Recently, vehicle networks have increased complexity due to the demand for autonomous driving or connected devices. This increasing complexity requires high bandwidth. As a result, vehicle manufacturers have begun using Ethernet-based communication for high-speed links. In order to deal with the heterogeneity of such networks where legacy automotive buses have to coexist with high-speed Ethernet links vehicle manufacturers introduced a vehicle gateway system. The system uses Ethernet as a backbone between domain controllers and CAN buses for communication between internal controllers.As a central point in the vehicle, the gateway is constantly exchanging vehicle data in a heterogeneous communication environment between the existing CAN and Ethernet networks. In an in-vehicle network context where the communications are strictly time-constrained, it is necessary to measure the delay for such routing task. In addition, due to the cyber-security risk, the security functions to ensure the integrity of the message has to be considered.This paper investigate the delay impact of the gateway routing of CAN frames considering security. In case of security, the CMAC is used to guarantee the integrity…

As technology has grown in complexity, so have the use cases and applications. In particular, vehicle systems have evolved from the mechanically simple tool with the singular utility of transport to a transportation device embedded with computer systems, allowing for the vastly superior UX.As the technological advances and increased vehicular functionality, this has also increased the number of vulnerabilities and opportunity for a successful system breach. Any of these within the present architecture, when successfully exploited, may lead to a cascade of failures, or a limited number of critical failures.To mitigate this opportunity for the attackers, one non-obtrusive measure involves a method used in non-vehicle systems. The hypervisor implementation is recommended to assist with this mitigation. While this has not been researched at length in the present use case, the application of this well-versed tool is viable.The hypervisor offers many benefits to the vehicle architecture, both operationally and with cybersecurity. The proposed mitigant provides the structure to partition the various VMs. This allows for the different functions to be managed within their own distinct VM.…

The increasing complexity of microcontroller-based automotive E/E systems that control road-vehicles and non-road mobile machinery comes with increased self-diagnosis functions and diagnosability via external test equipment (diagnostic tester).Technicians in the development, production and service depend on diagnostic test equipment that is connected to the E/E system and performs diagnostic communication. Examples of use cases of diagnostic communication include but are not limited to condition monitoring, data acquisition, (guided) fault finding and flash programming.More and more functions of a modern vehicle are realized by software (firmware). Powerful multicore servers replace the numerous control units and many control unit functions can be performed directly by smart sensors and actuators.New E/E system architectures come with increased self-diagnostic capabilities. They automatically perform tests, log diagnostic data and push such data for prognostics purposes and condition (health) monitoring to the cloud. They also support over-the-air firmware updates (FOTA).This paper describes the components of an E/E system that is equipped with an in-vehicle diagnostic tester. The tester consists of standardized components, including MVCI-Server (ISO 22900), ODX (ISO 22901), OTX (ISO 13209)…

This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.

For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits. Adapting development processes to take cybersecurity into account introduces challenges not present in engineering divisions so far. Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. Moreover, this leads to frustration among cybersecurity developers when their proposals are not accepted, and they feel their work is not appreciated. On the other hand, putting too much emphasis on cybersecurity leads to feature creep and makes the development unnecessarily complicated without…

In recent years, with increase in external connectivity (V2X, telematics, mobile projection, BYOD) the automobile is becoming a target of cyberattacks and intrusions. Any such intrusion reduces customer trust in connected cars and negatively impacts brand image (like the recent Jeep Cherokee hack).To protect against intrusion, several mechanisms are available. These range from a simple secure CAN to a specialized symbiote defense software. A few systems (e.g. V2X) implement detection of an intrusion (defined as a misbehaving entity). However, most of the mechanisms require a system-wide change which adds to the cost and negatively impacts the performance.In this paper, we are proposing a practical and scalable approach to intrusion detection. Some benefits of our approach include use of existing security mechanisms such as TrustZone® and watermarking with little or no impact on cost and performance. In addition, our approach is scalable and does not require any system-wide changes.To detect intrusions, we propose a combination of TrustZone® secure space approach along with a mechanism of static and dynamic watermarks. The current scope of research is restricted…

The automotive industry is set for a rapid transformation in the next few years in terms of communication. The kind of growth the automotive industry is poised for in fields of connected cars is both fascinating and alarming at the same time. The communication devices equipped to the cars and the data exchanges done between vehicles to vehicles are prone to a lot of cyber-related attacks. The signals that are sent using Vehicular Adhoc Network (VANET) between vehicles can be eavesdropped by the attackers and it may be used for various attacks such as the man in the middle attack, DOS attack, Sybil attack, etc. These attacks can be prevented using the Blockchain technology, where each transaction is logged in a decentralized immutable Blockchain ledger. This provides authenticity and integrity to the signals. But the use of Blockchain Platforms such as Ethereum has various drawbacks like scalability which makes it infeasible for connected car system. Here, we propose a solution to address various drawbacks of VANET such as privacy issues and, security using a more…

Automotive safety is always the focus of consumers, the selling point of products, the focus of technology. In order to achieve automatic driving, interconnection with the outside world, human-automatic system interaction, the security connotation of intelligent and connected vehicles (ICV) changes: information security is the basis of its security. Functional safety ensures that the system is operating properly. Behavioral safety guarantees a secure interaction between people and vehicles. Passive security should not be weakened, but should be strengthened based on new constraints.In terms of information safety, the threshold for attacking cloud, pipe, and vehicle information should be raised to ensure that ICV system does not fail due to malicious attacks. The cloud is divided into three cloud platforms according to functions: ICVs private cloud, TSP cloud, public cloud. The transmission side classifies three APNs based on usage: enterprise-owned APN, public network APN, and public network customized APN. The vehicle end ensures information security through the vehicle firewall, border firewall, PKI password system, key management, and security chip.In terms of functional safety, ICV function security needs…

As a promising strategic industry group that is rapidly evolving around the world, autonomous vehicle is entering a critical phase of commercialization from demonstration to end markets. The global automotive industry and governments are facing new common topics and challenges brought by autonomous vehicle, such as how to test, assess, and administrate the autonomous vehicle to ensure their safe running in real traffic situations and proper interactions with other road users. Starting from the facts that the way to autonomous driving is the process of a robot or a machine taking over driving tasks from a human. This paper summarizes the main characteristics of autonomous vehicle which are different from traditional one, then demonstrates the limitations of the existing certification mechanism and related testing methods when applied to autonomous vehicle. Based on the above analysis, a novel assessment mechanism focusing on complete vehicle behaviors is proposed, which takes safety, timeliness, accuracy, and smoothness as the four rules of autonomous vehicles. Then, a novel comprehensive evaluation scheme based on scenario is proposed, which combines simulation test,…