Your Selections

Show Only


File Formats

Content Types












SAE International Journal of Transportation Cybersecurity and Privacy

  • Journal
  • V128-11EJ
To be published on 2019-06-28 by SAE International in United States
This is the electronic format of the journal.

Intelligent Vehicle Monitoring for Safety and Security

Ohio State University-Matthew Andrew Appel, Qadeer Ahmed
  • Technical Paper
  • 2019-01-0129
To be published on 2019-04-02 by SAE International in United States
The challenges posed by connected and autonomous vehicles fall beyond the scope of current version of ISO 26262. According to the current functional safety standard, human intervention defines the degree of severity of the fault. Since the driver involvement in CAVs will decrease in future, this classifies all malfunctions/faults as ASIL D. On the other hand, CAVs bring additional capabilities such as advance sensors, telematics-based connectivity etc. which can be used to devise efficient approaches to address functional safety challenges. The caveat to these additional capabilities are issues like cybersecurity, complexity, etc. This paper will present a systematic approach to understand challenges and propose a potential solution to handle faults/malfunctions in CAVs. This approach requires a framework, presented in this paper, to deal with the functional safety challenges when the driver is not in the loop. The framework introduces the concept of ‘Smart Diagnostics’ algorithms that utilize the additional set of sensors and connectivity available in CAVs. These smart algorithms may be model-based for the on-board systems (e.g. motors, sensors etc.) or machine learning based…

Ensuring Fuel Economy Performance of Commercial Vehicle Fleets using Blockchain Technology

Ohio State University-Hamza Anwar, Mukilan Arasu, Qadeer Ahmed
  • Technical Paper
  • 2019-01-1078
To be published on 2019-04-02 by SAE International in United States
In the past, research on blockchain technology has addressed security and privacy concerns within intelligent transportation systems for critical V2I and V2V communications that form the backbone of Internet of Vehicles. Within trucking industry, a recent trend has been observed towards the use of blockchain technology for operations. Industry stakeholders are particularly looking forward to refining status quo contract management and vehicle maintenance processes through blockchains. However, the use of blockchain technology for enhancing vehicle performance in fleets, especially while considering the fact that modern-day intelligent vehicles are prone to cyber security threats, is an area that has attracted less attention. In this paper, we demonstrate a case study that makes use of blockchains to securely optimize the fuel economy of fleets that do package pickup and delivery (P&D) in urban areas. We implement a Consortium Blockchain infrastructure, as opposed to a Public Blockchain which is arguably not real-time or well suited for this safety-critical application. By leveraging in real-time a fleet vehicle's powertrain status, geospatial traffic data, along with driver information, the fleet vehicle…

A Study on Comprehensive Evaluation of Intelligent Connected Vehicle Cybersecurity

CATARC-Yanan Zhang, Hang Sun, Zhixin Wu, Jihu Zheng, Peiji Shi, Yangyang Liu
  • Technical Paper
  • 2019-01-0477
To be published on 2019-04-02 by SAE International in United States
In view of the automotive cybersecurity incidents occur frequently, but there is no automotive cybersecurity evaluation standard, a comprehensive evaluation method is proposed, which firstly reviews the process of obtaining automotive cybersecurity function requirements through threat analysis and risk assessment. Then the international research projects on automotive cybersecurity and the key issues are summarized. It is proposed to score (0-100) from the three dimensions of cybersecurity level, intelligence level and enterprise incident response capacity, and comprehensively evaluate the cybersecurity performance level of automobile. Cybersecurity level includes cybersecurity concept design, protection scheme verification and penetration test. We conducted penetration testing from seven aspects, including network architecture, ECU, T-box, radio, IVI, cloud platform, APP, considering 30 test groups, including software security, hardware security, communication security, identity authentication, data security, etc., and 108 test cases. The intelligence level is evaluated according to 40 documents of 5 categories, and the enterprise's incident response capacity is evaluated according to 20 documents of 5 categories. The analytic hierarchy process (AHP) is adopted to determine the weight distribution of cybersecurity level, intelligence…

Wireless Charging for EV/HEV with Prescriptive Analytics, Machine Learning, Cybersecurity and Blockchain

Vikas Mishra
Tata Elxsi Ltd-Abid Rahman Kodakkadan, Rajesh Koduri, Sivaprasad Nandyala, Mithun Manalikandy
  • Technical Paper
  • 2019-01-0790
To be published on 2019-04-02 by SAE International in United States
Due to the rapid development in technological aspect of the Autonomous Vehicles (AV), there is a considerable need for research in the field of efficient use of fuel and lowering of the emissions from vehicles without affecting the performance, safety, and reliability of the vehicles. Electric Vehicle (EV) with rechargeable battery can be proved a practical solution for the above problem. As there is a limited capacity of the rechargeable battery, there must be an efficient power control strategy to be maintained for the performance of the vehicle without compromising safety and reliability. Different optimization techniques along with Deterministic Dynamic Programming (DDP) approach is used for the power distribution and management control. The battery operated electric vehicle can be charged either by a conductive means (wired) or by the inductive means (wireless) with the help of the electromagnetic field. These Inductive and Wireless charging techniques are based on the principle of electromagnetic induction which can be implemented by defining three primary stages namely Coil design, Compensation topology and power converter needed for transfer of energy…

In-Service Aircraft Cybersecurity Risk Assessment

Embraer-Ricardo Moraes Dos Santos, Gustavo de Carvalho Bertoli
  • Technical Paper
  • 2019-01-1329
To be published on 2019-03-19 by SAE International in United States
Use of computer networks and loadable software enables time-efficiency and cost reduction during aircraft lifecycle when compared to legacy solutions. As aircraft become connected to an online environment, it is susceptible to security threats impacting safety and operation. These security threats due to intentional unauthorized electronic interaction can reduce safety levels and impacts operational and business aspects such as: passenger confidence, airline reputation and processes (e.g. flight delays). This paper presents a cybersecurity risk assessment conducted on in-service aircraft, through an application of tailored process based on available guidelines considering Aircraft Embedded Systems and exercising Threat Scenarios to identify sources of threats to safe operation, providing insights for strengthening confidentiality, integrity and availability of assets to improve Cybersecurity Aspects on further designs and assessments.

A Comprehensive Attack and Defense Model for the Automotive Domain

Technical University of Munich, Germany-Thomas Hutzelmann, Sebastian Banescu, Alexander Pretschner
  • Journal Article
  • 11-02-01-0001
Published 2019-01-17 by SAE International in United States
In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses. In this work, we propose a comprehensive model covering all relevant aspects of the automotive environment and link it with selected attack scenarios and defense strategies already discussed in academic literature. This showcases the capabilities of our model to build…
Datasets icon
Annotation icon

Validating Requirements and Improving Specifications with Telematics Data

  • Professional Development
  • C1897
Published 2018-12-19

Field failures cause high warranty expenses, perhaps the highest quality cost. Failures occur when new designs are introduced, existing products are sold in new markets, and product specifications don’t reflect actual product usage. Any mistake in product specifications affects the entire product development process and cascades through the supply chain.


Cybersecurity Considerations for Heavy Vehicle Event Data Recorders

Irdeto Canada, Canada-Ben Gardiner
The University of Tulsa, USA-Jeremy Daily
  • Journal Article
  • 11-01-02-0006
Published 2018-12-14 by SAE International in United States
Trust in the digital data from heavy vehicle event data recorders (HVEDRs) is paramount to using the data in legal contests. Ensuring the trust in the HVEDR data requires an examination of the ways the digital information can be attacked, both purposefully and inadvertently. The goal or objective of an attack on HVEDR data will be to have the data omitted in a case. To this end, we developed an attack tree and establish a model for violating the trust needed for HVEDR data. The attack tree provides context for mitigations and also for functional requirements. A trust model is introduced as well as a discussion on what constitutes forensically sound data. The main contribution of this article is an attack tree-based model of both malicious and accidental events contributing to compromised event data recorder (EDR) data. A comprehensive list of mitigations for HVEDR systems results from this analysis.
Datasets icon
Annotation icon

Introduction to the Secure Microkernel, seL4

  • Professional Development
  • C1874
Published 2018-12-13

Security continues to be an ever-growing concern in more and more design spaces. There are daily articles about security breaches and there is a need for much higher security through the entire system stack. Thorough testing of systems can lead to stronger security in systems, but testing can only expose so many vulnerabilities. Formal methods is another solution that ensures specific behaviors will not occur. seL4 is the first formally proven microkernel and it is open-source. This makes it a great solution for systems that need strong security. The highest profile application of the seL4 Microkernel was in the DARPA High-Assurance Cyber Military Systems (HACMS) project where it was demonstrated that formal verification can scale to real-life systems to protect a wide range of cyber-physical systems from attacks. The biggest drawback of seL4 is that not many developers know about it or know how to utilize it.