Browse Topic: Cybersecurity
Cybersecurity, particularly in the automotive sector, is of paramount importance in today’s digital age. With the advent of connected commercial vehicles, which leverage telematics for efficient fleet management, the landscape of automotive cybersecurity is rapidly evolving. These vehicles, integral to logistics and transportation businesses, are becoming increasingly connected, thereby escalating the risks associated with cybersecurity threats. These commercial vehicles are becoming prime targets for cyber-attacks due to their connectivity and the valuable data they hold. The potential consequences of these cyber-attacks can range from data breaches to disruptions in fleet operations, and even safety risks. This paper analyses the unique challenges faced by the commercial vehicle sector, such as the need for robust telematics systems, secure communication channels, and stringent data protection measures. Case studies of notable cybersecurity incidents involving commercial vehicles are
ABSTRACT Modern vehicular systems are comprised of numerous electronics control units (ECUs) that consist of thousands of microelectronics components. Individual ECU systems are reliant upon “trust” in the supply chain for defense. This paper describes an approach utilizing historically offensive-based cybersecurity technology, side-channels, to quantify and qualify malicious ECU states in a bus-agnostic, logically-decoupled method of assurance and verification. Providing a measure of supply chain assurance to end-users. Citation: Yale Empie, Matthew Bayer, “Assurance and Verification of Vehicular Microelectronic Systems (AV2MS): Supply Chain Assurance through Utilization of Side Channel Radio Frequency Emissions for Improved Ground Vehicle Cybersecurity,” In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, Aug. 16-18, 2022
ABSTRACT This paper describes the strategies and challenges involved to secure vehicles which use automotive Ethernet-based networks. Since the early 1990’s, the Controller Area Network (CAN) bus has been the standard in automotive networking systems. However, automotive Ethernet is becoming more common in recent years and is considered the future in automotive networking. This new technology has unique advantages over traditional CAN bus networks (e.g. higher bandwidth that can support hashing and encryption), and it still requires additional security measures such as monitoring and detection of anomalies to better secure the vehicle. Southwest Research Institute (SwRI) has previously developed a CAN-only intrusion detection system (IDS) which protects a vehicle’s CAN bus by actively monitoring traffic and flagging messages that are identified as anomalies. SwRI successfully implemented the ability to read, train, and detect on automotive Ethernet data in the IDS. The integration of
ABSTRACT The growing sophistication and emergence of widespread cyber threats today has driven the DOD to place Cyber Resiliency requirements on new and legacy defense systems. The DOD has recently garnered a massive defensive DevSecOps effort aimed at defining structured practices to unify software (Dev), Security (Sec), and operations (Ops) under the umbrella of more OpSec-driven engineering practices. According to the DOD DevSecOps practicum referenced in this document [1], “Practicing DevSecOps provides demonstrable quality and security improvements over the traditional software lifecycle, enabling application security, secure deployments, and secure operations in close alignment with mission objectives.” Modern systems often contain greater networking capability and are therefore more exposed to cyber-threats. Legacy systems were often conceived prior to the field of cyber warfare maturing, resulting in unpatched potential vulnerabilities that could be exploited through trusting
ABSTRACT The growing sophistication and emergence of widespread cyber threats today has driven the DOD to place Cyber Resiliency requirements on new and legacy defense systems. The DOD has recently garnered a massive defensive DevSecOps effort aimed at defining structured practices to unify software (Dev), Security (Sec), and operations (Ops) under the umbrella of more OpSec-driven engineering practices. According to the DOD DevSecOps practicum referenced in this document [1], “Practicing DevSecOps provides demonstrable quality and security improvements over the traditional software lifecycle, enabling application security, secure deployments, and secure operations in close alignment with mission objectives.” Modern systems often contain greater networking capability and are therefore more exposed to cyber-threats. Legacy systems were often conceived prior to the field of cyber warfare maturing, resulting in unpatched potential vulnerabilities that could be exploited through trusting
ABSTRACT Currently there is no method to ensure that the software loaded on a vehicle has been compromised at the software level. Common practice is to use physical port security to secure all network and data bus connection points with physical devices requiring tool, keys, or damage to tamper evident devices to prevent, inhibit, or discourage unauthorized connection; turn off access to the ports in the BIOS and password protect the BIOS. As well as give non-admin access to user accounts and password protect the operating systems. All these countermeasures help to prevent access but there is no way to tell if the software was compromised if not detected by these methods. Blockchain technology ensures that the software has not been compromised by comparing a hash generated at start up and comparing it to the distributed ledger. This technology helps to bring Warfighter technology into the future
ABSTRACT This paper explores the construction of a Trusted Execution Environment (TEE) which doesn’t rely on TrustZone or specific processing modes in order to achieve a high-performance operating environment with multiple layers of hardware enforced confidentiality and integrity. The composed TEE uses hardware intellectual property (IP) blocks, existing hardware-level protections, a hypervisor, Linux security module (LSM), and Linux kernel capabilities including a file system in order to provide the performance and multiple layers of confidentiality and integrity. Additionally, the TEE composition explores both open source and commercial solutions for achieving the same result. Citation: J. Kline, “High Performance Trusted Execution Environment”, In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, Aug. 13-15, 2019
ABSTRACT The importance of hardening robotic and autonomous systems (RAS) considered for field deployment against cyber threats has been recognized by organizations across the Department of Defense (DoD). Among these needs is the ability to securely provide these modern military vehicles with software updates containing critical new functionality and security improvements. A secure update process and system for military RAS has been implemented building on a framework designed for the automotive industry. Demonstrations of the capabilities and mitigations against possible attacks on the update process will be performed on a RAS MRZR in a mock field environment. Citation: S. Pereira, C. Mott, D. Mikulski, “Secure Update Process For Robotic And Autonomous Systems,” In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, Aug. 15-17, 2023
ABSTRACT Addressing the well-established need for accurate cyber situational awareness on military vehicles and weapons platforms, we developed a well-tested, robust Intrusion Detection System – Fox Shield™ – currently rated TRL-8. The system is described and the lessons learned during its development are discussed. The basic principles of our anomaly detectors are outlined, and the details of our innovative warning-aggregating Fuser are presented. Many attack detection examples are presented, using a publicly available CANbus dataset. Citation: E.I. Novikova, V. Le, M. Weber, C. Andersen, S.N. Hamilton, “Best Practices For Ground Vehicle Intrusion Detection Systems”, In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, Aug. 13-15, 2020
Abstract New technological advancements call for innovative cybersecurity assurance measures in preventing increased vulnerabilities through cyber-attacks and cyber warfare. Current encryption processes are no longer failsafe in secure data management architectures, especially with accessibility to Advanced Encryption Algorithms (AES). Through new technological advancements, including informational technology architectures and autonomous vehicle implementation, it is imperative to provide new paradigms of security against cybersecurity breaches. In all realms of data usage, including the development of the Next Generation of military vehicles, the demand for significant preventative measures in cybersecurity assurance has dramatically increased. The matter of advanced need in cybersecurity can be established through the use of MicroToken Exchange™ (MTE). By way of MicroToken Exchange, it is possible to provide an additional robust layer of security that allows the right data, as well
ABSTRACT The Vehicular Integration for Command, Control, Communication, Computers, Intelligence, Surveillance and Reconnaissance / Electronic Warfare (C4ISR/EW) Interoperability (VICTORY) standards is an open architecture that defines how software and hardware are shared as common resources among services that make up a platform’s capabilities such as Ethernet switches and routers, end nodes, processing units, as well as functionality such as position and navigation systems, radios, health monitoring, and automotive. The VICTORY standard enables reducing the total Size, Weight, and Power (SWaP), and Costs (SWaP-C) on a platform. As part of the Information Assurance (IA) capabilities of the VICTORY standard, the VICTORY Access Control Framework (VACF) provides protection to these shared resources in the form of an Attribute-Based Access Control (ABAC) system. The VACF is composed of five VICTORY component types: Authentication, Attribute Store, Policy Store, Policy Decision, and Policy
ABSTRACT FEV North America will discuss application of advanced automotive cybersecurity to smart vehicle projects, - software safety - software architecture and how it applies to similar features and capabilities across the fleet of DoD combat and tactical vehicles. The analogous system architectures of automotive and military vehicles with advanced architectures, distributed electronic control units, connectivity to networks, user interfaces and maintenance networks and interface points clearly open an opportunity for DoD to leverage the technology techniques, hardware, software, management and human resources to drive implementation costs down while implementing fleet modifications, infrastructure methodology and many of the features of the automotive cyber security spectrum. Two of the primary automotive and DoD subsystems most relevant to Cyber Security threat and protection are the automotive connected vehicles analogous to the DoD Command, Control, Communications, Computers
ABSTRACT The proliferation of information technology adds expanded capabilities and exposes new vulnerabilities through cyber warfare. To combat new threats software quality must go beyond CMMI maturity levels and embrace a software development lifecycle (SDLC) with measurable cybersecurity assurance. Standard cybersecurity artifacts throughout the SDLC should be expected and available for inspection. Integrated software applications can confidently and rapidly reduce their threat exposure by incorporating reusable data management components with a pedigree of cybersecurity SDLC assurance evidence
ABSTRACT This paper will present a 3 Unit (3U) OpenVPXTM form factor radio card module technology for a 3U OpenVPXTM form factor chassis which supports Phase 1 of the U.S. Army Communications-Electronics Research, Development and Engineering Center’s (CERDEC’s) Hardware/Software Convergence (HWC) Program
ABSTRACT Considering the growth of unmanned vehicles in Defense and Government applications, a simple and efficient way to design, develop and deploy trusted and secure systems is imperative. Secmation’s SecMUAS brings a platform for the rapid design and development of secure modular unmanned systems to defense applications and beyond. SecMUAS “bakes in” cybersecurity features using a modular design framework for unmanned systems. SecMUAS enables affordable, high assurance, “future-proof” solutions to rapidly transition from design to operational use. Secmation’s SecMUAS hardware and software will provide developers a capability to address cybersecurity requirements and related certification approval processes, enabling the rapid transition of technology to the warfighter. Citation: H. Aldridge, F. Livingston, “Secure Rapid Prototyping for Unmanned Systems”, In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, Aug. 10-12, 2021
ABSTRACT In this paper, I will describe what AUTOSAR is, and the benefits it can provide in the development of ECUs. AUTOSAR provides an industry standard framework for the development of modular software architectures, including multi-core, cyber-secure, safety critical applications in the automotive/ground vehicle systems
Abstract Increased connectivity, burgeoning functionality, as well as surging software and integration complexity all conspire to blur the lines for requirements sourcing and implementation of new Ground Vehicles
ABSTRACT This paper discusses various soft security considerations that should be accounted for in the next generation of advanced military unmanned systems. By modeling unmanned system teams as mobile ad hoc networks, we underscore the different types of information-based security vulnerabilities that motivated adversaries may be able to exploit in unmanned systems. Then we provide an overview of computational trust and show that it can be used to defend against these vulnerabilities by finding the most reliable agents to interact with from a pool of potential agents. Finally, we discuss ongoing work at U.S. Army TARDEC that is applying computational trust within a vehicle controller for autonomous convoy operations
ABSTRACT Model Based System Engineering (MBSE) offers the ability to connect an ever expanding set of disciplines through the system model into specialty areas, having a dramatic impact early and lasting throughout the system lifecycle. System safety and cybersecurity are two such areas that are far too often “patched” into a system design versus properly integrated. MBSE and the use of a system model provides a methodology to integrate these areas early in the design process. Addressing system safety and cybersecurity concerns from the beginning stages of development will enforce adoption of principals and best practices throughout the life of the system
ABSTRACT The automotive and defense industries are going through a period of disruption with the advent of Connected and Automated Vehicles (CAV) driven primarily by innovations in affordable sensor technologies, drive-by-wire systems, and Artificial Intelligence-based decision support systems. One of the primary tools in the testing and validation of these systems is a comparison between virtual and physical-based simulations, which provides a low-cost, systems-approach testing of frequently occurring driving scenarios such as vehicle platooning and edge cases and sensor-spoofing in congested areas. Consequently, the project team developed a robotic vehicle platform—Scaled Testbed for Automated and Robotic Systems (STARS)—to be used for accelerated testing elements of Automated Driving Systems (ADS) including data acquisition through sensor-fusion practices typically observed in the field of robotics. This paper will highlight the implementation of STARS as a scaled testbed for rapid
ABSTRACT Automotive electrical/electronic (E/E) architectures are continuously evolving to meet the technological challenges of the highly connected, software-defined vehicle. Advances are being made in µController/µProcessor compute hardware, software, and cyber security methodologies, to provide enhanced security, safety, flexibility and functionality. These advancements will mature through millions of miles of road/lab testing and reach TRLs suitable for use by the Army to implement safe and secure cyber-resilient platforms for manned and unmanned ground vehicle systems. This paper will describe three specific advances that will benefit Army vehicle programs of the future: Software that leverages the Modular Open Systems Approach (MOSA) as a secure and flexible Service Oriented Architecture (SOA) framework; Hardware-based Communication Engines for high bandwidth/low latency network communications; and a Hardware Security Module (HSM) that enhances the cyber-resilience of the next
ABSTRACT Bitcoin and other digital currencies utilize blockchain. Blockchain, in summary, is a collection of blocks. Within each block is a collection of transactions. Each computer (node) has the same list of blocks and transactions, which they can see as the blocks are filled with the transactions. While this is the traditional application experienced, there are other applications relevant to cybersecurity. As part of the blockchain technology, the nodes are responsible for decision-making. The blockchain technology may be used for this function in these systems. In adjusting the data flow, this is an option to increase the cybersecurity for a complete system. This addition to the cybersecurity system provides a clear benefit. Citation: Parker, C., “Blockchain Vehicle Applications and Cybersecurity: An Appropriate Use or Use Appropriately?”, In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, August 10, 2021
ABSTRACT Today’s platform systems (satellites, aircraft, surface ships, ground vehicles, and subsurface vehicles) have large numbers of electronic components including microprocessors, microcontrollers, sensors, actuators, and internal (onboard) and external (off-board) communication networks. Hardening and securing these systems is currently performed using checklist approaches like the Risk Management Framework (RMF) that derive from decades of information technology (IT) best practices. However, these approaches do not translate well to platforms because they inadequately address security issues that are unique to cyber-physical and the embedded nature of platform systems. In this paper, we describe key resilience concepts and two analytic models for improving platform cyber resilience. These models balance knowledge of offensive attack vectors with Resilience-in-Depth™ controls. The Platform Cyber Attack Model (PCAM) provides a multi-scale construct for identifying, describing, and
ABSTRACT There has been a lot of interest in the secure embedded L4 (seL4) microkernel in recent years as the basis of a cyber-security platform because it has been formally proven to be correct and free of common defects. However, while the seL4 microkernel has a formal proof of correctness, it does so at the cost of deferring functionality to the user space that most developers and system integrators would deem necessary for real life products and solutions, and use of formal proofs for user space can be prohibitively expensive. DornerWorks took an approach to bypass the need for native seL4 user space applications to develop a representative real-world system for GVSC VEA based on seL4 by enabling its virtual machine monitor functionality for ARMv8 platforms, allowing feature rich software stacks to be run in isolation guaranteed by the seL4 formal proofs. This paper describes that system and the efforts undertaken to achieve real world functionality. Citation: R. VanVossen, J
ABSTRACT Ransomware is not a new method of malware infection. This historically had been experienced in the enterprise in nearly every industry. This has been especially problematic in the medical and manufacturing fields. As the attackers saturate the specifically targeted industries, the attackers will expand their target industries. One of these which has not been significantly explored by the ransomware groups are the embedded systems and automobile environment. This set of targets is massive and provides for a vast attack potential. While this has not experienced this attack methodology at length, the research and efforts are creeping towards this as a natural extension of the business. The research focusses on the history of ransomware, uses in the enterprise, possible attack vectors with automobiles, and defenses to be explored and implemented to secure automobiles, fleets, and the industries. Citation: Parker, C., “Ransomware Vehicle Embedded System Attacks”, In Proceedings of
ABSTRACT The advent of both new bidirectional communications capabilities and increasing levels of automation to offload driver workload is requiring the vehicle’s architecture to evolve substantially. Military vehicles of the US Armed Forces are subject to even greater cybersecurity threats. New vehicle hardware includes many sensors, cameras and other systems to capture road, weather and traffic conditions. These systems will be communicating the data both internally and externally from the vehicle. In addition, the vehicles will send and receive data via multiple communications protocols. Each of these communication protocols have unique capabilities and inherent weaknesses with regard to secure communications. With this vehicle evolution, and with the pervasive cyber threats, the vehicle will have to be architected for holistic vehicle cyber situational awareness. The US Army and US Marine Corps need to be fully versed and trained to recognize threats and effectively deal with them
Items per page:
50
1 – 50 of 500