Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.
Abstract In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses.
Abstract Connected vehicles and intelligent transportation systems are currently evolving into highly interconnected digital environments. Due to the interconnectivity of different systems and complex communication flows, a joint risk analysis for combining safety and security from a system perspective does not yet exist. We introduce a novel method for joint risk assessment in the automotive sector as a combination of the Diamond Model, Failure Mode and Effects Analysis (FMEA), and Factor Analysis of Information Risk (FAIR). These methods have been sequentially composed, which results in a comprehensive risk management approach to information security in an intelligent transport system (ITS). The Diamond Model serves to identify and structurally describe threats and scenarios, the widely accepted FMEA provides threat analysis by identifying possible error combinations, and FAIR provides a quantitative estimation of probabilities for the frequency and magnitude of risk events.
With the development of vehicle intelligence and the Internet of Vehicles, how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently. The Controller Area Network (CAN) bus is currently a very widely used vehicle-mounted bus, and its security largely determines the degree of vehicle-mounted information security. The CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks, modifying attacks, and so on. On the basis of the existing work, this paper proposes an authentication method that combines Hash-based Message Authentication Code (HMAC)-SHA256 and Tiny Encryption Algorithm (TEA) algorithms. This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself as it achieves the identity authentication between the gateway and multiple electronic control units (ECUs).
Abstract In the pursuit of advancing autonomous vehicles (AVs), data-driven algorithms have become pivotal in replacing human perception and decision-making. While deep neural networks (DNNs) hold promise for perception tasks, the potential for catastrophic consequences due to algorithmic flaws is concerning. A well-known incident in 2016, involving a Tesla autopilot misidentifying a white truck as a cloud, underscores the risks and security vulnerabilities. In this article, we present a novel threat model and risk assessment (TARA) analysis on AV data storage, delving into potential threats and damage scenarios. Specifically, we focus on DNN parameter manipulation attacks, evaluating their impact on three distinct algorithms for traffic sign classification and lane assist.
Abstract Automotive software is increasingly complex and critical to safe vehicle operation, and related embedded systems must remain up to date to ensure long-term system performance. Update mechanisms and data modification tools introduce opportunities for malicious actors to compromise these cyber-physical systems, and for trusted actors to mistakenly install incompatible software versions. A distributed and stratified “black box” audit trail for automotive software and data provenance is proposed to assure users, service providers, and original equipment manufacturers (OEMs) of vehicular software integrity and reliability. The proposed black box architecture is both layered and diffuse, employing distributed hash tables (DHT), a parity system and a public blockchain to provide high resilience, assurance, scalability, and efficiency for automotive and other high-assurance systems.
Abstract The United Nation Economic Commission for Europe (UNECE) Regulation 155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle’s lifecycle. ...Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. ...An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval.
As a promising strategic industry group that is rapidly evolving around the world, autonomous vehicle is entering a critical phase of commercialization from demonstration to end markets. The global automotive industry and governments are facing new common topics and challenges brought by autonomous vehicle, such as how to test, assess, and administrate the autonomous vehicle to ensure their safe running in real traffic situations and proper interactions with other road users. Starting from the facts that the way to autonomous driving is the process of a robot or a machine taking over driving tasks from a human. This paper summarizes the main characteristics of autonomous vehicle which are different from traditional one, then demonstrates the limitations of the existing certification mechanism and related testing methods when applied to autonomous vehicle.
Abstract Connected autonomous vehicles that employ internet connectivity are technologically complex, which makes them vulnerable to cyberattacks. Many cybersecurity researchers, white hat hackers, and black hat hackers have discovered numerous exploitable vulnerabilities in connected vehicles. ...This study expanded the technology acceptance model (TAM) to include cybersecurity and level of trust as determinants of technology acceptance. This study surveyed a diverse sample of 209 licensed US drivers over 18 years old.
Abstract The innovations of vehicle connectivity have been increasing dramatically to enhance the safety and user experience of driving, while the rising numbers of interfaces to the external world also bring security threats to vehicles. Many security countermeasures have been proposed and discussed to protect the systems and services against attacks. To provide an overview of the current states in this research field, we conducted a systematic mapping study (SMS) on the topic area “security countermeasures of in-vehicle communication systems.” A total of 279 papers are identified based on the defined study identification strategy and criteria. We discussed four research questions (RQs) related to the security countermeasures, validation methods, publication patterns, and research trends and gaps based on the extracted and classified data. Finally, we evaluated the validity threats and the whole mapping process.
As technology and functionality of vehicle systems change, so do data recording needs. In ADS-dedicated vehicles (DV), the ADS perceives the environment and handles vehicle motion control, i.e., the dynamic driving task (DDT), as described in SAE J3016. When an ADS takes the place of a human driver, its sensing, processing, and control systems necessitate new considerations for data recording. Data recording is important to crash reconstruction, system performance investigations, and event analysis. It enables industry-wide improvements in ADS safety. This best practice makes recommendations for the ADS-DV data needed to support: (1) information about what the ADS "saw" and "did" and (2) identify the technology-relevant factors that contributed to the event.
Abstract Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering.
Access control enforces security policies for controlling critical resources. For V2X (Vehicle to Everything) autonomous military vehicle fleets, network middleware systems such as ROS (Robotic Operating System) expose system resources through networked publisher/subscriber and client/server paradigms. Without proper access control, these systems are vulnerable to attacks from compromised network nodes, which may perform data poisoning attacks, flood packets on a network, or attempt to gain lateral control of other resources. Access control for robotic middleware systems has been investigated in both ROS1 and ROS2. Still, these implementations do not have mechanisms for evaluating a policy's consistency and completeness or writing expressive policies for distributed fleets. We explore an RBAC (Role-Based Access Control) mechanism layered onto ROS environments that uses local permission caches with precomputed truth tables for fast policy evaluation.
Sometimes mandatory, often voluntary, security frameworks are created to provide federal and commercial organizations with an effective roadmap for securing information technology (IT) systems. The goal is to reduce risk levels and prevent or mitigate cyberattacks. To accomplish this task, security frameworks typically provide a series of documented, agreed upon, and understood policies, procedures, and processes necessary to secure the confidentiality, integrity, and availability of information systems and data.
The separation of cybersecurity considerations in RMTO is barely considered, as so far, most available research and activities are mainly focused on AV. ...The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. ...The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. An adaptable security-by-design approach for RMTO covers Security Engineering Life-cycle, Logical Security Layered Concept, and Security Architecture.
This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. ...Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. ...As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges.
But unfortunately, automotive cybersecurity researchers hardly produce a comprehensive detection method due to the confidential nature of Controller Area Network (CAN) DBC format files, which is a standard long maintained by car manufacturers.
Abstract The automotive industry intends to create new services that involve sharing vehicle control information via a wide area network. In modern vehicles, an in-vehicle network shares information between more than 70 electronic control units (ECUs) inside a vehicle while it is driven. However, such a complicated system configuration can result in security vulnerabilities. The possibility of cyber-attacks on vehicles via external services has been demonstrated in many research projects. As advances in vehicle systems (e.g., autonomous drive) progress, the number of vulnerabilities to be exploited by cyber-attacks will also increase. Therefore, future vehicles need security measures to detect unknown cyber-attacks. We propose anomaly-based intrusion detection to detect unknown cyber-attacks for the Control Area Network (CAN) protocol, which is popular as a communication protocol for in-vehicle networks.