Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.
Connectivity and autonomy in vehicles promise improved efficiency, safety and comfort. The increasing use of embedded systems and the cyber element bring with them many challenges regarding cyberattacks which can seriously compromise driver and passenger safety. Beyond penetration testing, assessment of the security vulnerabilities of a component must be done through the design phase of its life cycle. This paper describes the development of a benchtop testbed which allows for the assurance of safety and security of components with all capabilities from Model-in-loop to Software-in-loop to Hardware-in-loop testing. Environment simulation is obtained using the AV simulator, CARLA which provides realistic scenarios and sensor information such as Radar, Lidar etc. MATLAB runs the vehicle, powertrain and control models of the vehicle allowing for the implementation and testing of customized models and algorithms.
Modern vehicles have multiple electronic control units (ECU) to control various subsystems such as the engine, brakes, steering, air conditioning, and infotainment. These ECUs are networked together to share information directly with each other. This in-vehicle network provides a data opportunity for improved maintenance, fleet management, warranty and legal issues, reliability, and accident reconstruction. Data Acquisition from Light-Duty Vehicles Using OBD and CAN is a guide for the reader on how to acquire and correctly interpret data from the in-vehicle network of light-duty (LD) vehicles. The reader will learn how to determine what data is available on the vehicle's network, acquire messages and convert them to scaled engineering parameters, apply more than 25 applicable standards, and understand 15 important test modes.
Abstract Heavy vehicles are essential for the modern economy, delivering critical food, supplies, and freight throughout the world. Connected heavy vehicles are also driven by embedded computers that utilize internal communication using common standards. However, some implementations of the standards leave an opening for a malicious actor to abuse the system. One such abuse case is a cyber-attack known as the “Address Claim Attack.” Proposed in 2018, this attack uses a single network message to disable all communication to and from a target electronic control unit, which may have a detrimental effect on operating the vehicle. This article demonstrates the viability of the attack and then describes the implementation of a solution to prevent this attack in real time without requiring any intervention from the manufacturer of the target devices. The defense technique uses a bit-banged Controller Area Network (CAN) filter to detect the attack.
As an annual subscription, the Wiley Cyber Security Collection Add-On is available for purchase along with one or both of the following: Wiley Aerospace Collection Wiley Automotive Collection The titles from the Wiley Cyber Security Collection are included in the SAE MOBILUS® eBook Package. Titles: Network Forensics Penetration Testing Essentials Security in Fixed and Wireless Networks, 2nd Edition The Network Security Test Lab: A Step-by-Step Guide Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition Computer Security Handbook, Set, 6th Edition Threat Modeling: Designing for Security Other available Wiley collections: Wiley SAE MOBILUS eBook Package Wiley Aerospace Collection Wiley Automotive Collection Wiley Computer Systems Collection Add-On (purchasable with the Wiley Aerospace Collection and/or the Wiley Automotive Collection)
Through this work, Wind River and Airbiquity look to enable secure and intelligent software updates and data management for these vehicles through over-the-air (OTA) programming technology. The work may also lead to similar solutions for traditional aerospace and unmanned aircraft system (UAS) industries.