Sandip Ray,Wen Chen,Rosario Cammarota

DOI: https://doi.org/10.1145/3195970.3199851

2018-01-01

Abstract:Modern automotive systems and IoT devices are designed through a highly complex, globalized, and potentially untrustworthy supply chain. Each player in this supply chain may (1) introduce sensitive information and data (collectively termed “assets”) that must be protected from other players in the supply chain, and (2) have controlled access to assets introduced by other players. Furthermore, some players in the supply chain may be malicious. It is imperative to protect the device and any sensitive assets in it from being compromised or unknowingly disclosed by such entities. A key - and sometimes overlooked - component of security architecture of modern electronic systems entails managing security in the face of supply chain challenges. In this paper we discuss some security challenges in automotive and IoT systems arising from supply chain complexity, and the state of the practice in this area.

Zeinab El-Rewini,Karthikeyan Sadatsharan,Daisy Flora Selvaraj,Siby Jose Plathottam,Prakash Ranganathan

DOI: https://doi.org/10.1016/j.vehcom.2019.100214

IF: 6.7

2020-06-01

Vehicular Communications

Abstract:As modern vehicles are capable to connect to an external infrastructure and Vehicle-to-Everything (V2X) communication technologies mature, the necessity to secure communications becomes apparent. There is a very real risk that today's vehicles are subjected to cyber-attacks that target vehicular communications. This paper proposes a three-layer framework (sensing, communication and control) through which automotive security threats can be better understood. The sensing layer is made up of vehicle dynamics and environmental sensors, which are vulnerable to eavesdropping, jamming, and spoofing attacks. The communication layer is comprised of both in-vehicle and V2X communications and is susceptible to eavesdropping, spoofing, man-in-the-middle, and sybil attacks. At the top of the hierarchy is the control layer, which enables autonomous vehicular functionality, including the automation of a vehicle's speed, braking, and steering. Attacks targeting the sensing and communication layers can propagate upward and affect the functionality and can compromise the security of the control layer. This paper provides the state-of-the-art review on attacks and threats relevant to the communication layer and presents countermeasures.

telecommunications,transportation science & technology

Franco Oberti,Fabrizio Abrate,Alessandro Savino,Filippo Parisi,Stefano Di Carlo

2024-06-30

Abstract:The automotive industry has evolved significantly since the introduction of the Ford Model T in 1908. Today's vehicles are not merely mechanical constructs; they are integral components of a complex digital ecosystem, equipped with advanced connectivity features powered by Artificial Intelligence and cloud computing technologies. This evolution has enhanced vehicle safety, efficiency, and the overall driving experience. However, it also introduces new challenges, notably in cybersecurity. With the increasing integration of digital technologies, vehicles have become more susceptible to cyber-attacks, prompting significant cybersecurity concerns. These concerns include securing sensitive data, protecting vehicles from unauthorized access, and ensuring user privacy. In response, the automotive industry is compelled to adopt robust cybersecurity measures to safeguard both vehicles and data against potential threats. Legislative frameworks such as UNR155 and UNR156 by the United Nations, along with other international regulations, aim to establish stringent cybersecurity mandates. These regulations require compliance with comprehensive cybersecurity management systems and necessitate regular updates and testing to cope with the evolving nature of cyber threats. The introduction of such regulations highlights the growing recognition of cybersecurity as a critical component of automotive safety and functionality. The future of automotive cybersecurity lies in the continuous development of advanced protective measures and collaborative efforts among all stakeholders, including manufacturers, policymakers, and cybersecurity professionals. Only through such concerted efforts can the industry hope to address the dual goals of innovation in vehicle functionality and stringent security measures against the backdrop of an increasingly interconnected digital landscape.

Cryptography and Security

David Fernández Blanco,Frédéric Le Mouël,Trista Lin,Marie-Pierre Escudié

DOI: https://doi.org/10.1109/access.2023.3294256

IF: 3.9

2023-07-29

IEEE Access

Abstract:Over the last few decades, automotive embedded Information and Communication Technology (ICT) systems have been used to enhance vehicle performance and enrich peopleâ's driving experience, increasing the panel of software features within them. However, even though until now automakers have kept up with the innovation pace in terms of the functionalities that have been offered to passengers, the majority of automakers' efforts have concentrated on bringing in these new functionalities by adding an unceasingly larger set of ECUs. All of this has been done without evolving any of the embedded software architecture consequently, due to budgetary constraints, legislative limitations, retro-compatibility problems, and a lack of awareness of the trending IT innovation. This unbalanced progress has then led to a substantial increase in in-vehicle architectural complexity, which has become a major concern for automakers nowadays as it makes the vehicle repairing process more complex, decreases software traceability and clashes with the objective of having higher business flexibility, modularity, and dynamicity within the vehicles. In this paper, we are going to go through literature, both academic and industrial, and propose a comprehensive study into automotive system transformation. We begin by giving a detailed analysis of the causes of evolution under five axes - i.e., society, business, industry, application, and technical. Then, we discuss the convergence of cars and software life cycles and propose a three-layered analysis of automotive ICT systems consisting of architecture design, software pipelines, and run-time management. Finally, we are going to propose certain detailed guidelines on the evolution perspectives for automotive systems through deriving from the convergence of advances in IT, as well as current and future automotive environmental constraints.

computer science, information systems,telecommunications,engineering, electrical & electronic

Florian Sommer,Mona Gierl,Reiner Kriesten,Frank Kargl,Eric Sax

DOI: https://doi.org/10.1145/3644075

IF: 2.717

2024-02-05

ACM Transactions on Privacy and Security

Abstract:Modern vehicles increasingly rely on electronics, software, and communication technologies (cyber space) to perform their driving task. Over-The-Air (OTA) connectivity further extends the cyber space by creating remote access entry points. Accordingly, the vehicle is exposed to security attacks that are able to impact road safety. A profound understanding of security attacks, vulnerabilities, and mitigations is necessary to protect vehicles against cyber threats. While automotive threat descriptions, such as in UN R155, are still abstract, this creates a risk that potential vulnerabilities are overlooked and the vehicle is not secured against them. So far, there is no common understanding of the relationship of automotive attacks, the concrete vulnerabilities they exploit, and security mechanisms that would protect the system against these attacks. In this paper, we aim at closing this gap by creating a mapping between UN R155, Microsoft STRIDE classification, Common Attack Pattern Enumerations and Classifications (CAPECTM), and Common Weakness Enumeration (CWETM). In this way, already existing detailed knowledge of attacks, vulnerabilities, and mitigations is combined and linked to the automotive domain. In practice, this refines the list of UN R155 threats and therefore supports vehicle manufacturers, suppliers, and approval authorities to meet and assess the requirements for vehicle development in terms of cybersecurity. Overall, 204 mappings between UN threats, STRIDE, CAPEC attack patterns, and CWE weaknesses were created. We validated these mappings by applying our Automotive Attack Database (AAD) that consists of 361 real-world attacks on vehicles. Furthermore, 25 additional attack patterns were defined based on automotive-related attacks.

computer science, information systems

Sandip Ray,Wen Chen,Jayanta Bhadra,Mohammad Abdullah Al Faruque

DOI: https://doi.org/10.1145/3061639.3072952

2017-01-01

Abstract:A modern automotive design contains over a hundred microprocessors, several cyber-physical modules, connectivity to a variety of networks, and several hundred megabytes of software. The future is anticipated to see an even sharper rise in complexity of this electronics, with the imminence of driverless vehicles, the potential of connected automobiles within a few years, and work towards seamless integration of automobiles with smart cities and infrastructure systems. Security is a fundamental challenge in the design of automotive systems. Unfortunately, security considerations in automotive systems are complicated by two factors: (1) need for real-time mitigation against in-field threats; and (2) in-field configurability and extensibility of security features. This paper examines the trade-offs between security countermeasures, real-time requirements, and in-field configurability needs for modern automotive systems. We discuss the current state of the practice in automotive security architecture, as well as gaps and challenges that need to be addressed for a viable security solution in future.

George Kornaros,Othon Tomoutzozlou,Marcello Coppola,Georgios Kornaros,Othon Tomoutzoglou

DOI: https://doi.org/10.1109/mm.2018.053631143

IF: 2.8212

2018-09-01

IEEE Micro

Abstract:With emerging smart automotive technologies, vehicle-to-vehicle communications, and software-dominated enhancements for enjoyable driving and advanced driver assistance systems, the complexity of providing guarantees in terms of security, trust, and privacy in a modern cyber-enabled automotivesystem is significantly elevated. New threat models emerge that require efficient system-level countermeasures. This article introduces synergies between on- and off-chip networking techniques to ensure secure execution environments for electronic control units. The proposed mechanisms consist of hardware firewalling and on-chip network physical isolation, whose mechanisms are combined with system-wide cryptographic techniques in automotive controller area network (CAN)-bus communications to provide authentication and confidentiality.

computer science, software engineering, hardware & architecture

Dimitris Mbakoyiannis,Othon Tomoutzoglou,George Kornaros

DOI: https://doi.org/10.1145/3297280.3297299

2019-04-08

Abstract:This work presents secure over-the-air firmware updating that brings a homogenized updating process across OEMs, suppliers and sub-tiers, removing at the same time the costs for individual security precautions and cryptographic countermeasures for each individual component or sub-system. The objective is to overcome all attacks to the servers, to the networks and to the diverse electronic control units (ECUs) in modern vehicles. The proposed herein secure over-the-air firmware updating, as applied in firmware updating for vehicles, employs separation of roles, e.g., the manager server employs firmware versioning and entitlements for each vehicle and its corresponding ECUs and dependency resolution on behalf of vehicles; In a firmware server, each ECU firmware is associated with metadata that are signed and uploaded by the OEM and/or its suppliers, while a timestamp server on demand records and signs the more recent time for ECUs firmware. An STM32F7xx-based prototype demonstrates a real vehicle case.

Marco De Vincenzi,Mert D. Pesé,Chiara Bodei,Ilaria Matteucci,Richard R. Brooks,Monowar Hasan,Andrea Saracino,Mohammad Hamad,Sebastian Steinhorst

2024-11-16

Abstract:The growing reliance on software in vehicles has given rise to the concept of Software-Defined Vehicles (SDVs), fundamentally reshaping the vehicles and the automotive industry. This survey explores the cybersecurity and privacy challenges posed by SDVs, which increasingly integrate features like Over-the-Air (OTA) updates and Vehicle-to-Everything (V2X) communication. While these advancements enhance vehicle capabilities and flexibility, they also come with a flip side: increased exposure to security risks including API vulnerabilities, third-party software risks, and supply-chain threats. The transition to SDVs also raises significant privacy concerns, with vehicles collecting vast amounts of sensitive data, such as location and driver behavior, that could be exploited using inference attacks. This work aims to provide a detailed overview of security threats, mitigation strategies, and privacy risks in SDVs, primarily through a literature review, enriched with insights from a targeted questionnaire with industry experts. Key topics include defining SDVs, comparing them to Connected Vehicles (CVs) and Autonomous Vehicles (AVs), discussing the security challenges associated with OTA updates and the impact of SDV features on data privacy. Our findings highlight the need for robust security frameworks, standardized communication protocols, and privacy-preserving techniques to address the issues of SDVs. This work ultimately emphasizes the importance of a multi-layered defense strategy,integrating both in-vehicle and cloud-based security solutions, to safeguard future SDVs and increase user trust.

Cryptography and Security,Operating Systems

Michele Scalas,Giorgio Giacinto

DOI: https://doi.org/10.48550/arXiv.1910.01037

2019-10-02

Abstract:The automotive industry is experiencing a serious transformation due to a digitalisation process and the transition to the new paradigm of Mobility-as-a-Service. The next-generation vehicles are going to be very complex cyber-physical systems, whose design must be reinvented to fulfil the increasing demand of smart services, both for safety and entertainment purposes, causing the manufacturers' model to converge towards that of IT companies. Connected cars and autonomous driving are the preeminent factors that drive along this route, and they cause the necessity of a new design to address the emerging cybersecurity issues: the "old" automotive architecture relied on a single closed network, with no external communications; modern vehicles are going to be always connected indeed, which means the attack surface will be much more extended. The result is the need for a paradigm shift towards a secure-by-design approach.

Cryptography and Security

Helen C. Leligou,Alexandra Lakka,Panagiotis A. Karkazis,Joao Pita Costa,Eva Marin Tordera,Henrique Manuel Dinis Santos,Antonio Alvarez Romero

DOI: https://doi.org/10.3390/electronics13010215

IF: 2.9

2024-01-03

Electronics

Abstract:Modern supply chains comprise an increasing number of actors which deploy different information technology systems that capture information of a diverse nature and diverse sources (from sensors to order information). While the benefits of the automatic exchange of information between these systems have been recognized and have led to their interconnection, protecting the whole supply chain from potential attacks is a challenging issue given the attack proliferation reported in the literature. In this paper, we present the FISHY platform, which anticipates protecting the whole supply chain from potential attacks by (a) adopting novel technologies and approaches including machine learning-based tools to detect security threats and recommend mitigation policies and (b) employing blockchain-based tools to provide evidence of the captured events and suggested policies. This platform is also easily expandable to protect against additional attacks in the future. We experiment with this platform in the farm-to-fork supply chain to prove its operation and capabilities. The results show that the FISHY platform can effectively be used to protect the supply chain and offers high flexibility to its users.

engineering, electrical & electronic,computer science, information systems,physics, applied

Robert E. Hiromoto,Michael Haney,Aleksandar Vakanski

DOI: https://doi.org/10.1109/idaacs.2017.8095118

2017-09-01

Abstract:We proposes the development of a cyber-secure, Internet of Things (IoT), supply chain risk management architecture. The proposed architecture is designed to reduce vulnerabilities of malicious supply chain risks by applying machine learning (ML), cryptographic hardware monitoring (CHM), and distributed system coordination (DSC) techniques to mitigate the consequences of unforeseen (including general component failure) threats. In combination, these crosscutting technologies will be integrated into Instrumentation-and-ControI/Operator-in-the-Loop (ICOL) architecture to learn normal and abnormal system behaviors. The detection of absolute or perceived abnormal system-component behaviors will trigger an ICOL alert that will require an operator's manual verification-response action (i.e., that the detected alert is, or is not a viable control system threat). The operator's verification-response will be fed back into the ML systems to recalibrate the perceived normal or abnormal state of the system's behavior.

D. Geyer,C. Miedl

DOI: https://doi.org/10.51202/9783181023846-447

2021-01-01

Abstract:<p> </p><p>Foreword</p> <p>Start-up future</p> <p>It has felt like Covid-19 had a stranglehold on us. But we haven‘t allowed ourselves to be defeated. On the contrary, we are taking advantage of the opportunities that arise as a result. Not only the long-overdue push towards digitalization, for example, but also the time gained by making fewer journeys. Those who show strength now and position themselves for the future will win. And that is exactly the reason why we have been preparing ELIV 2021 with such a lot of enthusiasm.</p> <p>As usual, we have prepared an up-to-date program with the familiar mixture of technically demanding and strategic papers and are sure that the ELIV platform will once again be a trendsetter for the automotive industry.</p> <p>The CASE megatrends (Connected, Autonomous, Shared, Electric) continue to disrupt the industry. In the Connect environment, there is still a struggle for user-friendly services and competition amongst digital ecosystems is in full swing. The entry of powerful central computers into electronic architectures poses major challenges for all parties involved.</p> <p>On the way from Level 2 to Levels 3, 4 and 5 all manufacturers are cur...</p>

Feng Luo,Yifan Jiang,Jiajia Wang,Zhihao Li,Xiaoxian Zhang

DOI: https://doi.org/10.3390/s23104979

2023-05-22

Abstract:The rapid development of intelligent connected vehicles has increased the attack surface of vehicles and made the complexity of vehicle systems unprecedented. Original equipment manufacturers (OEMs) need to accurately represent and identify threats and match corresponding security requirements. Meanwhile, the fast iteration cycle of modern vehicles requires development engineers to quickly obtain cybersecurity requirements for new features in their developed systems in order to develop system code that meets cybersecurity requirements. However, existing threat identification and cybersecurity requirement methods in the automotive domain cannot accurately describe and identify threats for a new feature while also quickly matching appropriate cybersecurity requirements. This article proposes a cybersecurity requirements management system (CRMS) framework to assist OEM security experts in conducting comprehensive automated threat analysis and risk assessment and to help development engineers identify security requirements prior to software development. The proposed CRMS framework enables development engineers to quickly model their systems using the UML-based (i.e., capable of describing systems using UML) Eclipse Modeling Framework and security experts to integrate their security experience into a threat library and security requirement library expressed in Alloy formal language. In order to ensure accurate matching between the two, a middleware communication framework called the component channel messaging and interface (CCMI) framework, specifically designed for the automotive domain, is proposed. The CCMI communication framework enables the fast model of development engineers to match with the formal model of security experts for threat and security requirement matching, achieving accurate and automated threat and risk identification and security requirement matching. To validate our work, we conducted experiments on the proposed framework and compared the results with the HEAVENS approach. The results showed that the proposed framework is superior in terms of threat detection rates and coverage rates of security requirements. Moreover, it also saves analysis time for large and complex systems, and the cost-saving effect becomes more pronounced with increasing system complexity.

Yuanfang Chen,Muhammad Alam,Xiaohua Xu

DOI: https://doi.org/10.48550/arXiv.2302.01744

2023-01-14

Cryptography and Security

Abstract:The Internet of Vehicles (IoV) is formed by connecting vehicles to Internet of Things. It enables vehicles to ubiquitously access to the information of customers (drivers), suppliers, and even producers to structure an IoV-based industrial value chain. Nevertheless, with the increase in vehicle networking and the information exchange among drivers, suppliers, and producers, communication security is emerging as a serious issue. In this article, we provide an overview of the communication security, and a summary of security requirements. Moreover, we clarify how security solutions can be used to conquer security challenges in the value chain. Finally, an example of attack detection and identification in Electronic Control Units (ECUs) of vehicles is used to concretely illustrate the challenges.

Daniel Williams,Chelece Clark,Rachel McGahan,Bradley Potteiger,Daniel Cohen,Patrick Musau

DOI: https://doi.org/10.1109/icaa52185.2022.00020

2022-03-01

Abstract:Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.

Badis Hammi,Sherali Zeadally

DOI: https://doi.org/10.1109/mc.2023.3273491

2023-07-01

Computer

Abstract:Software application development involves various actors and organizations in what is called the software supply chain. We discuss how we can achieve strong resilience of the software supply chain to cyberthreats and then propose a holistic end-to-end security approach for the software supply chain.

computer science, software engineering, hardware & architecture

Franco Oberti,Alessandro Savino,Ernesto Sanchez,Filippo Parisi,Stefano Di Carlo

DOI: https://doi.org/10.1109/TDMR.2022.3157000

2022-03-07

Abstract:The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new low-cost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach's feasibility.

Cryptography and Security

Christian Plappert,Florian Fenzl,Roland Rieke,Ilaria Matteucci,Gianpiero Costantino,Marco De Vincenzi

DOI: https://doi.org/10.1109/pdp55904.2022.00047

2022-03-01

Abstract:Automated driving requires increasing networking of vehicles, which in turn broadens their attack surface. In this paper, we describe several security design patterns that target critical steps in automotive attack chains and mitigate their con-sequences. These patterns enable the detection of anomalies in the firmware when booting, detect anomalies in the communication in the vehicle, prevent unauthorized control units from successfully transmitting messages, offer a way of transmitting security-related events within a vehicle network and reporting them to units external to the vehicle, and ensure that communication in the vehicle is secure. Using the example of a future high-level Electrical / Electronic (E / E) architecture, we also describe how these security design patterns can be used to become aware of the current attack situation and how to react to it.