Road Vehicles - Cybersecurity Engineering

This document is an unapproved DRAFT of a proposed SAE International Standard. It specifies requirements for cybersecurity risk management regarding engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces.

Data Link Layer

This particular document, SAE J1939-21, describes the data link layer using the Classical Extended Frame Format (CEFF) with 29-bit IDs, as defined in ISO 11898-1, December 2015. For SAE J1939, no alternative data link layers are permitted.

Technical Papers

Leveraging Hardware Security to Secure Connected Vehicles

Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks.

Practical Approaches for Detecting DoS Attacks on CAN Network

Some of the recent studies reveal that it is possible to access the in-vehicle networks and inject malicious messages to alter the behavior of the vehicle. Researchers have shown that, it is possible to hack a car’s communication network and remotely take control of brake, steering, power window systems, etc.

Journal Articles

Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?

Designers of automotive systems find themselves pulled in an impossible number of directions. Systems must use the most advanced security features, but at the same time run on low-cost and resource-constrained hardware. Ultimately, an engineering trade-off will eventually be made regarding how encryption and key management is used on these systems, potentially leaving them vulnerable to attack.