Your Selections

Ma, Di
Show Only


File Formats

Content Types








   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Accelerated Secure Boot for Real-Time Embedded Safety Systems

SAE International Journal of Transportation Cybersecurity and Privacy

Rhein-Waal University of Applied Sciences-Kleve, Germany-Wonder Gumise
University of Michigan-Dearborn, USA-Ahmad M.K. Nasser, Di Ma
  • Journal Article
  • 11-02-01-0003
Published 2019-07-08 by SAE International in United States
Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering. We propose two efficient schemes of the dual-phase approach along with calibratable parameters to achieve the desired tamper detection probability. We evaluate the tampering detection accuracy within a simulation environment. Then we build a…
This content contains downloadable datasets
Annotation ability available
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Analyzing and Preventing Data Privacy Leakage in Connected Vehicle Services

Ford Motor Co., Ltd.-Yu Seung Kim, Pramita Mitra
University of Michigan-Huaxin Li, Di Ma, Brahim Medjahed
Published 2019-04-02 by SAE International in United States
The rapid development of connected and automated vehicle technologies together with cloud-based mobility services are revolutionizing the transportation industry. As a result, huge amounts of data are being generated, collected, and utilized, hence providing tremendous business opportunities. However, this big data poses serious challenges mainly in terms of data privacy. The risks of privacy leakage are amplified by the information sharing nature of emerging mobility services and the recent advances in data analytics. In this paper, we provide an overview of the connected vehicle landscape and point out potential privacy threats. We demonstrate two of the risks, namely additional individual information inference and user de-anonymization, through concrete attack designs. We also propose corresponding countermeasures to defend against such privacy attacks. We evaluate the feasibility of such attacks and our defense strategies using real world vehicular data.
This content contains downloadable datasets
Annotation ability available
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Secure and Privacy-Preserving Data Collection Mechanisms for Connected Vehicles

Ford Motor Company-Yu Seung Kim, Pramita Mitra
University of Michigan-Dearborn-Huaxin Li, Di Ma, Brahim Medjahed, Qianyi Wang
Published 2017-03-28 by SAE International in United States
Nowadays, the automotive industry is experiencing the advent of unprecedented applications with connected devices, such as identifying safe users for insurance companies or assessing vehicle health. To enable such applications, driving behavior data are collected from vehicles and provided to third parties (e.g., insurance firms, car sharing businesses, healthcare providers). In the new wave of IoT (Internet of Things), driving statistics and users’ data generated from wearable devices can be exploited to better assess driving behaviors and construct driver models. We propose a framework for securely collecting data from multiple sources (e.g., vehicles and brought-in devices) and integrating them in the cloud to enable next-generation services with guaranteed user privacy protection. To achieve this goal, we design fine-grained privacy-aware data collection and upload policies that balance between enforcing privacy requirements and optimizing resource consumption (e.g., processing, network bandwidth). The optimal policy will be determined by the privacy index of the integrated multi-source data to be used by the specific service and the desired resource usage. Real-world experiments and privacy leakage analysis are conducted to address…
This content contains downloadable datasets
Annotation ability available