Browse Topic: Cybersecurity

Items (590)
Find
Achieving Reliability, Safety & Security in SDV OS Architecture2026-28-0122To be published on 02/12/2026
Software-Defined Vehicles (SDVs) are vehicles in which functionality and features are primarily governed by software, allowing for continuous updates, upgrades, and the introduction of new capabilities throughout the vehicle’s lifecycle. This transition from hardware-centric to software-driven architectures marks a significant shift in the automotive industry, transforming development processes, operational strategies, and business models. The SDV Operating System (SDV OS) is purpose-built for software-defined vehicles, serving as the foundational platform for managing vehicle software and enabling advanced functionalities. Unlike traditional embedded or general-purpose operating systems, SDV OS is tailored to meet the unique requirements of modern automotive architectures. Ensuring reliability, safety, and security is paramount in software-defined vehicles (SDVs), where even minor software faults can lead to serious consequences. The operating system (OS) plays a central role in
KHAN, Misbah UllahGupta, Vishal
Automotive Ethernet Proxy-Based Security Architecture In Vehicle Computers2026-28-0121To be published on 02/12/2026
Modern vehicles require sophisticated, secure communication systems to handle the growing complexity of automotive technology. As in-vehicle networks become more integrated with external wireless services, they face increasing cybersecurity vulnerabilities. This paper introduces a specialized Proxy based security architecture designed specifically for IP-based communication within vehicles. The framework utilizes proxy servers as security gatekeepers that mediate data exchanges between Electronic Control Units (ECUs) and outside networks. At its foundation, this architecture implements comprehensive traffic management capabilities including filtering, validation, and encryption to ensure only legitimate data traverses the vehicle's internal systems. By embedding proxies within the automotive middleware layer, the framework enables advanced protective measures such as intrusion detection systems, granular access controls, and protected over-the-air (OTA) update channels. This strategy
M, ArvindPraneetha, Appana DurgaRemalli, Ravi Teja
Quantum Meets Agile: Crypto-Agility for a Post-Quantum World2026-28-0127To be published on 02/12/2026
As the automotive industry transitions toward software-defined vehicles and connected ecosystems, cybersecurity becomes a critical design pillar. A pressing challenge emerges with the advent of quantum computing, which threatens to render existing cryptographic standards such as RSA and ECC obsolete. This paper addresses the need for quantum-resilient security architectures in the automotive domain by introducing a combined approach using Post-Quantum Cryptography (PQC) and crypto-agility. Unlike traditional static cryptographic systems, our approach leverages agile architectures that enable seamless integration of new cryptographic algorithms as they emerge. Central to our work is the role of Hardware Security Modules (HSMs), which provide secure, tamper-resistant environments for cryptographic operations within vehicles. We explore how HSMs can evolve into crypto-agile and quantum-safe platforms capable of supporting hybrid and post-quantum algorithms, allowing secure transitions
Kuntegowda, Jyothi
Enhancing Cybersecurity Protocols for secure communication between electric vehicles (EV) and the electric vehicle supply equipment (EVSE)2026-26-0202To be published on 01/16/2026
This paper discusses the cybersecurity precautions needed for EV and charger communication protocols to enable safe and reliable communication and charging. The Indian government's initiatives, such as the FAME program, aimed at accelerating electric vehicle (EV) adoption to combat pollution and global warming increased the establishment of DC fast charging infrastructure as well as the implementation of various communication protocols (GB/T, DC001, CHAdeMO, and CCS). The study describes the hazards encountered during EV charging, as well as the vulnerability and risk of hacking by cyber attackers. The paper exhibits the emulation of the charging setup, as well as the mitigation process required during it for a safe communication between EV and EV charger.
Uthaman, SreekumarPatil, Urmila
Feasibility and Performance of Post-Quantum Cryptography on Embedded Systems for Two-Wheeler Security2026-26-0622To be published on 01/16/2026
The proliferation of connectivity features (V2X, OTA updates, diagnostics) in modern two-wheelers significantly expands the attack surface, demanding robust security measures. However, the anticipated arrival of quantum computers threatens to break widely deployed public-key cryptography (RSA, ECC), rendering current security protocols obsolete. This paper addresses the critical need for quantum-resistant security in the automotive domain, specifically focusing on the unique challenges of two-wheeler embedded systems. This work presents an original analytical and experimental evaluation of implementing selected Post-Quantum Cryptography (PQC) algorithms, primarily focusing on NIST PQC standardization candidates (e.g., lattice-based KEMs/signatures like Kyber/Dilithium), on microcontroller platforms representative of those used in two-wheeler Electronic Control Units (ECUs) – typically ARM Cortex-M series devices characterized by limited computational power, memory (RAM/ROM), and strict
Mishra, Abhigyan
Automotive Cybersecurity: Safeguarding Connected and Autonomous Mobility2026-26-0629To be published on 01/16/2026
As vehicles transform into complex cyber-physical systems within Intelligent Transportation Systems (ITS), automotive cybersecurity has become a foundational pillar in securing safe, reliable, and trustworthy transportation. This paper examines cybersecurity challenges in connected and autonomous vehicles (CAVs), focusing on Vehicle-to-Everything (V2X) communications technologies, including Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I), and Vehicle-to-Pedestrian (V2P) and critical systems like electronic control units (ECUs), battery management units (BMUs), and sensor fusion modules. Key vulnerabilities, such as remote hacking, denial-of-service (DoS) attacks, malware injection, and data breaches, threaten vehicle functionality, passenger safety, and privacy. Key protection mechanisms, including encryption, intrusion detection systems (IDS), cryptographic protocols, secure over-the-air (OTA) updates, and Advanced Artificial Intelligence (AI) and Machine Learning (ML
Kumar, OmKumar, RajivSankar M, GopiHaregaonkar, Rushikesh Sambhaji
Automotive Cybersecurity Incident Response (CSIR) Framework and Its Integration into OEM Processes2026-26-0613To be published on 01/16/2026
The exponential growth of connected and autonomous vehicles has significantly escalated cybersecurity threats, compelling automotive Original Equipment Manufacturers (OEMs) to adopt robust and structured Cybersecurity Incident Response (CSIR) capabilities. Current automotive cybersecurity regulations, such as AIS 189 in India and UNECE WP.29 globally, mandate precise frameworks for proactive threat detection, timely response, and comprehensive incident documentation. This research presents an innovative, comprehensive CSIR framework specifically tailored to integrate seamlessly into OEM cybersecurity management processes. Leveraging a combination of real-time monitoring systems, structured threat categorization methodologies, and integrated escalation and communication protocols, the proposed CSIR framework ensures efficient incident handling aligned with stringent regulatory compliance. The framework encompasses advanced methodologies including Vehicle Security Operations Center (VSOC
Chaudhary lng, VikashDesai, ManojChatterjee, AvikChatterjee lng, Avik
A Quality-Driven Approach to Engineering Sign-Off for Software and Robust Product Development2026-26-0581To be published on 01/16/2026
This abstract outline a paper detailing the development and implementation of a comprehensive framework designed to enhance the quality and governance of the product development process in the automotive industry. As the sector undergoes significant transformation—driven by electrification, autonomous systems, and increasing regulatory and customer expectations—the need for structured development approach and robust oversight has become critical to success. The paper introduces a newly developed framework for Final Data Judgment (FDJ) and Engineering Sign-Off (ESO), representing a next-generation strategy to defect free design, robust engineering quality management and product maturity assurance. This methodology emphasizes customer-centric deliverables, risk-based assessments, and technical rigor to minimize post-SOP issues and ensure alignment with end-user expectations. The approach prioritizes end-user impact by embedding rigorous quality checkpoints that align engineering outputs
Digikar, AshishPathak, IshaKothari, Bhushan
Proactive AI-Enhanced Cybersecurity for Next-Gen Automotive Infotainment ECU2026-26-0619To be published on 01/16/2026
Abstract With the rapid advancement of connected vehicle technologies, infotainment Electronic Control Units (ECUs) have become central to user interaction and connectivity within modern vehicles. However, this enhanced functionality has introduced new vulnerabilities to cyberattacks. This paper explores the application of Artificial Intelligence (AI) in enhancing the cybersecurity framework of infotainment ECUs. The study introduces AI-powered modules for threat detection and response, presents an integrated architecture, and validates performance through simulation using MATLAB, CANoe, and NS-3. This approach addresses real-time intrusion detection, anomaly analysis, and voice command security. Key benefits include zero-day exploit resistance, scalability, and continuous protection via OTA updates. The paper references real-world automotive cyberattack cases such as Tesla's OTA vulnerability patches, BMW ConnectedDrive exploits, and Jeep Cherokee's Uconnect hack, emphasizing the
More, ShwetaKulkarni, ShraddhaKumar, PriyanshuGhanwat, HemantJoshi, Vivek
GTSRB-Shield: A Novel Machine Learning Framework for Intrusion Detection in Autonomous Vehicles Leveraging the German Traffic Sign Recognition Benchmark2026-26-0611To be published on 01/16/2026
The escalating dependence of Autonomous Vehicles on Intelligent Transportation Systems (ITS) has highlighted the imperative for comprehensive security protocols to safeguard such vehicles against cyber threats. Intrusion Detection Systems (IDS’s) are pivotal in ensuring the protection of these systems by detecting and alleviating unauthorized access and nefarious activities. The German Traffic Sign Recognition Benchmark (GTSRB) database, which encompasses an extensive compilation of traffic sign imagery, functions as a vital asset for the advancement of machine learning-based IDS. This research elucidates an intrusion detection system (IDS) that employs machine learning algorithms to scrutinize the GTSRB database. The proposed IDS emphasize the preprocessing of the GTSRB dataset to extricate pertinent features that can be employed for the training of machine learning models. Research also focuses on model development with machine learning algorithms to classify traffic signs and
Patil, KamaleshAkbar Badusha, A.Jadhav, SavitriGunale, Kishanprasad
Real-time Intrusion Detection System (IDS) for Vehicle Networks Using Machine Learning for Predictive Threat Analysis2026-26-0617To be published on 01/16/2026
The rapid adoption of connected vehicle technologies and advanced driver assistance systems (ADAS) necessitates robust security mechanisms capable of identifying and mitigating sophisticated cyber threats in real-time. Traditional signature-based intrusion detection systems (IDS) are often inadequate in addressing the dynamic and evolving nature of automotive cybersecurity threats, particularly in modern vehicle networks like Controller Area Network (CAN), CAN with Flexible Data-Rate (CAN-FD), and Automotive Ethernet. This research introduces a novel Real-time Intrusion Detection System utilizing advanced Machine Learning (ML) techniques designed specifically for automotive network environments. The proposed IDS framework employs supervised and unsupervised ML algorithms, including anomaly detection, behavioral analytics, and predictive threat modeling, to achieve high accuracy and rapid threat identification capabilities. Through extensive testing in simulated and actual vehicle
Chaudhary lng, VikashDesai, ManojChatterjee, Avik
Software-Defined Vehicles: Architecting the Future of Intelligent and Connected Mobility2026-26-0691To be published on 01/16/2026
The rise of Software-Defined Vehicles (SDVs) marks a fundamental shift in automotive design, where software, rather than hardware, defines vehicle capabilities. This review explores the SDV paradigm within Intelligent Transportation Systems (ITS), emphasizing centralized computing, over-the-air (OTA) updates, and service-oriented architectures (SOA). Key enablers such as high-performance computing units, middleware platforms (e.g., AUTOSAR Adaptive), and digital twins support scalable, flexible software deployment and real-time functionality. Artificial Intelligence (AI) and Machine Learning (ML) enhance features like predictive maintenance, driver personalization, and autonomous decision-making. However, SDVs also introduce complex challenges, including software validation, real-time performance, and system interoperability. Cybersecurity becomes critical, especially as vehicles interface with cloud platforms, edge computing, and Vehicle-to-Everything (V2X) networks. The paper also
Ahmad, AqueelHemanth, KhimavathKumar, OmKumar, RajivHaregaonkar, Rushikesh Sambhaji
Security monitoring for High Performance Vehicle Computers2026-26-0627To be published on 01/16/2026
With the increasing connectivity of modern vehicles, cybersecurity threats have become a critical concern. Intrusion Detection Systems (IDS) play a vital role in securing in-vehicle networks and embedded vehicle computers from malicious attacks. This presentation shares about an IDS framework designed specifically for POSIX-based operating systems used in vehicle computers, leveraging system-level monitoring, anomaly detection, and signature-based methods to identify potential security breaches. The proposed IDS integrates lightweight behavioral analysis to ensure minimal computational overhead while effectively detecting unauthorized access, privilege escalation, communication interface monitoring etc. By employing a combination of rules and systems datapoints, the system enhances threat detection accuracy without compromising real-time performance. Practical series deployments demonstrate the effectiveness of this approach in mitigating cyber threats in automotive environments
Shukla, SiddharthChatterjee lng, Avik
Navigating the Field of Automotive Cybersecurity Relevant Regulations2026-26-0623To be published on 01/16/2026
In recent years many automotive cybersecurity relevant regulations have been released and some have already started to come into effect. Moreover, some other regulations will come into effect in the next few years. These regulations provide requirements and guidance to automotive organizations with different degree of specifics. In this paper, we review a number of different cybersecurity relevant regulations such as UNR 155, UNR 156, AIS 189, AIS 190, GB 44495, GB 44496, EU Cyber Resilience Act, and BIS Final Rule. We break down and categorize these regulations based on their scope and highlight key areas relevant to different teams within the organizations. These key areas include Cybersecurity Management System (CSMS), Software Update Management System (SUMS), secure software development and software supply chain security, continuous cybersecurity activities (monitoring, incident response), and vulnerability disclosure and management. We then map responsibilities from the
Oka, Dennis KengoVadamalu, Raja Sangili
MOSAIC-TARA: A Comprehensive TARA Methodology for Automotive Cybersecurity2026-26-0609To be published on 01/16/2026
Threat Analysis and Risk Assessment (TARA) is a continuous activity, acting as a foundation of cybersecurity analysis for electrical and electronics automotive products. Existing TARA methodologies in the automotive domain exhibits challenges due to redundant and manual processes, particularly in handling recurring common assets across Electronic Control Units (ECUs) and functional domains. Two primary approaches observed for performing TARA are Manual-Asset-Centric TARA and Catalogue-Driven TARA. Manual-Asset Centric TARA is constructed from scratch by manually identifying the assets, calculating risks by likelihood, and impact determination. Catalogue-Driven TARA utilizes the precompiled likelihood and impact against identified assets. Both approaches lack standardized and modular mechanisms for abstraction and reuse. This results in poor scalability, increased efforts, and difficulty in maintaining consistency across vehicle platforms. The proposed method in this research overcomes
Goyal, YogendraSinha, SwatiSutar, SwapnilJaisingh, Sanjay
Enhancing Engine Reliability Testing with IoT, AI and ML: Real-Time ML-based Limit Monitoring and Predictive Maintenance with IoT sensor2026-26-0647To be published on 01/16/2026
The integration of Internet of Things (IoT), Artificial Intelligence (AI), and Machine Learning (ML) has transformed various industries, offering substantial benefits. The application of these technologies in engine reliability testing has immense potential as they offer real-time monitoring and analysis of engine performance parameters. Engine reliability testing is vital for ensuring the safety, efficiency, and longevity of engines. Traditional methods are time consuming, expensive, and rely heavily on manual inspection and data analysis. This paper shows how IoT, AI and ML technologies can greatly enhance the efficiency of engine reliability testing. The paper includes the following case studies: 1. ML-based Limit Monitoring for test data: With the help of machine learning models, we monitor the Engine health by comparing predicted and measured values during real-time testing. Intelligent algorithms predict and compare values, detect anomalies, and identify root causes in real-time
Yadav, Sanjay KumarKumar, PrabhakarR, DineshJoon, SushantRai, AyushTripathi, Vinay Mani
Considerations for Vulnerability Management in the Automotive Industry2026-26-0626To be published on 01/16/2026
With the emergence of Software-Defined Vehicles (SDVs), more complex software and connectivity technologies are introduced to support new advanced use cases such as phone as a key, smart parking and vehicle management. However, complex software functionality and external connectivity also increase the attack surface of vehicles and its ecosystem. In this paper, we first perform a classification of recent automotive cybersecurity attacks. We further perform an analysis of these attacks and associated vulnerabilities considering the application of best practices of vulnerability management approaches including Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC). CVSS is a standardized framework used to assign severity scores to known vulnerabilities and helps organizations prioritize vulnerability remediation based on severity. EPSS is a predictive model that estimates the probability of a
Oka, Dennis KengoVadamalu, Raja Sangili
RAKSH: A Blockchain Derived In-Vehicle Key Management System2026-26-0620To be published on 01/16/2026
Modern cars have advanced significantly with the rapid growth of connectivity and communication technologies. In the wake of rising cyberattacks and enforcement of regulations, implementation of cybersecurity is imperative to safeguard vehicles. The cybersecurity controls such as secure boot, secure updates, secure communication require cryptographic primitives (keys/certificates). These security features are largely dependent on robust Key Management System (KMS), as keys are the sensitive assets that must be protected throughout the lifecycle of vehicle. Several security critical applications like over-the-air and car-to-car interaction essentially needs robust KMS to protect the vehicle assets from expanding attack vector. Traditionally KMS is established centrally in a backend server. The cloud based KMS is becoming complex due to increased number of keys/certificates required to provision in a vehicle. We propose a self-governing in-vehicle key management system for a gateway
Goyal, YogendraSutar, SwapnilJaisingh, Sanjay
Next-Gen Automotive: Enablers and Monetization for Automotive SaaS and Software Defined Vehicles2026-26-0687To be published on 01/16/2026
The automotive industry is undergoing a paradigm shift, changing its model from hardware-centric products to software-driven platforms. It is driven by two underlying paradigms: the emergence of Software-Defined Vehicles (SDVs) and the increasing adoption of Automotive Software-as-a-Service (SaaS) models. Together, these trends are transforming the way the industry generates value, engages with customers, and builds new revenue models. This research examines the most important technical pillars underpinning next-generation automotive ecosystem creation. Of these pillars, centralized computing infrastructures, embedded cloud integration, efficient over-the-air (OTA) update engines, and enhanced cybersecurity models designed to protect larger numbers of connected vehicles are observed. It also evaluates the imperative significance of digital identity management to provide improved personalized experience, the critical role of edge computing to ensure real-time processing, and the promise
Saini, GouravJahagirdar, ShwetaKhandekar, Dhiraj Baburao
"Automotive Cybersecurity: Regulatory Landscape, Type Approval, and the Road Ahead"2026-26-0246To be published on 01/16/2026
Effective communication is the key for bringing harmony - be it the communication between humans and humans, or communication between machine and machine. Today’s car is a sophisticated gadget, equipped with the best of technologies running using millions of lines of codes of software. The effective use of these technologies involve communication between car to car and car to infrastructure using Dedicated Short Range Communication (DSRC), C-V2X (Cellular Vehicle-to-Everything). It is pertinent that any communication using the internet needs to be digitally secure and that the systems are designed to mitigate the perceived threats. The methods used for ensuring cyber safety of automobiles need to be verified before the end product is put to use. Automotive Industry Standards AIS-189 and AIS-190 have been formulated to provide a harmonized verification framework. Both the vehicle manufacturer and the test agency need to equip themselves with necessary skills and tools to ensure
Nayak, PratikTandon, VikramBadusha, AkbarDesai, ManojSathianesan, Rejin
Securing the Future of Electric Vehicle Charging: Identifying and Mitigating Cybersecurity Vulnerabilities2026-26-0614To be published on 01/16/2026
This paper examines the key security vulnerabilities present in modern EV charging infrastructure, with a focus on the potential threats to payment systems, communication protocols, physical security, and data privacy. In particular, it looks at the vulnerabilities associated with unencrypted communication, the risks of unauthorized access to charging stations, and the potential for denial-of-service (DoS) attacks. As the global adoption of electric vehicles (EVs) accelerates, the importance of a secure and reliable EV charging infrastructure becomes paramount. However, the expansion of charging stations and the growing integration of smart technologies introduce significant cybersecurity risks that must be addressed to ensure the safety, privacy, and reliability of the network. In addition to discussing emerging risks in relation to new technologies, such as Vehicle-to-Grid (V2G) systems, and outlining the necessity of industry-wide collaboration and the development of standardized
Aggarwal, AkshitGupta, SaurabhSirohi, KapilArisetty, VenkateshChatterjee, Avik
A Dynamic Cybersecurity Benchmarking Framework for Automotive Cyber-Physical Systems2026-26-0612To be published on 01/16/2026
As the automotive industry accelerates towards greater connectivity and automation, ensuring robust cybersecurity has become a critical priority, especially in emerging markets like India. This paper introduces a comprehensive framework designed to assess and enhance the cybersecurity of production-ready vehicles, with a particular focus on addressing the unique challenges posed by both domestic and international markets. The proposed system combines advanced threat modeling, vulnerability assessment, and dynamic evaluation techniques to continuously monitor and quantify a vehicle’s cybersecurity posture throughout its lifecycle. In the Indian context, where the automotive market is rapidly evolving and the adoption of connected and automated vehicles is on the rise, the need for tailored cybersecurity measures is particularly pressing. By evaluating the impact of cyber threats on safety, data privacy, financial risks, and vehicle functionality, the system generates a detailed
Shah, RavindraAwasthi, Vibhu VaibhavKarle, Ujjwala
Cybersecurity threats for connected passenger EV Buses of state transport units in India.2026-26-0610To be published on 01/16/2026
There are several chances to enhance fleet management, passenger safety, and operational efficiency by integrating connected technology into electric passenger buses, especially in Indian state transport agencies. But this connectivity also brings with it a fresh set of cybersecurity threats that might jeopardize these cars' dependability and security. With an emphasis on India's state-run bus fleets, this study examines the cybersecurity risks unique to connected electric vehicles (EVs) utilized for public transportation. Vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and fleet management communication systems are examined for key vulnerabilities. Potential attack vectors are highlighted, including data interception, GPS spoofing, unauthorized access, and cyberattacks on charging stations. We also look at how these cybersecurity threats affect public safety, operational disruptions, and passenger privacy. This paper also assesses the difficulties Indian state transport
Mokhare, Devendra Ashok
Post-EOL Cybersecurity Validation for Automotive Production ECUs2026-26-0608To be published on 01/16/2026
ISO/SAE 21434 emphasizes comprehensive cybersecurity risk management throughout the automotive lifecycle. However, specific guidance on validating cybersecurity measures at the production level remains limited. This paper addresses the gap in production-stage validation, particularly after End-of-Line (EOL) flashing, which includes configurations of security hardware and software protection (e.g., UCB confirmation, JTAG, and P-flash password settings). Problem articulation: Current automotive cybersecurity validation methods, despite adherence to ISO/SAE 21434, lack specific procedures for the production stage. The existing system-level validation using the ASPICE V-model (e.g., SWE.6, SYS.5) does not ensure the integrity and functionality of cybersecurity features in the final manufactured unit post-EOL flashing. This gap poses a risk of vulnerabilities being introduced during the EOL process, compromising critical security measures. Proposed solution: To mitigate the cybersecurity
Chakraborty, SuchetaKulanthaisamy, NagarajanSankar, Ganesh
Implementation of Automotive Cybersecurity Assurance Level2026-26-0624To be published on 01/16/2026
This paper explores the implementation of ISO-21434 Automotive Cybersecurity Assurance Levels (CAL), focusing on enhancing component level cybersecurity for a vehicle. CAL values, which range from 1 to 4, provide a metric for ensuring that assets are protected against relevant threats at various phases of the Software Development Life Cycle (SDLC). By identifying potential attack vectors and their severity early in the SDLC, specifically during the Concept phase of ISO 21434, organizations can determine the CAL values. The CAL value serves as a benchmark to determine the level of severity required during the design, development, and verification phases of the SDLC. This paper outlines a method to establish CAL values as per ISO-21434 guidelines. The proposed methodology includes a detailed analysis of threat modeling, which is crucial for identifying and mitigating potential cybersecurity risks. By conducting threat modeling, organizations can systematically assess vulnerabilities and
Ghosh, SubhamKhader Batcha, Jashic
Resilient Design Strategies for Wireless Charger ECUs: A Proactive Threat Analysis and Risk Assessment Framework for Ensuring Cybersecurity in EV Charging Ecosystems2026-26-0173To be published on 01/16/2026
The goal of Automotive cybersecurity is safety, reliability, confidentiality and authenticity. As the automotive industry grows smarter, so too do the cybersecurity protocols used to protect vehicles from malicious actors. Automotive cybersecurity secures communication networks, electronic systems, software and data collected by the new wave of intelligent cars The paper describes the cyber security threats its analysis ion wireless charging
Uthaman, SreekumarMulay, Abhijit BGadekar, Pundlik
Cybersecurity in Automotive OTA Update Systems and Software Store2026-26-0621To be published on 01/16/2026
Automotive Over-the-Air (OTA) software updating has become a cornerstone of the modern connected vehicle, enabling manufacturers to remotely deploy bug fixes, security patches, and new features. However, this convenience comes with significant cybersecurity challenges. This paper provides a detailed examination of automotive OTA update security and the associated software store (software Applications & services store) mechanisms. I discuss the current industry standards and regulations - notably ISO/SAE 21434 and the United Nations Economic Commission for Europe (UNECE) regulations UN R155 (cybersecurity) and UN R156 (software updates) - and explain their relevance to secure OTA and software update management. I then explore the Uptane framework, an open and widely-adopted architecture specifically designed to secure automotive OTA updates. Next, OTA-specific threat models are analyzed, detailing potential attack vectors (such as malicious update injection, man-in-the-middle attacks
Kurumbudel, Prashanth Ram
Research and Development of a System Adaptation Strategy for the AUTOSAR Crypto Stack2025-01-733412/31/2025
As automotive electronic systems become increasingly complex, the demand for robust data security and privacy protection mechanisms has grown significantly. The AUTOSAR (Automotive Open System Architecture) standard has emerged as a widely adopted framework in the automotive industry due to its strong support for interoperability, functional safety, and cybersecurity. Within the AUTOSAR Classic Platform (CP), the Crypto Stack Service as a core component that enables critical security functionalities such as encryption, decryption, digital signature verification, and key management. However, the deployment of the Crypto Stack across heterogeneous Electronic Control Units (ECUs) introduces a series of technical challenges. These challenges stem primarily from variations in hardware resources, differences in operating system implementations, and inconsistencies in software execution environments. As a result, issues such as architectural compatibility, task scheduling efficiency, and
Wu, ShudiFan, SunjiaYu, YaqiXiu, Jiapeng
Safety, ADAS, and Cybersecurity: Vol. 4EPRCOMPV01202512/29/2025
Burton, SimonChalmers, SethWishart, JeffreyZheng, Ling
ARINC 835-2 Guidance for Security of Loadable Software Parts Using Digital SignaturesARINC835-2 (Current)12/02/2025
This document provides a comprehensive overview of methods and standards for securing loadable software parts (LSPs) used in aircraft systems. It focuses on ensuring the integrity, authenticity, and trustworthiness of aircraft software, independent of the transport mechanism or media type, through the use of digital signatures and Public Key Infrastructure (PKI) technologies. The document captures solutions developed by major aerospace manufacturers and industry participants and encourages standardization to reduce costs and complexity in software security processes.
Airlines Electronic Engineering Committee
Hardware Protected Security Environment – Trusted Application Isolation Security ModelsJ3101-2_202511 (Current)11/17/2025
This information report identifies and evaluates isolation building blocks applicable to TA sandboxing within a HPSE. These building blocks can be used to support SAE J3101 TA requirements for sandboxing of TAs and secure communication between TAs. TAs must execute within their own trust domain to prevent compromise of the HPSE and other TAs. TA trust domain isolation strength may vary depending on the risk profile of the TA deployed, hence the requirement for isolation building blocks to match the risk profile. A multitenancy TA HPSE has a higher risk profile than multiple TAs from the same source (e.g., OEM). TA multitenancy must not compromise the security properties of the HPSE (the secure integration and execution of trusted multi-vendor code). In this report, we provide information on the following: HPSE TA use cases and risk profiles HPSE TA isolation building blocks for manufacturers Threat analysis to determine the effectiveness of isolation security models As the ECU E/E
Vehicle Electrical System Security Committee
Research on Ship Network Security Situation Awareness and Defense Mechanism Based on Improved Spatiotemporal Attention and Deep Reinforcement Learning2025-99-012611/11/2025
With the development of ship intelligence, network security threats are increasing day by day. This paper proposes a ship network security situation awareness algorithm based on an improved spatiotemporal attention mechanism, and constructs a supporting defense mechanism. The algorithm accurately captures changes in network security situation through dynamic weight allocation and multi-scale feature extraction. In the experimental simulation, OMNeT++ is combined with SUMO to build a ship network simulation environment, and Maritime - CPS - Dataset and other data sets are used for testing. The algorithm in this paper is compared with ARIMA, LSTM, GRU and other algorithms. The results show that in terms of situation awareness accuracy, the algorithm in this paper reaches 95.6%, which is 27.8% higher than ARIMA, 12.3% higher than LSTM, and 10.1% higher than GRU respectively; the average response time of the defense mechanism is shortened to 2.3 seconds, which is 40% faster than the
Kong, ZeyuZhou, BofeiWan, Shiyao
AI-Empowered Lightweight In-Vehicle Network Security Mechanisms: From Cryptographic Algorithms to Collaborative Defense Architectures2025-99-013211/11/2025
With the rapid development of Internet of Vehicles (IoV) and cyber-physical systems (CPS), connected autonomous vehicles (CAVs) have also developed rapidly. However, at the same time, in-vehicle networks also face more security challenges, mainly in terms of resource constraints, dynamic attacks, protocol heterogeneity, and high real-time requirements. Firstly, the trade-offs between lightweight encryption primitives and their software and hardware collaborative design in terms of performance, resource overhead, and security strength are analyzed. Secondly, the resource efficiency of AI-based intrusion detection system (IDS) is evaluated at the edge. Finally, we propose a dynamic adaptive collaborative defense framework (DACDF), which integrates federated learning with dynamic weight distillation, blockchain authentication with lightweight verifiable delay function (Light-VDF) and cross-domain IDS with hierarchical attention feature fusion to deal with collaborative attacks in resource
Zhou, YouZhang, JiguiDing, KaniYang, Guozhi
Cybersecurity: Applying Threat Modeling to Sensor-Control Architectures in Autonomous Off-Highway Vehicles2025-28-031611/06/2025
The rapid evolution of autonomy in Off-Highway Vehicles (OHVs)—spanning agriculture, mining, and construction—demands robust cybersecurity strategies. Sensor-control systems, the cognitive core of autonomous OHVs, operate in harsh, connectivity-limited environments. This paper presents a structured approach to applying threat modeling to these architectures, ensuring secure-by-design systems that uphold safety, resilience, and operational integrity.
Kotal, Amit
The Digital Backbone of Manufacturing: A Framework for Network Protocol Selection2025-28-024511/06/2025
Manufacturers need pragmatic guidance when choosing network protocols that must balance responsiveness, high data throughput, and long-term maintainability. This paper presents a step-by-step, criteria-driven framework that scores protocols on six practical dimensions, real-time behavior, bandwidth, interoperability, security, IIoT readiness, and legacy support and demonstrates the approach on both greenfield and brownfield scenarios. By combining vendor specifications, peer-reviewed studies, and field experience, the framework delivers transparent, weighted rankings designed to help engineers make defensible deployment choices. This paper explores how network protocols can be mapped to different layers of the automation pyramid, ranging from field-level communication to enterprise-level. For example, Profinet is shown to be highly effective for time-critical applications such as robotic assembly and motion control due to its deterministic, real-time ethernet capabilities. Meanwhile
Tarapure, Prasad
Spatial-temporal Information Organization Model with All Elements in Whole Domain for Shuozhou-Huanghua Railway2025-99-007910/17/2025
In view of the complexity of railway engineering structure, the systematicness of professional collaboration and the high reliability of operation safety, this paper studied the spatial-temporal information data organization model with all elements in whole domain for Shuozhou-Huanghua Railway from the aspect of Shuozhou-Huanghua Railway spatial-temporal information security. Taking the unique spatial-temporal benchmark as the main line, the paper associated different spatial-temporal information to form an efficient organization model of Shuozhou-Huanghua Railway spatial-temporal information with all elements in the whole domain, so as to implement the effective organization of massive spatial-temporal information in various specialties and fields of Shuozhou-Huanghua Railway; By using GIS (Geographic Information System) visualization technology, spatial analysis technology and big data real-time dynamic rendering technology, it was realized the real-time dynamic visualization display
Liu, KunYu, HongshengZhu, PanfengLiu, WenbinWang, Yaoyao
Reducing Powertrain Software Release Cycles from Months to Days: Streamlined Compliance and Rapid Deployment2025-01-037910/07/2025
The automotive industry's rapid shift towards electric and connected vehicles intensifies the demand for robust solutions addressing software integrity, cybersecurity, and stringent regulatory compliance, particularly concerning powertrain components and related control units. This paper addresses the significant challenge faced by automotive companies in efficiently managing and deploying an exponentially increasing number of software and hardware variants under the rigorous requirements of UNECE Regulation No. 156. This regulation mandates secure, traceable, and systematic software update processes for new vehicles and their components [1]. The proposed solution demonstrates a transformative approach that significantly reduces the software release cycle for Over-The-Air (OTA) updates which usually take 6 to 8 months to emerge [2]. By leveraging advanced techniques in automated compliance tracking, efficient parameter management, and centralized documentation, this approach bridges
Sammer, GeraldSchuch, NikolasKammerhofer, Markus
High Performance Enclosure Systems for Aerospace and Defense Applications: Preparing for What's Next25AERP10_0210/01/2025
As mission-critical systems demand more processing power, real-time data movement, and multi-domain interoperability, rugged embedded systems are being transformed. Today's military and aerospace applications increasingly demand the merging of AI computing, enhanced sensor interfaces, and cybersecurity - all under harsh environmental conditions. At the heart of this evolution is the 3U OpenVPX form factor, a modular, compact, and ruggedized hardware standard and increasingly the SOSA aligned subset of the architecture. However, next-generation systems need to go further: supporting higher bandwidth, better thermal efficiency, improved security, while maintaining multi-vendor interoperability and long-term sustainability. We'll discuss some of today's enclosure solutions as well as emerging technologies.
Infoscraps: Enforcing Information Security by Mechanism2025-01-049509/16/2025
Several information security problems currently require the vigilance of the defender to prevent exploitation or misclassification of information, specifically code injection vulnerabilities and enforcement of Security Classification Guides. This paper discusses a potential solution that can enforce some of these rules by computer mechanism, reducing the potential for security problems. The solution is to replace using simple text strings with data structures containing both a string and a key-value data store. This metadata allows the computer to apply automated rules to enforce data sanitization and classification.
Czerniak, Gregory P.
Post Quantum Cryptography on Intravehicular Networks2025-01-045109/16/2025
This research evaluated the practicality of implementing Post-Quantum Cryptography (PQC) algorithms onboard resource-constrained computing devices, especially those found in automotive platforms. While computational efficiency within PQC is high, memory size and bandwidth constraints become relevant upon consideration of end-to-end implementation. The Controller Area Network (CAN) protocol utilizes only eight (8) bytes of data payload per message, requiring the large keys of PQC algorithms to be split into several messages. Power efficient 32-bit ARM microcontrollers were used for testing. Comparison was made between software implementations of both PQC and modern algorithms to evaluate relative computational cost. Ultimately, this research determined that the communication overhead required by PQC algorithms such as CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon is not so egregious as to preclude them from implementation on board vehicular networks.
Smith, SethOwens, KyleKozan, Katherine
IMPLI-FI: A Secure Wireless Communications Technology for Contested Logistics2025-01-049209/16/2025
Data security remains an issue of the utmost concern in contested environments. Mechanisms such as data encryption, beam-forming antennas, and frequency-hopping radio have emerged to mitigate some of the concerns in radio-frequency (RF) communications, but they do not remove all risk. Consequently, there is still a consistent appetite for alternative solutions. This paper presents a case for the use of the free-space optical (FSO) communications technology ImpLi-Fi as one such alternative. FSO communication is promising because of the ease with which the signal beam may be steered and limited, making detection and interception more difficult than with RF, and ImpLi-Fi in particular is desirable for its exceptional outdoor performance and ease of integration into existing light sources. The paper briefly illustrates the origins of the contested logistics (CL) problem and CL use cases for secure communication channels, before describing the ImpLi-Fi technology in some detail; exploring
Brzozowski, AaronReimann, JethroLakshmanan, SridharMarrero, Pedro “Pete”Moyer, Benjamin D.
Advancing Automotive Software Supply Chain Security: A Blockchain-Reproducible Build Approach2025-01-045609/16/2025
The automotive industry’s systems and over-the-air (OTA) updates have vulnerabilities in its software supply chain (SSC). Although frameworks like Uptane have improved OTA security, gaps remain in ensuring software integrity and provenance. In this paper, we examine challenges securing the automotive SSC and introduce a framework, GUIXCHAIN, that integrates version control, reproducible builds, blockchain technology, and software bills of materials (SBoMs) for transparency, auditability, and resilience. Reproducible builds guarantee identical resulting binaries when compiling the same source code in different environments, as any deviation in the final output indicates a potential compromise in the build process, such as malware injection. Our preliminary study shows Guixchain’s use of reproducible builds ensures consistent and integrity-secured software across various build environments. The blockchain provides forensic capabilities, offering a history of the what, who and where of
Aideyan, IwinosaPesé, Mert D.Brooks, Richard
A Novel Orchestration Framework for Zero Trust Unmanned Vehicular Networks in ROS 22025-01-043409/16/2025
As unmanned vehicular networks become more prevalent in civilian and defense applications, the need for robust security solutions grows in parallel. While ROS 2 offers a flexible platform for robotic operations, its security model lacks the adaptability required for dynamic trust management and proactive threat mitigation. To address these shortcomings, we propose a novel framework that integrates containerized ROS 2 nodes with Kubernetes-based orchestration, a dynamic trust management subsystem, and integrability with simulators for real-time and protocol-flexible network simulation. By embedding trust management directly within each ROS 2 container and leveraging Kubernetes, we overcome ROS 2’s security limitations by enabling real-time monitoring and machine learning-driven anomaly detection (via an autoencoder trained on custom data), facilitating the isolation or removal of suspicious nodes. Additionally, Kubernetes policies allow seamless scaling and enforcement of trust-based
Tinker, NoahBoone, JuliaWang, Kuang-Ching
Hardware Protected Security Environment - GlobalPlatform Technologies Information ReportJ3101-5_202509 (Current)09/12/2025
The scope of the analysis is on the GlobalPlatform Secure Element (SE) and Trusted Execution Environment (TEE) standard specifications correspondence to SAE J3101 recommended practices. This analysis includes focuses on the platform specifications but not the scope of any future security application/applets. Both of these GlobalPlatform specifications have associated protection profiles to validate compliance, although GlobalPlatform does not currently have any specific SAE J3101 protection profiles. GlobalPlatform has communicated that it is assessing whether or not to develop application-level protection profiles to more explicitly cover the remaining requirements of SAE J3101 in order to allow for standardized testing and certification of complete solutions.
Vehicle Electrical System Security Committee
800P3-2 Cabin Connectors and Cables, Part 3, Specification of CablesARINC800P3-2 (Current)07/07/2025
This specification describes the general cable and wire characteristics recommended for use in cabin systems for commercial aircraft. Supplement 1 adds new definitions of 26 AWG 2-pair (Quad), 4-pair (Oct) data cables, and copper-fiber optic hybrid composite cables. Supplement 2 includes definitions of shielded twisted pair ethernet over single pair for data rates up to 1000Base-T1.
Airlines Electronic Engineering Committee
Assessment of Cooperative Navigation Algorithms for CAVs in Threat Scenarios12-09-01-000706/14/2025
This article introduces a comprehensive cooperative navigation algorithm to improve vehicular system safety and efficiency. The algorithm employs surrogate optimization to prevent collisions with cooperative cruise control and lane-keeping functionalities. These strategies address real-world traffic challenges. The dynamic model supports precise prediction and optimization within the MPC framework, enabling effective real-time decision-making for collision avoidance. The critical component of the algorithm incorporates multiple parameters such as relative vehicle positions, velocities, and safety margins to ensure optimal and safe navigation. In the cybersecurity evaluation, the four scenarios explore the system’s response to different types of cyberattacks, including data manipulation, signal interference, and spoofing. These scenarios test the algorithm’s ability to detect and mitigate the effects of malicious disruptions. Evaluate how well the system can maintain stability and avoid
Khan, Rahan RasheedHanif, AtharAhmed, Qadeer
Edge Artificial Intelligence in Connected, Cooperative and Automated MobilityEPR202500905/20/2025
With many stakeholders involved, and major investments supporting it, the advancements in automated driving (AD) are undoubtedly there. Generally speaking, the motivation for advancing AD is driver convenience and road safety. Regarding the development of AD, original equipment manufacturers, technology start-ups, and AD systems developers have taken different approaches for automated vehicles (AVs). Some manufacturers are on the path toward stand-alone vehicles, mostly relying on onboard sensors and intelligence. On the other hand, the connected, cooperative, and automated mobility (CCAM) approach relies on additional communication and information exchange to ensure safe and secure operation. CCAM holds great potential to improve traffic management, road safety, equity, and convenience. In both approaches, there are increasingly large amounts of data generated and used for AD functions in perception, situational awareness, path prediction, and decision-making. The use of artificial
Van Schijndel-de Nooij, MargrietBeiker, Sven
Cybersecurity Testing, Verification, and Validation MethodsJ3322_202505 (Current)05/03/2025
This document specifically pertains to cybersecurity for vehicles. It has been developed by SAE International (SAE) Committee Technical Committee on Vehicle Electrical and Electronic Systems, “Cybersecurity Testing Task Force,” a subcommittee of SAE Committee, “Vehicle Cybersecurity Systems Engineering Committee.” This committee is authorized under the scope and authority of the SAE Electronic Design Automation Steering Committee, which is organized under the scope and authority of the SAE Electrical Systems Committee (also known as the Electrical Systems Group), which is directly under the scope and authority of the SAE Motor Vehicle Council. The SAE Motor Vehicle Council’s stated scope of influence and authority, as defined by SAE, includes, “passenger car and light truck.” By definition, this excludes motorcycles, certain trailers, heavy trucks, buses, snowmobiles, watercraft, marine vessels, off-road, multi-purpose vehicles, certain other specialty vehicles, and aircraft.
Vehicle Cybersecurity Systems Engineering Committee
Enhancing Airworthiness Security: SysML-Based Approach to Modelling Security Scope Definitions2025-01-017205/02/2025
Airworthiness certification of aircraft requires an Airworthiness Security Process (AWSP) to ensure safe operation under potential unauthorized interactions, particularly in the context of growing cyber threats. Regulatory authorities mandate the consideration of Intentional Unauthorized Electronic Interactions (IUEI) in the development of aircraft, airborne software, and equipment. As the industry increasingly adopts Model-Based Systems Engineering (MBSE) to accelerate development, we aim to enhance this effort by focusing on security scope definitions – a critical step within the AWSP for security risk assessment that establishes the boundaries and extent of security measures. However, our findings indicate that, despite the increasing use of model-based tools in development, these security scope definitions often remain either document-based or, when modeled, are presented at overly abstract levels, both of which limit their utility. Furthermore, we found that these definitions
Hechelmann, AdrianMannchen, Thomas
Assignment Criteria for Function Allocation to Commercial Aviation System Security Domains2025-01-015605/02/2025
Aircraft cabin management is characterized by operational and business processes. Both are defined as a logical sequence of activities that occur during the flight. While the operational process includes activities to ensure flight safety, such as take-off, cruise and landing, the business process activities are related to adding value to the customer, i.e. the passenger. They are to be certified by the authority as a part of the aircraft type certification. These processes are defined by the airline and are described as part of the airline’s business model. While the scope of operational processes for passenger safety within the aircraft cabin should remain as unchanged as possible, the increasing competitive pressure on airlines is leading to a constantly rising number of services in the cabin. To prevent compromising cabin safety from increased cabin crew workload during the cruise phase, there is a growing trend toward digitizing operational and business processes. The digitized
Hintze, HartmutBlecken, MarvinGod, RalfPereira, Daniel
Items per page:
1 – 50 of 590