Search Results

In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.

OBD, J1939 and UDS on CAN / IP), and a glimpse into the near future covering remote, cloud-based diagnostics and cybersecurity threats.

This document describes a set of recommended actions to take to increase the likelihood of safe vehicle operation when a device (external test equipment, data collection device, etc.) whose normal operation has been compromised by a source external to the vehicle is connected to the vehicle’s diagnostic system. The term “diagnostic system” is intended to be a generic way to reference all the different ways that diagnostic commands might be injected into the system. The guidance in this document is intended to improve security without significantly impacting the ability for franchised dealer or independent aftermarket external test tools to perform legitimate diagnosis and maintenance functions. The goal is that intrusive services are only allowed to be performed when the vehicle is in a Safe State such that even if the intrusive service were to be initiated with adversarial intent the consequences of such a service would still be acceptable.

This SAE Recommended Practice establishes a uniform practice for protecting vehicle components from "unauthorized" access through a vehicle data link connector (DLC). The document defines a security system for motor vehicle and tool manufacturers. It will provide flexibility to tailor systems to the security needs of the vehicle manufacturer. The vehicle modules addressed are those that are capable of having solid state memory contents accessed or altered through the data link connector. Improper memory content alteration could potentially damage the electronics or other vehicle modules; risk the vehicle compliance to government legislated requirements; or risk the vehicle manufacturer's security interests. This document does not imply that other security measures are not required nor possible.

This SAE Recommended Practice defines the Expanded Diagnostic Protocol (EDP), the requirements for the SAE J1978 OBD II Scan Tool for supporting the EDP protocol, and associated requirements for diagnosis and service information to be provided by motor vehicle manufacturers. Appendix A includes worked examples of the use of the protocol.

This SAE Recommended Practice defines the Expanded Diagnostic Protocol (EDP), the requirements for the SAE J1978 OBD II Scan Tool for supporting the EDP protocol, and associated requirements for diagnosis and service information to be provided by motor vehicle manufacturers. Appendix A includes worked examples of the use of the protocol.

The paper includes a description of cybersecurity measures to protect the vehicle against malicious attacks.

Here, we discuss the On-Board Diagnostic (OBD) regulations for next generation BEV/HEV, its vulnerabilities and cybersecurity threats that come with hacking. We propose three cybersecurity attack detection and defense methods: Cyber-Attack detection algorithm, Time-Based CAN Intrusion Detection Method and, Feistel Cipher Block Method. ...These control methods autonomously diagnose a cybersecurity problem in a vehicle’s onboard system using an OBD interface, such as OBD-II when a fault caused by a cyberattack is detected, All of this is achieved in an internal communication network structure.

The scope of the document is to define the cyber-security best practices to reduce interference with normal vehicle operation, or to minimize risk as to unauthorized access of the vehicle's control, diagnostic, or data storage system; access by equipment (i.e., permanently or semi-permanently installed diagnostic communication device, also known as dongle, etc.) which is either permanently or semi-permanently connected to the vehicle's OBD diagnostic connector, either SAE J1939-13, SAE J1962, or other future protocol; or hardwired directly to the in-vehicle network.

Annual conference government policy, regulatory makers, automotive industry neutral forum discuss US government regulation, technology, customer acceptance future vehicle design. industry event safety, emission control, fuel efficiency, automated vehicles.

Registration for the Government/Industry Meeting

Registration for the Government/Industry Meeting will be open on September 1, 2023. Please check back soon.

Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the elements that are necessary to realize industry-standard cybersecurity controls. ...Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the elements that are necessary to realize industry-standard cybersecurity controls. For example, they may not have hardware cryptographic accelerators, segregated areas of memory for storing keys, or one-time programmable memory areas. ...While the UDS service $27 (Security Access) has a reputation for poor cybersecurity, there is nothing inherent in the way it operates which prevents a secure access-control from being implemented.

The VCE Laboratory testbeds are connected with an Amazon Web Services (AWS) cloud-based Cyber-security Labs as a Service (CLaaS) system, which allows students and researchers to access the testbeds from any place that has a secure internet connection. ...VCE students are assigned predefined virtual machines to perform designated cyber-security experiments. The CLaaS system has low administrative overhead associated with experiment setup and management. ...VCE Laboratory CLaaS experiments have been developed for demonstrating man-in-the-middle cyber-security attacks from actual compromised hardware or software connected with the TestCube.

This exercise confirms the necessity of a more restrictive cybersecurity posture in automotive peripherals with access to critical systems, in particular VDAs, and especially when such peripherals present a wireless interface.