Browse Topic: Cybersecurity
Data security remains an issue of the utmost concern in contested environments. Mechanisms such as data encryption, beam-forming antennas, and frequency-hopping radio have emerged to mitigate some of the concerns in radio-frequency (RF) communications, but they do not remove all risk. Consequently, there is still a consistent appetite for alternative solutions. This paper presents a case for the use of the free-space optical (FSO) communications technology ImpLi-Fi as one such alternative. FSO communication is promising because of the ease with which the signal beam may be steered and limited, making detection and interception more difficult than with RF, and ImpLi-Fi in particular is desirable for its exceptional outdoor performance and ease of integration into existing light sources. The paper briefly illustrates the origins of the contested logistics (CL) problem and CL use cases for secure communication channels, before describing the ImpLi-Fi technology in some detail; exploring
As unmanned vehicular networks become more prevalent in civilian and defense applications, the need for robust security solutions grows in parallel. While ROS 2 offers a flexible platform for robotic operations, its security model lacks the adaptability required for dynamic trust management and proactive threat mitigation. To address these shortcomings, we propose a novel framework that integrates containerized ROS 2 nodes with Kubernetes-based orchestration, a dynamic trust management subsystem, and integrability with simulators for real-time and protocol-flexible network simulation. By embedding trust management directly within each ROS 2 container and leveraging Kubernetes, we overcome ROS 2’s security limitations by enabling real-time monitoring and machine learning-driven anomaly detection (via an autoencoder trained on custom data), facilitating the isolation or removal of suspicious nodes. Additionally, Kubernetes policies allow seamless scaling and enforcement of trust-based
This article introduces a comprehensive cooperative navigation algorithm to improve vehicular system safety and efficiency. The algorithm employs surrogate optimization to prevent collisions with cooperative cruise control and lane-keeping functionalities. These strategies address real-world traffic challenges. The dynamic model supports precise prediction and optimization within the MPC framework, enabling effective real-time decision-making for collision avoidance. The critical component of the algorithm incorporates multiple parameters such as relative vehicle positions, velocities, and safety margins to ensure optimal and safe navigation. In the cybersecurity evaluation, the four scenarios explore the system’s response to different types of cyberattacks, including data manipulation, signal interference, and spoofing. These scenarios test the algorithm’s ability to detect and mitigate the effects of malicious disruptions. Evaluate how well the system can maintain stability and avoid
With many stakeholders involved, and major investments supporting it, the advancements in automated driving (AD) are undoubtedly there. Generally speaking, the motivation for advancing AD is driver convenience and road safety. Regarding the development of AD, original equipment manufacturers, technology start-ups, and AD systems developers have taken different approaches for automated vehicles (AVs). Some manufacturers are on the path toward stand-alone vehicles, mostly relying on onboard sensors and intelligence. On the other hand, the connected, cooperative, and automated mobility (CCAM) approach relies on additional communication and information exchange to ensure safe and secure operation. CCAM holds great potential to improve traffic management, road safety, equity, and convenience. In both approaches, there are increasingly large amounts of data generated and used for AD functions in perception, situational awareness, path prediction, and decision-making. The use of artificial
The aircraft cabin plays a crucial role in airline differentiation strategies, particularly when introducing novel, data-driven services. These services aim to enhance the passenger experience during the flight and to improve cabin crew efficiency in order to reduce workload and ensure continued growth of airline revenue. Digitalization and extensive exchange of information across the entire aircraft transport system have emerged as key enablers for these services. The development of aircraft and aircraft systems that realize these services is characterized by a multi-level development process. Various development levels are considered to initially identify the functions of an aircraft in the air transport system, refine its systems and break them down into their components until a level of detail is reached that allows the implementation of the component functions. In addition to the high complexity, a major challenge in this development is to ensure traceability and consistency
Airworthiness certification of aircraft requires an Airworthiness Security Process (AWSP) to ensure safe operation under potential unauthorized interactions, particularly in the context of growing cyber threats. Regulatory authorities mandate the consideration of Intentional Unauthorized Electronic Interactions (IUEI) in the development of aircraft, airborne software, and equipment. As the industry increasingly adopts Model-Based Systems Engineering (MBSE) to accelerate development, we aim to enhance this effort by focusing on security scope definitions – a critical step within the AWSP for security risk assessment that establishes the boundaries and extent of security measures. However, our findings indicate that, despite the increasing use of model-based tools in development, these security scope definitions often remain either document-based or, when modeled, are presented at overly abstract levels, both of which limit their utility. Furthermore, we found that these definitions
The added connectivity and transmission of personal and payment information in electric vehicle (EV) charging technology creates larger attack surfaces and incentives for malicious hackers to act. As EV charging stations are a major and direct user interface in the charging infrastructure, ensuring cybersecurity of the personal and private data transmitted to and from chargers is a key component to the overall security. Researchers at Southwest Research Institute® (SwRI®) evaluated the security of direct current fast charging (DCFC) EV supply equipment (EVSE). Identified vulnerabilities included values such as the MAC addresses of both the EV and EVSE, either sent in plaintext or encrypted with a known algorithm. These values allowed for reprogramming of non-volatile memory of power-line communication (PLC) devices as well as the EV’s parameter information block (PIB). Discovering these values allowed the researchers to access the IPv6 layer on the connection between the EV and EVSE
Security flaws in automotive software have significant consequences. Modern automotive engineers must assess software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for the Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and a small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real-world case studies. We also discuss how this tool can be extended for software comprehension.
The ISO TR 5469 Technical Report provides a framework to classify the AI/ML technology based on usage level and the properties and requirements to mitigate cyber and functional safety risks for the technology. This paper provides an overview of the approach used by ISO TR 5469 as well as an example of how one of the six ISO TR 5469 desirable properties (resilience to adversarial and intentional malicious input) can be analyzed for adversarial attacks. This paper will also show how a vehicle testbed can be used to provide a student with an AI model that can be used to simulate a non-targeted cyber security attack. The testbed can be used to simulate a poisoning attack where the student can manipulate a training data set to deceive the AI model during a simulated deployment.1 The University of Detroit Mercy (UDM) has developed Cyber-security Labs as a Service (CLaaS) to support teaching students how to understand and mitigate cyber security attacks. The UDM Vehicle Cyber Engineering (VCE
Researchers are leveraging informatics approaches to tackle persistent challenges in data management and sharing, enabling real-world healthcare applications to enhance data security and accessibility.
This SAE Technical Information Report (TIR) establishes the instructions for the documents required for the variety of potential functions for PEV communications, energy transfer options, interoperability, and security. This includes the history, current status, and future plans for migrating through these documents created in the Hybrid Communication and Interoperability Task Force, based on functional objective (e.g., [1] If I want to do V2G with an off-board inverter, what documents and items within them do I need, [2] What do we intend for V3 of SAE J2953, …).
Cybersecurity, particularly in the automotive sector, is of paramount importance in today’s digital age. With the advent of connected commercial vehicles, which leverage telematics for efficient fleet management, the landscape of automotive cybersecurity is rapidly evolving. These vehicles, integral to logistics and transportation businesses, are becoming increasingly connected, thereby escalating the risks associated with cybersecurity threats. These commercial vehicles are becoming prime targets for cyber-attacks due to their connectivity and the valuable data they hold. The potential consequences of these cyber-attacks can range from data breaches to disruptions in fleet operations, and even safety risks. This paper analyses the unique challenges faced by the commercial vehicle sector, such as the need for robust telematics systems, secure communication channels, and stringent data protection measures. Case studies of notable cybersecurity incidents involving commercial vehicles are
Virtualization features such as digital twins and virtual patching can accelerate development and make commercial vehicles more agile and secure. There is one sure-fire way to secure commercial vehicles from cyber-attacks. “You just remove the connectivity,” quipped Brandon Barry, CEO of Block Harbor Cybersecurity and the moderator of a panel session on “cybersecurity of virtual machines” at the SAE COMVEC 2024 conference in Schaumburg, Illinois. Obviously, that train has left the station - commercial vehicles of all types, including trains, are only becoming more automated and connected, which increases the risks for cyber-attacks. “We have very connected vehicles, so attacks can be posed not just through powertrain solutions but also through telemetry, infotainment systems connected to different applications and services, and also through cloud platforms,” said Trisha Chatterjee, current product support and data specialist for fuel cell and hydrogen technology at Accelera by Cummins.
A research team led by Rice University’s Edward Knightly has uncovered an eavesdropping security vulnerability in high-frequency and high-speed wireless backhaul links, widely employed in critical applications such as 5G wireless cell phone signals and low-latency financial trading on Wall Street.
Items per page:
50
1 – 50 of 565