Search Results

Abstract The importance of in-vehicle network security has increased with an increase in automated and connected vehicles. Hence, many attacks and countermeasures have been proposed to secure the controller area network (CAN), which is an existent in-vehicle network protocol. At the same time, new protocols-such as FlexRay and Ethernet-which are faster and more reliable than CAN have also been proposed. European OEMs have adopted FlexRay as a control network that can perform the fundamental functions of a vehicle. However, there are few studies regarding FlexRay security. In particular, studies on attacks against FlexRay are limited to theoretical studies or simulation-based experiments. Hence, the vulnerability of FlexRay is unclear. Understanding this vulnerability is necessary for the application of countermeasures and improving the security of future vehicles. In this article, we highlight the vulnerability of FlexRay found in the experiments conducted on a real FlexRay network.

Abstract Traditionally, Electronic Control Units (ECUs) in vehicles have been left unsecured. Ensuring cybersecurity in an ECU network is challenging as there is no centralized authority in the vehicle to provide security as a service. While progress has been made to address cybersecurity vulnerabilities, many of these approaches have focused on enterprise, software-centric systems and require more computational resources than typically available for onboard vehicular devices. Furthermore, vehicle networks have the additional challenge of mitigating security vulnerabilities while satisfying safety and performance constraints. This article introduces a blockchain framework to detect unauthorized modifications to vehicle ECUs. A proof of concept blockchain prototype framework is implemented on a set of microprocessors (comparable to those used by simple ECUs) as a means to assess the efficacy of using our blockchain approach to detect unauthorized updates.

Abstract This article proposes a new misfire detection index, the ΔGap slope, for a four-cylinder engine. However, the proposed index is not limited to four-cylinder engines. The ΔGap slope uses the tooth time measured using the existing crankshaft position sensor; therefore, an additional sensor is not required, which makes it economical. The ΔGap slope is defined as the difference between the gap slopes of the same cylinder for two adjacent cycles. Various factors that cause deviations in gap slopes between cylinders can be eliminated in the process of determining the difference between two gap slopes. Hence, in contrast with the existing engine roughness method, the ΔGap slope has the advantage of not requiring compensation for deviations between the cylinders. The conventional gap slope method must use different sets of thresholds for each cylinder located at the same position on the sensor wheel, which results in multiple thresholds being applied.

Abstract The complex hydropneumatic electromagnetic coupling structure of the dual-fuel injector leads to its complicated injection process. The unknown problem of fuel injection characteristics limits the injector design and optimization process of combustion efficiency. Therefore, the scientific study of dual-fuel injection mechanism and online identification method is the key to grasping the diesel-gas coupled injection mechanism, and an important theoretical basis for advanced closed-loop control. In this study, an identification method for the time characteristics of the dual-fuel injector injection process is based on the injector inlet pressure, which can be applied to the diesel-natural gas co-direct injection engine. First, the cause and transfer process of diesel injection pressure waves were analyzed based on the Riemann invariant theory.

Abstract The secure boot has successfully protected systems from executing untrusted software (SW), but low-power controllers lack sufficient time to check every memory cell while satisfying real-time functional safety requirements. Automotive controllers need to maintain security through multiple cycles of remote, unsupervised operation and safely reach a secure state when an anomaly is detected. To accelerate the boot time, we propose Sliced Secure Boot: build fingerprints by slicing orthogonally through memory blocks, protect each cell with a reusable fingerprint using a reproducible pattern with sufficient entropy, and randomly check one fingerprint pattern during boot. We do not claim that sampling offers equivalent protection to exhaustive checks but demonstrate that careful sampling can provide a sufficient level of detection while maintaining compatibility with both startup time and functional safety requirements.

Abstract Connecting vehicles to various network services increases the risk of in-vehicle cyberattacks. For automotive industries, the supply chain for assembling a vehicle consists of many different organizations such as component suppliers, system suppliers, and car manufacturers (CMs). Moreover, once a vehicle has shipped from the factory of the CM, resellers, dealers, and owners of the vehicle may add and replace the optional authorized and third-party equipment. Such equipment may have serious security vulnerabilities that may be targeted by a malicious attacker. The key management system of a vehicle must be applicable to all use cases. We propose a novel key management system adaptable to the electronic control unit (ECU) lifecycle of a vehicle. The scope of our system is not only the vehicle product line but also the third-party vendors of automotive accessories and vehicle maintenance facilities, including resellers, dealers, and vehicle users.

Abstract The development of electrification, industrial intelligence, and interconnectivity has driven the transformation of the automobile from a mechanical to an intelligent product. Automobiles have gradually changed from a closed system to an open environment. Therefore, a variety of security threats and attack surfaces are emerging. Hackers or attackers can illegally access and control vehicles through external interfaces such as Bluetooth, Wi-Fi, and cellular. Automotive cybersecurity issues are becoming more prominent than ever. SAE J3061 and ISO/SAE 21434 being drafted also indicate that automotive cybersecurity has been elevated to a position equal to or more important than functional safety. Security threat analysis helps the development of the early concept phase of automotive cybersecurity. However, the threat analysis based on the traditional attack tree has the disadvantages of multiple subjective factors and low accuracy.

Abstract Modern vehicles integrate Internet of Things (IoT) components to bring value-added services to both drivers and passengers. These components communicate with the external world through different types of interfaces including the on-board diagnostics (OBD-II) port, a mandatory interface in all vehicles in the United States and Europe. While this transformation has driven significant advancements in efficiency and safety, it has also opened a door to a wide variety of cyberattacks, as the architectures of vehicles were never designed with external connectivity in mind, and accordingly, security has never been pivotal in the design. As standardized, the OBD-II port allows not only direct access to the internal network of the vehicle but also installing software on the Electronic Control Units (ECUs).

Abstract Secure boot, although known for more than 20 years, frequent attacks from hackers that show numerous ways to bypass the security mechanism, including electronic control units (ECUs) of the automotive industry. This paper investigates the major causes of security weaknesses of secure boot implementations. Based on penetration test experiences, we start from an attacker’s perspective to identify and outline common implementation weaknesses. Then, from a Tier-One perspective, we analyze challenges in the research and development process of ECUs between original equipment manufacturers (OEMs) and suppliers that amplify the probability of such weakness. The paper provides recommendations to increase the understanding of implementing secure boot securely on both sides and derives a set of reference requirements as a starting point for secure boot ECU requirements.

Abstract A growing interest in electromechanical brakes (EMB) is discernible in the automotive industry finding its climax in an announcement of EMB series production in late 2022 [1]. The introduction of EMB allows for new design opportunities using distributed software on smart actuators. However, additional efforts are needed to ensure continuously high levels of safety even when established design principles in the brake system are changed. This article discusses different safety concepts that could potentially be put in place in EMB actuators. Therefore, safety goals that need to be satisfied by an actuator are derived. Furthermore, three different degrees of complexity are differentiated, evolving to different required electronic control units (ECU) and architectures. Additionally, also the safety of the actuation unit (AU) is considered to realize a holistic safety concept for the actuator. Finally, a conclusion is drawn comparing the different investigated concepts.

Abstract Heavy vehicles are essential for the modern economy, delivering critical food, supplies, and freight throughout the world. Connected heavy vehicles are also driven by embedded computers that utilize internal communication using common standards. However, some implementations of the standards leave an opening for a malicious actor to abuse the system. One such abuse case is a cyber-attack known as the “Address Claim Attack.” Proposed in 2018, this attack uses a single network message to disable all communication to and from a target electronic control unit, which may have a detrimental effect on operating the vehicle. This article demonstrates the viability of the attack and then describes the implementation of a solution to prevent this attack in real time without requiring any intervention from the manufacturer of the target devices. The defense technique uses a bit-banged Controller Area Network (CAN) filter to detect the attack.

Abstract Battery Drain problems can occur in the vehicle due to improper network management between electronic control units (ECUs). Aim of this paper is to identify the factors that cause transmission and cease of transmission of a network management message of an ECU along with its application messages that controls the sleep/wake-up performance of other ECUs in the network. Strategy used here is, based on the root cause analysis of problems found in Display unit in vehicle environment, the functional CAN signals impacting sleep/wake-up behavior is re-mapped along with the state flow transition of AUTOSAR NM Algorithm. A re-defined test case design and simulation for vehicle model is created. Especially it focuses on validating the impact of functional CAN signals on DUT’s sleep/wake-up performance.

Abstract Objectified analysis and evaluation tools offer cost- as well as time-saving potentials regarding the calibration process of vehicle control units. To reduce the time required for the calibration effort, standardized processes including the frontloading of development tasks enable swift calibration procedures and can be used to develop a basis for the comparison of different vehicles and also the calibration quality. In this environment, objectified evaluation methods are also being developed for the investigation of the drivability of electric vehicles. This article presents a methodology for assessing the longitudinal drive behavior of battery electric vehicles during deceleration maneuvers. The aim is to objectively evaluate the vehicle deceleration by means of reproducible driving maneuvers. In addition to further measurement signals, the longitudinal acceleration signal serves as the main evaluation basis.

Abstract This article addresses the issue of a design to provide remote vehicle communication services sustainably. These services include new features such as remote repair of Electronic Control Unit (ECU)’s software errors and feature on demand, to mention just a few key objectives. With the usual implementations of the Modular Vehicle Communication Interface (MVCI) runtime server [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] many difficulties remain [15]. They are not sustainable and require dedicated hardware. The Dictionary Server discussed here provides necessary data to diagnostic applications in general, without putting at risk Original Equipment Manufacturer (OEM)’s expertise. It also provides data to the road infrastructure for V2V- and Vehicle-to-Infrastructure (V2X)-based services. This crucial diagnostic data contains ECUs’ communication parameters, memory programming data, and other available functions. They are kept confidentially by OEMs.

Abstract During certain driving scenarios, low-speed engine vibrations get propagated to the driveline and affect the drivability of a vehicle. To reduce the impact of these vibrations, a locked torque converter lockup clutch (TCC) is allowed to temporarily slip to increase the damping in the driveline. However, the initial slow dynamics of the fluid path of the torque converter cause the vehicle to feel sluggish. In this article, we design a model predictive controller (MPC) that optimally controls the torque request from the actuator (i.e., engine or e-motor) and the lockup clutch capacity for reducing this sluggishness. The study is conducted for a light-duty vehicle and uses an experimentally validated, detailed full-order model (FOM) for developing and validating a computationally efficient, reduced-order driveline model (ROM).

Abstract Methanol is emerging as an alternate internal combustion engine fuel. It is getting attention in countries such as China and India as an emerging transport fuel. Using methanol in spark ignition engines is easier and more economical than in compression ignition engines via the blending approach. M85 (85% v/v methanol and 15% v/v gasoline) is one of the preferred blends with the highest methanol concentration. However, its physicochemical properties significantly differ from gasoline, leading to challenges in operating existing vehicles. This experimental study addresses the challenges such as cold-start operation and poor throttle response of M85-fueled motorcycle using a port fuel injection engine. In this study, M85-fueled motorcycle prototype is developed with superior performance, similar/better drivability, and lower emissions than a gasoline-fueled port-fuel-injected motorcycle.

Abstract A literature review was conducted and fuel survey data were obtained to identify the use of metallic fuel additives (MFAs) within market fuels and determine their effects on engines, exhaust systems, and vehicle performance. The primary focus was on modern vehicles equipped with on-board diagnostic (OBD) systems and advanced emissions control systems. For gasoline, this includes vehicles categorized as National Low Emission Vehicles (NLEV) and Tier 2 or beyond in the U.S., and Euro-3 through Euro-6 in the EU. For diesel, this includes engines/vehicles with original equipment manufacturer (OEM)-equipped oxidation catalysts and diesel particulate filters. The literature search of peer-reviewed papers and other publicly available articles returned over 100 items relevant to the use of organometallic fuel additives, but did not provide significant evidence of widespread use of MFAs in either gasoline or diesel fuels.

Abstract Letter from the Special Issue Editors

Abstract Letter from the Co-editors

Abstract The article presents the development of a lean approach for virtual electronic control unit (ECU) calibration. In this calibration method, virtual models are used to improve the calibration quality or reduce the calibration effort. Unlike state-of-the-art approaches, no dedicated engine simulation models for hardware-in-the-loop (HiL) operation are utilized. The developed engine simulation consists of physical ECU real-time capable 0D models. Major benefit of this approach is the multiple use of the developed models for virtual calibration of customer ECUs and vehicle operation using rapid-control-prototyping-ECUs (RCP-ECUs). The engine model consists of a physical air path, an air charge model, a gas exchange and a torque model as well as a novel mathematical combustion and exhaust gas temperature model. The configuration of the engine model was done for a turbocharged four-cylinder gasoline reference engine.