Le Yu,Yangyang Liu,Pengfei Jing,Xiapu Luo,Lei Xue,Kaifa Zhao,Yajin Zhou,Ting Wang,Guofei Gu,Sen Nie,Shi Wu

2022-01-01

Abstract:In-vehicle protocols are very important to the security assessment and protection of modern vehicles since they are used in communicating with, accessing, and even manipulating ECUs (Electronic Control Units) that control various vehicle components. Unfortunately, the majority of in-vehicle protocols are proprietary without publicly available documents. Although recent studies proposed methods to reverse engineer the CAN protocol used in the communication among ECUs, they cannot be applied to vehicle diagnostics protocols, which have been widely exploited by attackers to launch remote attacks. In this paper, we propose a novel framework for automatically reverse engineering the diagnostic protocols of vehicles by leveraging professional diagnostic tools. Specifically, we design and develop a new cyber-physical system that uses a set of algorithms to control a programmable robotics arm with the aid of cameras to automatically trigger and capture the messages of diagnostics protocols as well as reverse engineer their formats, semantic meanings, and proprietary formulas required for processing the response messages. We perform a large-scale experiment to evaluate our prototype using 18 real vehicles. It successfully reverse engineers 570 messages (446 for reading sensor values and 124 for controlling components). The experimental results show that our framework achieves high precision in reverse engineering proprietary formulas and obtains much more messages than the prior approach based on app analysis.

Feng Luo,Yifan Jiang,Jiajia Wang,Zhihao Li,Xiaoxian Zhang

DOI: https://doi.org/10.3390/s23104979

2023-05-22

Abstract:The rapid development of intelligent connected vehicles has increased the attack surface of vehicles and made the complexity of vehicle systems unprecedented. Original equipment manufacturers (OEMs) need to accurately represent and identify threats and match corresponding security requirements. Meanwhile, the fast iteration cycle of modern vehicles requires development engineers to quickly obtain cybersecurity requirements for new features in their developed systems in order to develop system code that meets cybersecurity requirements. However, existing threat identification and cybersecurity requirement methods in the automotive domain cannot accurately describe and identify threats for a new feature while also quickly matching appropriate cybersecurity requirements. This article proposes a cybersecurity requirements management system (CRMS) framework to assist OEM security experts in conducting comprehensive automated threat analysis and risk assessment and to help development engineers identify security requirements prior to software development. The proposed CRMS framework enables development engineers to quickly model their systems using the UML-based (i.e., capable of describing systems using UML) Eclipse Modeling Framework and security experts to integrate their security experience into a threat library and security requirement library expressed in Alloy formal language. In order to ensure accurate matching between the two, a middleware communication framework called the component channel messaging and interface (CCMI) framework, specifically designed for the automotive domain, is proposed. The CCMI communication framework enables the fast model of development engineers to match with the formal model of security experts for threat and security requirement matching, achieving accurate and automated threat and risk identification and security requirement matching. To validate our work, we conducted experiments on the proposed framework and compared the results with the HEAVENS approach. The results showed that the proposed framework is superior in terms of threat detection rates and coverage rates of security requirements. Moreover, it also saves analysis time for large and complex systems, and the cost-saving effect becomes more pronounced with increasing system complexity.

Shah Khalid Khan,Nirajan Shiwakoti,Peter Stasinopoulos,Yilun Chen,Matthew Warren

DOI: https://doi.org/10.1016/j.tranpol.2024.11.019

IF: 6.173

2024-01-01

Transport Policy

Abstract:Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human Behavior Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.

Yi Liu,Xuezhu Yang,Muxi Li,Miao Wu,Chengrui Sun,Shiying Zhou

DOI: https://doi.org/10.2991/978-94-6463-108-1_16

2022-01-01

Abstract:Recently, as research on autonomous driving technology progresses, the supply of vehicles having various autonomous driving functions is increasing, and autonomous vehicles represented by V2V (Vehicle to Vehicle) and V2X (Vehicle to Everything) are emerging.For the era of autonomous driving, connectivity between vehicles and vehicles, vehicles and the surrounding environment is required based on information and communication technologies such as LTE, 5G, and WiFi.Advances in autonomous driving technology also face new challenges, with security emerging as a top concern as it can become a prime target for cyberattacks as the vehicle's external networks and connections increase.Therefore, it is necessary to derive the defense requirements in software to respond to such malicious attacks, and it is necessary to apply the verified security coding standard during software development.Recently, the ISO/SAE 21434 international standard replacing SAE J3061 has been established and published in relation to cyber security.In this paper, we propose criteria for cybersecurity and risk assessment methods.In addition, a case study confirms the suitability of the risk level determination according to the proposed evaluation factors and criteria.

Cong Gao,Geng Wang,Weisong Shi,Zhongmin Wang,Yanping Chen

DOI: https://doi.org/10.1109/jiot.2021.3130054

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The autonomous driving industry has mushroomed over the past decade. Although autonomous driving has undoubtedly become one of the most promising technologies of this century, its development faces multiple challenges, of which security is the major concern. In this article, we present a thorough analysis of autonomous driving security. First, the attack surface of autonomous driving is presented. After an analysis of the operation of autonomous driving in terms of key components and technologies, the security of autonomous driving is elaborated in four dimensions: 1) sensors; 2) operating system; 3) control system; and 4) vehicle-to-everything (V2X) communication. Sensor security is examined from five components, which are mainly responsible for self-positioning and environmental perception. The analysis of operating system security, the second dimension, is concentrated on the robot operating system. Concerning the control system security, the controller area network is approached mainly from vulnerabilities and protection measures. The fourth dimension, V2X communication security, is probed from four categories of attacks: 1) authenticity/identification; 2) availability; 3) data integrity; and 4) confidentiality with corresponding solutions. Moreover, the drawbacks of existing methods adopted in the four dimensions are also provided. Finally, a conceptual multilayer defense framework is proposed to secure the information flow from external communication to the physical autonomous vehicle.

computer science, information systems,telecommunications,engineering, electrical & electronic

Feng Luo,Xuan Zhang,Zhenyu Yang,Yifan Jiang,Jiajia Wang,Mingzhi Wu,Wanqiang Feng

DOI: https://doi.org/10.3390/s22239211

2022-11-26

Abstract:Modern vehicles are more complex and interconnected than ever before, which also means that attack surfaces for vehicles have increased significantly. Malicious cyberattacks will not only exploit personal privacy and property, but also affect the functional safety of electrical/electronic (E/E) safety-critical systems by controlling the driving functionality, which is life-threatening. Therefore, it is necessary to conduct cybersecurity testing on vehicles to reveal and address relevant security threats and vulnerabilities. Cybersecurity standards and regulations issued in recent years, such as ISO/SAE 21434 and UNECE WP.29 regulations (R155 and R156), also emphasize the indispensability of cybersecurity verification and validation in the development lifecycle but lack specific technical details. Thus, this paper conducts a systematic and comprehensive review of the research and practice in the field of automotive cybersecurity testing, which can provide reference and advice for automotive security researchers and testers. We classify and discuss the security testing methods and testbeds in automotive engineering. Furthermore, we identify gaps and limitations in existing research and point out future challenges.

Yuefeng Du,Zhiqiang Cai,Le Yu,Wenkai Zhang,Pengfei Jing,Yingjie Cao,Shi Wu,Sen Nie,Xiapu Luo,Chenxiong Qian

DOI: https://doi.org/10.1109/SP54263.2024.00080

2024-05-19

Abstract:As modern vehicles become increasingly complex in terms of both external attack surfaces and internal in-vehicle network (IVN) topology, ensuring their cybersecurity remains a challenge. Existing standards and regulations, such as WP29 R155e and ISO 21434, attempt to establish a baseline for automotive cybersecurity, but their sufficiency in addressing the evolving threats is unclear. To fill in this gap, we first carried out an in-depth interview study with 15 experts in automotive cybersecurity, uncovering the particular challenges encountered during security activities and the limitations of current regulations. We identified 20 key insights from the interview data, ranging from the challenges and gaps in the existing automotive security industry to the limitations and recommendations for current regulations. Notably, we discovered that the quality of threat cases provided by existing regulations is unsatisfactory, and the Threat Analysis and Risk Assessment (TARA) process is often highly inefficient due to the lack of automatic tools. In response to the above limitations, we first built an improved threat database for automotive systems using the collected interview data, which enhanced the existing database both quantitatively and qualitatively. Additionally, we present CarVal, a datalog-based approach designed to infer multi-stage attack paths in IVNs and calculate risk values, thereby making TARA more efficient for automotive systems. By applying CarVal to five real vehicles, we performed extensive security analysis based on the generated attack paths and successfully exploited the corresponding attack chains in the newly gateway-segmented IVN, uncovering new automotive attack surfaces that previous research failed to cover, including the in-vehicle browser, official mobile app, backend server, and in-vehicle malware.

Engineering,Computer Science

Memoona Sadaf,Zafar Iqbal,Zahid Anwar,Umara Noor,Mohammad Imran,Thippa Reddy Gadekallu

DOI: https://doi.org/10.1016/j.vehcom.2024.100741

IF: 6.7

2024-02-16

Vehicular Communications

Abstract:Every year, millions of people lose their lives due to road accidents, and countless others suffer from severe injuries. Moreover, these accidents cause economic losses worldwide. Primary reasons for these accidents include over speeding, doziness, distracted driving, drugs, and psychoactive substances. Many efforts are made to automate vehicles to save losses. Autonomous vehicles are expected to revolutionize transportation by reducing the likelihood of accidents resulting from human mistakes, increasing efficiency, and reducing congestion. Like any other computer-based system, autonomous vehicles can be susceptible to attacks that could compromise their safety, security, and privacy. Denial-of-Service (DoS) attack is a cyberattack that aims to disturb a network's typical or standard functioning. A successful DoS attack could cause the autonomous vehicle to malfunction or stop functioning altogether, leading to accidents or other safety risks. To mitigate the risk of DoS attacks, protective measures that have been proposed include encryption, firewalls, and intrusion detection systems. The previous approaches to detect and prevent Denial-of-Service (DoS) attacks in autonomous vehicles are associated with imprecise and inaccurate results and high computational costs. The main goal of this research is to present a novel approach that utilizes fuzzy logic to effectively detect and mitigate Denial of Service (DoS) attacks. The proposed approach has achieved 99.4% detection and prevention rate by attaining optimal levels of security with testing error upto 0.6%. Furthermore, comprehensive execution and validation of security measures have been conducted by adopting the attack surface and rules representation. The presented approach delivers more precise and accurate results while maintaining a lower computational cost than existing methodologies. In future the proposed scheme can be used for detection of other attacks in autonomous vehicles by incorporating relevant input variables and their respective ranges.

telecommunications,transportation science & technology

Qi Li,Jinxin Zuo,Ruohan Cao,Yibo Zhang,Jianrui Chen,Qiang Liu,Jingjing Wang

DOI: https://doi.org/10.1109/mnet.2023.3333545

IF: 10.294

2023-01-01

IEEE Network

Abstract:With the rapid development of intelligent connected vehicles (ICVs), their intelligent, remote, and high-speed mobility characteristics have led to an expansion of their attack surface, and thus an increase in security requirements. Consequently, security research for ICVs has become a current research focus. However, existing security risk monitoring measures lack linkage with attack behavior, and security defense strategies cannot fully and promptly respond to security risk levels and system vulnerabilities. Therefore, this paper proposes a security evaluation framework for ICVs based on attack chains. The framework focuses on the mechanism and steps of attack generation, evaluates the current risk level and degree of harm in a targeted manner, and maps appropriate security management measures according to the degree of harm. This security evaluation model integrates various defense mechanisms and resolves the mismatch between existing ICV security defense measures and security situations. The effectiveness of this model has been validated through experiments, and potential research directions in the future are discussed and analyzed.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Shah Khalid Khan,Nirajan Shiwakoti,Peter Stasinopoulos,Matthew Warren

DOI: https://doi.org/10.1016/j.aap.2023.107054

Abstract:Technological advancements in Connected and Automated Vehicles (CAVs), particularly the integration of diverse stakeholder groups (communication service providers, road operators, automakers, repairers, CAV consumers, and the general public) and the pursuit of new economic opportunities, have resulted in the emergence of new technical, legal, and social challenges. The most pressing challenge is deterring criminal behaviour in both the physical and cyber realms through the adoption of CAV cybersecurity protocols and regulations. However, the literature lacks a systematic decision tool to analyze the impact of the potential cybersecurity regulations for dynamically interacting stakeholders, and to identify the leverage points to minimise the cyber-risks. To address this knowledge gap, this study uses systems theory to develop a dynamic modelling tool to analyze the indirect consequences of potential CAVs cybersecurity regulations in the medium to long term. It is hypothesized that CAVs Cybersecurity Regulatory Framework (CRF) is the property of the entire ITS stakeholders. The CRF is modelled using the System Dynamic based Stock-and-Flow-Model (SFM) technique. The SFM is founded on five critical pillars: the Cybersecurity Policy Stack, the Hacker's Capability, Logfiles, CAV Adopters, and intelligence-assisted traffic police. It is found that decision-makers should focus on three major leverage points: establishing a CRF grounded on automakers' innovation; sharing risks in eliminating negative externalities associated with underinvestment and knowledge asymmetries in cybersecurity; and capitalising on massive CAV-generated data in CAV operations. The formal integration of intelligence analysts and computer crime investigators to strengthen traffic police capabilities is pivotal. Recommendations for automakers include data-profiteering in CAV design, production, sales, marketing, safety enhancements and enabling consumer data transparency.Furthermore, CAVs-CRF necessitate a balanced approach to the trade-off between: i) data accessibility constraints on CAV automakers and ITS service providers; ii) regulator command and control thresholds; iii) automakers' business investment protection; and iv) consumers' data privacy guard.

Achref Haddaji,Samiha Ayed,Lamia Chaari Fourati

DOI: https://doi.org/10.1016/j.adhoc.2024.103481

IF: 4.816

2024-05-01

Ad Hoc Networks

Abstract:The Internet of Vehicles (IoV) has garnered significant popularity thanks to rapid technological advancements and the widespread availability of the Internet. IoV encompasses vehicles with multiple electronic control units (ECUs) interconnected via advanced intra-vehicle networks. These networks play a crucial role in managing various vehicle functions, with the Controller Area Network (CAN) being of particular significance. However, the increased adoption of intelligent vehicles has also led to a rise in cyberattacks in the intra-vehicular network. These existing vulnerabilities pose significant security and user safety challenges. Extensive efforts have been dedicated to enhancing intra-vehicular network security. Yet, there are open concerns with limited progress made by academic and industry experts on effectively detecting CAN bus attacks. These concerns are essential to ensure intelligent vehicles’ overall security and safety. It requires collaboration between academia, industry, and the development of innovative solutions to fortify vehicular networks against evolving cyber threats. Current intra-vehicular security systems need more robustness and need to consider intelligent methodologies in their proposed works. To overcome all these limitations, This paper introduces a novel intrusion detection framework for in-vehicle networks based on integrating federated learning with transfer learning, improving the detection capabilities of individual vehicles within the network. Our framework employs a trusted authority for secure communication, a cloud server for model distribution and aggregation, and leverages the CAN bus for data collection and training. It guarantees that vehicles start with standardized baseline models and refine them through transfer learning, resulting in a collective intelligence-based final IDS engine for ongoing improvement. We used the Maximum Mean Discrepancy (MMD) to select data from the source domain similar to the target domain. The selected data is more likely to contain patterns and features useful for detecting intrusions in the target domain, leading to better generalization and detection capabilities.

computer science, information systems,telecommunications

Xiaoqiang Sun,F. Richard Yu,Peng Zhang

DOI: https://doi.org/10.1109/tits.2021.3085297

IF: 8.5

2021-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:As the general development trend of the automotive industry, connected and autonomous vehicles (CAVs) can be used to increase transportation safety, promote mobility choices, reduce user costs, and create new job opportunities. However, with the increasing level of connectivity and automation, malicious users are able to easily implement different kinds of attacks, which threaten the security of CAVs. Hence, this paper provides a comprehensive survey on the cyber-security in the environment of CAVs with the aim of highlighting security problems and challenges. Firstly, based on the types of communication networks and attack objects, it classifies various cyber-security risks and vulnerabilities in the environment of CAVs into in-vehicle network attacks, vehicle to everything network attacks, and other attacks. Next, it regards cyber-risk as another type of attacks in the environment of CAVs. Then, it describes and analyzes up-to-date corresponding defense strategies for securing CAVs. In addition, it concludes several available cyber-security and safety standards of CAVs, which is helpful for the practical application of CAVs. Finally, several challenges and open problems are discussed for the future research.

engineering, electrical & electronic,transportation science & technology, civil

Mahdi Dibaei,Xi Zheng,Kun Jiang,Sasa Maric,Robert Abbas,Shigang Liu,Yuexin Zhang,Yao Deng,Sheng Wen,Jun Zhang,Yang Xiang,Shui Yu

DOI: https://doi.org/10.48550/arXiv.1907.07455

2019-07-17

Cryptography and Security

Abstract:Cyber security is one of the most significant challenges in connected vehicular systems and connected vehicles are prone to different cybersecurity attacks that endanger passengers' safety. Cyber security in intelligent connected vehicles is composed of in-vehicle security and security of inter-vehicle communications. Security of Electronic Control Units (ECUs) and the Control Area Network (CAN) bus are the most significant parts of in-vehicle security. Besides, with the development of 4G LTE and 5G remote communication technologies for vehicle-toeverything (V2X) communications, the security of inter-vehicle communications is another potential problem. After giving a short introduction to the architecture of next-generation vehicles including driverless and intelligent vehicles, this review paper identifies a few major security attacks on the intelligent connected vehicles. Based on these attacks, we provide a comprehensive survey of available defences against these attacks and classify them into four categories, i.e. cryptography, network security, software vulnerability detection, and malware detection. We also explore the future directions for preventing attacks on intelligent vehicle systems.

Claudiu Vasile Kifor,Aurelian Popescu

DOI: https://doi.org/10.3390/s24186139

2024-09-23

Abstract:Modern vehicles are increasingly interconnected through various communication channels, which requires secure access for authorized users, the protection of driver assistance and autonomous driving system data, and the assurance of data integrity against misuse or manipulation. While these advancements offer numerous benefits, recent years have exposed many intrusion incidents, revealing vulnerabilities and weaknesses in current systems. To sustain and enhance the performance, quality, and reliability of vehicle systems, software engineers face significant challenges, including in diverse communication channels, software integration, complex testing, compatibility, core reusability, safety and reliability assurance, data privacy, and software security. Addressing cybersecurity risks presents a substantial challenge in finding practical solutions to these issues. This study aims to analyze the current state of research regarding automotive cybersecurity, with a particular focus on four main themes: frameworks and technologies, standards and regulations, monitoring and vulnerability management, and testing and validation. This paper highlights key findings, identifies existing research gaps, and proposes directions for future research that will be useful for both researchers and practitioners.

Yufeng Li,Wenqi Liu,Qi Liu,Xiangyu Zheng,Ke Sun,Chengjian Huang

DOI: https://doi.org/10.3390/s24061848

IF: 3.9

2024-03-14

Sensors

Abstract:A cyber-physical system (CPS) integrates communication and automation technologies into the operational processes of physical systems. Nowadays, as a complex CPS, an intelligent connected vehicle (ICV) may be exposed to accidental functional failures and malicious attacks. Therefore, ensuring the ICV's safety and security is crucial. Traditional safety/security analysis methods, such as failure mode and effect analysis and attack tree analysis, cannot provide a comprehensive analysis for the interactions between the system components of the ICV. In this work, we merge system-theoretic process analysis (STPA) with the concept phase of ISO 26262 and ISO/SAE 21434. We focus on the interactions between components while analyzing the safety and security of ICVs to reduce redundant efforts and inconsistencies in determining safety and security requirements. To conquer STPA's abstraction in describing causal scenarios, we improved the physical component diagram of STPA-SafeSec by adding interface elements. In addition, we proposed the loss scenario tree to describe specific scenarios that lead to unsafe/unsecure control actions. After hazard/threat analysis, a unified risk assessment process is proposed to ensure consistency in assessment criteria and to streamline the process. A case study is implemented on the autonomous emergency braking system to demonstrate the validation of the proposed method.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Akwasi Adu-Kyere,Ethiopia Nigussie,Jouni Isoaho

DOI: https://doi.org/10.3390/s23218817

2023-10-30

Abstract:The inherent dynamism of recent technological advancements in intelligent vehicles has seen multitudes of noteworthy security concerns regarding interactions and data. As future mobility embraces the concept of vehicles-to-everything, it exacerbates security complexities and challenges concerning dynamism, adaptiveness, and self-awareness. It calls for a transition from security measures relying on static approaches and implementations. Therefore, to address this transition, this work proposes a hierarchical self-aware security architecture that effectively establishes accountability at the system level and further illustrates why such a proposed security architecture is relevant to intelligent vehicles. The article provides (1) a comprehensive understanding of the self-aware security concept, with emphasis on its hierarchical security architecture that enables system-level accountability, and (2) a deep dive into each layer supported by algorithms and a security-specific in-vehicle black box with external virtual security operation center (VSOC) interactions. In contrast to the present in-vehicle security measures, this architecture introduces characteristics and properties that enact self-awareness through system-level accountability. It implements hierarchical layers that enable real-time monitoring, analysis, decision-making, and in-vehicle and remote site integration regarding security-related decisions and activities.

Wenhao Yu,Jun Li,Li-Ming Peng,Xiong,Kai Yang,Hong Wang

DOI: https://doi.org/10.1108/jicv-04-2022-0015

2022-01-01

Journal of Intelligent and Connected Vehicles

Abstract:Purpose The purpose of this paper is to design a unified operational design domain (ODD) monitoring framework for mitigating Safety of the Intended Functionality (SOTIF) risks triggered by vehicles exceeding ODD boundaries in complex traffic scenarios. Design/methodology/approach A unified model of ODD monitoring is constructed, which consists of three modules: weather condition monitoring for unusual weather conditions, such as rain, snow and fog; vehicle behavior monitoring for abnormal vehicle behavior, such as traffic rule violations; and road condition monitoring for abnormal road conditions, such as road defects, unexpected obstacles and slippery roads. Additionally, the applications of the proposed unified ODD monitoring framework are demonstrated. The practicability and effectiveness of the proposed unified ODD monitoring framework for mitigating SOTIF risk are verified in the applications. Findings First, the application of weather condition monitoring demonstrates that the autonomous vehicle can make a safe decision based on the performance degradation of Lidar on rainy days using the proposed monitoring framework. Second, the application of vehicle behavior monitoring demonstrates that the autonomous vehicle can properly adhere to traffic rules using the proposed monitoring framework. Third, the application of road condition monitoring demonstrates that the proposed unified ODD monitoring framework enables the ego vehicle to successfully monitor and avoid road defects. Originality/value The value of this paper is that the proposed unified ODD monitoring framework establishes a new foundation for monitoring and mitigating SOTIF risks in complex traffic environments.

Jürgen Dobaj,Damjan Ekert,Jakub Stolfa,Svatopluk Stolfa,Georg Macher,Richard Messnarz

DOI: https://doi.org/10.3897/jucs.72367

2021-08-28

Abstract:Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

Kai Fang,Tingting Wang,Lianghuai Tong,Xiaofen Fang,Yuanyuan Pan,Wei Wang,Jianqing Li

DOI: https://doi.org/10.1109/tase.2023.3316224

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:The security of the Internet of Vehicles (IoV) has always been a concern. The constantly changing IoV data under varying traffic conditions made it unsuitable for the IoV to adopt traditional anti-attack techniques. In the absence of protections, attackers can use in-car communication as a target to compromise the safety of passengers, hence the instancy to detect the security state of the IoV. However, currently available solutions require modifications to the original hardware of the IoV and are therefore very limited in applicability. In this paper, we propose a security assessment method for IoV based on Microcontroller Unit (MCU) chip temperature, called SAMCT. Specifically, we first record the MCU chip temperatures of IoV device in different security states and analyze the relationship between them. Second, the fingerprint dataset is built using the temperature residuals. Third, to forecast the security standing of IoV devices, an integration regression model based on Self-Encoders is suggested. Lastly, in order to facilitate the effectiveness of the SAMCT, a Cloud-Edge-End framework is designed with the technology of model adaptive partitioning. Results from the experiments, which were carried out on the Raspberry Pi 4B and Stm32 hardware platforms, demonstrate that the Mean Squared Error (MSE) of the SAMCT is only 0.00104 and that the execution efficiency improvement under the Cloud-Edge-End framework is significant. Note to Practitioners—This paper was inspired by security concerns in Internet of Vehicles communication systems. The core of this work is to provide a novel security assessment method for IoV devices based on MCU temperature, which can detect the security status of IoV devices in real-time without modifying the original hardware. To this end, the different skills from scheme design to detection and validation are explained. One crucial part of this work is to regard the MCU temperature of the IoV device as a security reference and fully integrate the critical techniques in deep learning. In addition, the proposed scheme is universal and can be applied to various scenarios such as the autonomous driving and the industrial internet of things.

automation & control systems

Florian Sommer,Mona Gierl,Reiner Kriesten,Frank Kargl,Eric Sax

DOI: https://doi.org/10.1145/3644075

IF: 2.717

2024-02-05

ACM Transactions on Privacy and Security

Abstract:Modern vehicles increasingly rely on electronics, software, and communication technologies (cyber space) to perform their driving task. Over-The-Air (OTA) connectivity further extends the cyber space by creating remote access entry points. Accordingly, the vehicle is exposed to security attacks that are able to impact road safety. A profound understanding of security attacks, vulnerabilities, and mitigations is necessary to protect vehicles against cyber threats. While automotive threat descriptions, such as in UN R155, are still abstract, this creates a risk that potential vulnerabilities are overlooked and the vehicle is not secured against them. So far, there is no common understanding of the relationship of automotive attacks, the concrete vulnerabilities they exploit, and security mechanisms that would protect the system against these attacks. In this paper, we aim at closing this gap by creating a mapping between UN R155, Microsoft STRIDE classification, Common Attack Pattern Enumerations and Classifications (CAPECTM), and Common Weakness Enumeration (CWETM). In this way, already existing detailed knowledge of attacks, vulnerabilities, and mitigations is combined and linked to the automotive domain. In practice, this refines the list of UN R155 threats and therefore supports vehicle manufacturers, suppliers, and approval authorities to meet and assess the requirements for vehicle development in terms of cybersecurity. Overall, 204 mappings between UN threats, STRIDE, CAPEC attack patterns, and CWE weaknesses were created. We validated these mappings by applying our Automotive Attack Database (AAD) that consists of 361 real-world attacks on vehicles. Furthermore, 25 additional attack patterns were defined based on automotive-related attacks.

computer science, information systems