- Journal Article
“It cannot happen to us” is one of many common myths regarding cybersecurity in the transportation industry. The traditional view that the threats to transportation are low probability and low impact keep agencies from mitigating security threats to transportation critical infrastructure. Current transportation systems depend on closed proprietary systems, which are enhanced by connected cyber-physical systems. Variable Message Signs (VMS) deliver advisory information to road users to ensure safe and efficient trips. Since the first VMS physical hacking more than a decade ago, the importance of VMS security has been a pressing one. VMS hacks can include physical and remote breaches due to the weak protection of the signs and cyber-physical systems. In 2014, multiple cyber-attacks on signs by “Sun Hacker” pushed the Department of Homeland Security (DHS), which includes the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), and the Federal Highway Administration (FHWA) to investigate breaches more seriously. It is known that hackers breach cyber systems daily, but white hat hackers have given transportation officials information to help them rethink Intelligent Transportation Systems (ITS) infrastructure security gaps to prevent harm to road users and financial losses. This study employs a risk-based approach to conducting a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to investigate safety, security, reliability, and operation issues that are triggered by compromised VMS. Additionally, countermeasures are proposed to prevent the failure of critical infrastructure. The outcome is anticipated to be of special interest and usefulness to policymakers and engineers concerned with the potential vulnerabilities of the ITS’s infrastructure.
- Magazine Article
In hospitals and healthcare institutions, the sheer amount of patient metrics to track for the staff of doctors and nurses can be been a point of contention. Lawsuits based on the grounds of negligence are a risk that all healthcare practitioners take. Furthermore, there is an estimated 200,000 patients that die in the United States annually from medical errors. 1 Introducing wireless patient monitoring in these environments can potentially mitigate the risks that are innately involved in an environment geared at treatment and maintenance of sick people. There is always the potential for cyberattacks, but the rewards may outweigh the risks. Wired technologies limit patient mobility, increase the difficulty in transporting patients, and often introduce significant delays and hassle for the caregiver in arranging the cables.
- Journal Article
Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.
Requirements for a Terrestrial Based Positioning, Navigation, and Timing (PNT) System to Improve Navigation Solutions and Ensure Critical Infrastructure Security
- Aerospace Standard
This Recommended Practice defines the technical requirements for a terrestrial-based PNT system to improve vehicle (e.g., unmanned, aerial, ground, maritime) positioning/navigation solutions and ensure critical infrastructure security, complementing GNSS technologies.
- Technical Paper
- DOI: https://doi.org/10.4271/2018-01-0016
Externally-connected Electronic Control Units (ECUs) contain millions of lines of code, which may contain security vulnerabilities. Hackers may exploit these vulnerabilities to gain code execution privileges, which affect public safety. Traditional Cybersecurity solutions fall short in meeting automotive ECU constraints such as zero false positives, intermittent connectivity, and low performance impact. A desirable solution would be deterministic, require minimum resources, and protect against known and unknown security threats. We integrated Autonomous Security on a BeagleBone Black (BBB) system to evaluate the feasibility of mitigating Cybersecurity risks against potential threats. We identified key metrics that should be measured, such as level of security, ease of integration and system performance impact. In this paper, we describe the integration and evaluation process and present its results. We show that Autonomous Security can provide this protection with zero false-positives while meeting automotive constraints.
- Technical Paper
- DOI: https://doi.org/10.4271/2018-01-0018
In the automotive network architecture, the basic functions of gateway include routing, diagnostic, network management and so on. With the rapid development of connected vehicles, the cybersecurity has become an important topic in the automotive network. A spoof ECU can be used to hack the automotive network. In order to prevent the in-vehicle networks from attacking, the automotive gateway is an important part of the security architecture. A secure gateway should be able to authenticate the connected ECU and control the access to the critical network domain. The data and signals transferred between gateway and ECUs should be protected to against wiretap attacking. The purpose of this paper is to design a secure gateway for in-vehicle networks. In this paper, the designing process of the automotive secure gateway is presented. Based on the threat analysis, security requirements for automotive gateway are defined. Secure communication, key master, and firewall are proposed as the security mechanisms to protect the automotive gateway. Secure communication mechanisms contain the message authentication and data encryption. Key master is a gateway function to distribute and update the keys for the secure communication of connected ECUs. Firewall based on message filter is designed to isolate the untrusted network domain and trusted network domain. The security functions of the automotive gateway are validated in a simulated attacking environment. A microcontroller with HSM is used to implement the secure gateway. Considering the influences of security mechanisms, the network latency is tested and the results have proved the secure gateway is effective and efficient.
- Technical Paper
- DOI: https://doi.org/10.4271/2018-01-0020
The ever-increasing complexity and connectivity of driver assist functions pose challenges for both Functional Safety and Cyber Security. Several of these challenges arise not only due to the new functionalities themselves but due to numerous interdependencies between safety and security. Safety and security goals can conflict, safety mechanisms might be intentionally triggered by attackers to impact functionality negatively, or mechanisms can compete for limited resources like processing power or memory to name just some conflict potentials. But there is also the potential for synergies, both in the implementation as well as during the development. For example, both disciplines require mechanisms to check data integrity, are concerned with freedom from interference and require architecture based analyses. So far there is no consensus in the industry on how to best deal with these interdependencies in automotive development projects. SAE J3061 introduces a process framework for Cyber Security development that is intentionally very similar to that for Functional Safety as defined in ISO 26262. While these parallel frameworks help to identify interdependencies and show that aligned processes are possible, a joint process seems unreasonable due to the vastly different implementation frameworks and methods. Using concrete examples, we show problems that can arise if Functional Safety and Cyber Security processes are not properly aligned and integrated into the overall development process. Based on this we then propose steps towards coordinated safety and security processes that can prevent such problems and show how such an approach at the same time allows to benefit from synergies.
- Technical Paper
- DOI: https://doi.org/10.4271/2018-01-0015
The results of this work is allowed to identify a number of cybersecurity threats of the automated security-critical automotive systems, which reduces the efficiency of operation, road safety and system safety. Wired or wireless access of the information networks of the modern vehicles allows to gain control over power unit, chassis, security system components and comfort systems.
- Magazine Article
This column presents technologies that have applications in commercial areas, possibly creating the products of tomorrow. To learn more about each technology, see the contact information provided for that innovation.