The SAE MOBILUS platform will continue to be accessible and populated with high quality technical content during the coronavirus (COVID-19) pandemic. x

Your Selections

Cybersecurity
Show Only

Collections

File Formats

Content Types

Dates

Sectors

Topics

Authors

Publishers

Affiliations

Committees

Events

Magazine

Series

SAE International Journal of Transportation Cybersecurity and Privacy

  • Journal
  • V129-11EJ
To be published on 2020-06-30 by SAE International in United States
This is the electronic format of the journal.
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Routing Methods Considering Security and Real-Time of Vehicle Gateway System

FESCARO-Daehyun Kim
Infineon Technologies AG-Karel Heurtefeux
  • Technical Paper
  • 2020-01-1294
To be published on 2020-04-14 by SAE International in United States
Recently, vehicle networks have increased complexity due to the demand for autonomous driving or connected devices. This increasing complexity requires high bandwidth. As a result, vehicle manufacturers have begun using Ethernet-based communication for high-speed links. In order to deal with the heterogeneity of such networks where legacy automotive buses have to coexist with high-speed Ethernet links vehicle manufacturers introduced a vehicle gateway system. The system uses Ethernet as a backbone between domain controllers and CAN buses for communication between internal controllers.As a central point in the vehicle, the gateway is constantly exchanging vehicle data in a heterogeneous communication environment between the existing CAN and Ethernet networks. In an in-vehicle network context where the communications are strictly time-constrained, it is necessary to measure the delay for such routing task. In addition, due to the cyber-security risk, the security functions to ensure the integrity of the message has to be considered.This paper investigate the delay impact of the gateway routing of CAN frames considering security. In case of security, the CMAC is used to guarantee the integrity…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Hypervisor Implementation in Vehicle Networks

Aptiv-Charles E. Parker, Jessica Wasen
  • Technical Paper
  • 2020-01-1334
To be published on 2020-04-14 by SAE International in United States
As technology has grown in complexity, so have the use cases and applications. In particular, vehicle systems have evolved from the mechanically simple tool with the singular utility of transport to a transportation device embedded with computer systems, allowing for the vastly superior UX. As the technological advances and increased vehicular functionality, this has also increased the number of vulnerabilities and opportunity for a successful system breach. Any of these within the present architecture, when successfully exploited, may lead to a cascade of failures, or a limited number of critical failures. To mitigate this opportunity for the attackers, one non-obtrusive measure involves a method used in non-vehicle systems. The hypervisor implementation is recommended to assist with this mitigation. While this has not been researched at length in the present use case, the application of this well-versed tool is viable. The hypervisor offers many benefits to the vehicle architecture, both operationally and with cybersecurity. The proposed mitigant provides the structure to partition the various VMs. This allows for the different functions to be managed within their…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

In-vehicle diagnostic system for prognostics and OTA updates of automated / autonomous vehicles.

Softing Automotive Electronics GmbH-Peter Subke, Muzafar Moshref, Julian Erber
  • Technical Paper
  • 2020-01-1373
To be published on 2020-04-14 by SAE International in United States
The E/E architecture of a modern passenger car consist of a central connectivity gateway that comes with an interface to the legally required OBD connector (SAE J1978), to domain controllers and to a Telematic Control Unit (TCU). The TCU supports 4G or 5G and provides the wireless connection to the cloud. The domain controllers are connected to the gateway via 2-wire Ethernet with a star topology, whereby the domain controllers act as gateways to CAN FD bus systems. The interface to the wired OBD connector supports both OBD/UDS on CAN and UDS on IP. The new E/E system comes with increased self-diagnostic capabilities. They automatically perform tests, log diagnostic data and push such data for prognostics purposes to the cloud. They also support over-the-air (OTA) updates. This paper describes the components of an E/E system that is equipped with an in-vehicle diagnostic tester. The tester consists of standardized components, including MVCI D-Server (ISO 22900), ODX (ISO 22901), OTX (ISO 13209) and UDS on IP (ISO 14229-5). The paper includes a description of cybersecurity measures to…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Test Method for the SAE J3138 Automotive Cyber Security Standard

DG Technologies-Mark Zachos
  • Technical Paper
  • 2020-01-0142
To be published on 2020-04-14 by SAE International in United States
This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Challenges in Integrating Cybersecurity into Existing Development Processes

Invensity GmbH-Patric Lenhart, Paul Arndt, Jana von Wedel, Christian Beul, Jan Weldert
  • Technical Paper
  • 2020-01-0144
To be published on 2020-04-14 by SAE International in United States
For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits. Adapting development processes to take cybersecurity into account introduces challenges not present in engineering divisions so far. Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. Moreover, this leads to frustration among cybersecurity developers when their proposals are not accepted, and they feel their work is not appreciated. On the other hand, putting too much emphasis on cybersecurity leads to feature creep and makes the development unnecessarily complicated without…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Selftrust - A Practical Approach for Trust Establishment

Aptiv Components India Pvt., Ltd.-Ranjit Vinayak Abhyankar, Sreenath A
  • Technical Paper
  • 2020-01-0720
To be published on 2020-04-14 by SAE International in United States
In recent years, with increase in external connectivity (V2X, telematics, mobile projection, BYOD) the automobile is becoming a target of cyberattacks and intrusions. Any such intrusion reduces customer trust in connected cars and negatively impacts brand image (like the recent Jeep Cherokee hack).To protect against intrusion, several mechanisms are available. These range from a simple secure CAN to a specialized symbiote defense software. A few systems (e.g. V2X) implement detection of an intrusion (defined as a misbehaving entity). However, most of the mechanisms require a system-wide change which adds to the cost and negatively impacts the performance.In this paper, we are proposing a practical and scalable approach to intrusion detection. Some benefits of our approach include use of existing security mechanisms such as TrustZone® and watermarking with little or no impact on cost and performance. In addition, our approach is scalable and does not require any system-wide changes.To detect intrusions, we propose a combination of TrustZone® secure space approach along with a mechanism of static and dynamic watermarks. The current scope of research is restricted…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Scalable Decentralized Solution for Secure Vehicle-to-Vehicle Communication

Tata Elxsi, Ltd.-Sreelakshmi S. Vattaparambil, Rajesh Koduri, Sivaprasad Nandyala, Mithun Manalikandy
  • Technical Paper
  • 2020-01-0724
To be published on 2020-04-14 by SAE International in United States
The automotive industry is set for a rapid transformation in the next few years in terms of communication. The kind of growth the automotive industry is poised for in fields of connected cars is both fascinating and alarming at the same time. The communication devices equipped to the cars and the data exchanges done between vehicles to vehicles are prone to a lot of cyber-related attacks. The signals that are sent using Vehicular Adhoc Network (VANET) between vehicles can be eavesdropped by the attackers and it may be used for various attacks such as the man in the middle attack, DOS attack, Sybil attack, etc. These attacks can be prevented using the Blockchain technology, where each transaction is logged in a decentralized immutable Blockchain ledger. This provides authenticity and integrity to the signals. But the use of Blockchain Platforms such as Ethereum has various drawbacks like scalability which makes it infeasible for connected car system. Here, we propose a solution to address various drawbacks of VANET such as privacy issues and, security using a more…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

A Novel Assessment and Administration Method of Autonomous Vehicle

CATARC-Zhao Wang, Hang Sun, Hang Zhang, Hanguang Xie, Zhenyu Chen
  • Technical Paper
  • 2020-01-0708
To be published on 2020-04-14 by SAE International in United States
As a promising strategic industry group that is rapidly evolving around the world, autonomous vehicle is entering a critical phase of commercialization from demonstration to end markets. The global automotive industry and governments are facing new common topics and challenges brought by autonomous vehicle, such as how to test, assess, and administrate the autonomous vehicle to ensure their safe running in real traffic situations and proper interactions with other road users. Starting from the facts that the way to autonomous driving is the process of a robot or a machine taking over driving tasks from a human. This paper summarizes the main characteristics of autonomous vehicle which are different from traditional one, then demonstrates the limitations of the existing certification mechanism and related testing methods when applied to autonomous vehicle. Based on the above analysis, a novel assessment mechanism focusing on complete vehicle behaviors is proposed, which takes safety, timeliness, accuracy, and smoothness as the four rules of autonomous vehicles. Then, a novel comprehensive evaluation scheme based on scenario is proposed, which combines simulation test,…
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Enriching Systems Theory Based Cyber-Security and Safety Analysis Using Stakeholder Value Networks

MIT-Allen Moulton
Zenuity AB-Amardeep Sidhu
  • Technical Paper
  • 2020-01-0143
To be published on 2020-04-14 by SAE International in United States
System-theoretic process analysis for security (STPA-Sec) is a powerful safety and security analysis method that focuses on unsafe and unsecure interactions between subsystems rather than component failure and its resulting chain-of-event failure modes. The first step of STPA-Sec requires the analyst to identify the system boundary and list the system losses and hazards. Current approach to performing this first and critical step of STPA-Sec requires interviewing the stakeholders and could potentially result in a narrow focus due to stakeholder’s mental model and resulting answers to questions. In some cases, stakeholders are not available for interviews and we risk influencing the system loss identification by the mental model of the analyst. We believe these two potential issues in the STPA-Sec analysis: narrow focus and missing access to stakeholder, can be address by factoring additional system information through stakeholder analysis. To illustrate the benefit of this approach a mining system is considered. Stakeholders in the mining system are identified and then classified based on the role that they play in the expected emergent behavior of the system.…