem

2020-04-14
2020-01-1365
Android is becoming an environment of choice in the automotive sector because of near production grade open source stack availability and large developer community. With growing interest from Automotive OEMs for Android IVI (In-Vehicle Infotainment) solutions, we predict a similar growth trend in an automobile like in Mobile space. At another end, the need for more interconnected devices within the Automobile ecosystem is increasing, which leads to an increased threat to security. In sophisticated device interconnections, identifying the gateways and implementing the right security strategy is key to improve overall system security & stability. While Android is maturing for automotive and with growing interest from automotive OEMs, we spent time in analyzing current Android defense-in-depth concepts with the automotive perspective.
X