Browse Topic: Data privacy

Items (52)
Find
Legal Issues and Policy: Vol. 3EPRCOMPV05202404/30/2025
Abdul Hamid, Umar ZakirEastman, Brittany
Reference
Uncovering Security Flaws in DC Chargers for Electric Vehicles2025-01-811804/01/2025
The added connectivity and transmission of personal and payment information in electric vehicle (EV) charging technology creates larger attack surfaces and incentives for malicious hackers to act. As EV charging stations are a major and direct user interface in the charging infrastructure, ensuring cybersecurity of the personal and private data transmitted to and from chargers is a key component to the overall security. Researchers at Southwest Research Institute® (SwRI®) evaluated the security of direct current fast charging (DCFC) EV supply equipment (EVSE). Identified vulnerabilities included values such as the MAC addresses of both the EV and EVSE, either sent in plaintext or encrypted with a known algorithm. These values allowed for reprogramming of non-volatile memory of power-line communication (PLC) devices as well as the EV’s parameter information block (PIB). Discovering these values allowed the researchers to access the IPv6 layer on the connection between the EV and EVSE
Kozan, Katherine
Technical Paper
Privacy Risk Assessment of Travel Trajectories in Metro AFC Data2025-01-721402/21/2025
The rapid expansion of metro systems in major cities worldwide has resulted in the accumulation of vast amounts of travel data through Automatic Fare Collection (AFC) systems. While this data is crucial for enhancing and optimizing transportation networks, it also raises significant concerns regarding passenger privacy due to the potential exposure of individual travel patterns. In this paper, we propose a novel privacy risk assessment model aimed at quantifying the uniqueness of travel trajectories and evaluating the associated privacy threats. Utilizing AFC data from Chengdu collected in March 2021, we first employ an information entropy approach to assess the uniqueness of travel trajectories across different time granularities. We then apply the K-Means clustering algorithm to classify these trajectories into categories based on their uniqueness levels, enabling us to investigate how factors like travel time and routes influence trajectory uniqueness. To further understand the
Fan, XiaotingQu, XuYang, Hongtai
Technical Paper
2025 Trends in Healthcare: Bridging Technology, Personalization, and AccessibilityTBMG-5246002/01/2025
The emergence of data-driven healthcare promises predictive and preventive care through enhanced data integration and analytics. This trend means that medical device companies must navigate challenges related to data privacy and operational efficiency while transitioning to a data-centric approach. Artificial intelligence (AI) is spearheading this shift toward hyper-personalized medicine, enabling precision treatments based on genetic profiles and predictive analytics for early disease detection. Advancements in telemedicine, AI, wearable technology, and data analytics, are reshaping how care is delivered, making it more accessible, personalized, and efficient in 2025.
Magazine Article
653P2-5 Avionics Application Software Standard Interface, Part 2, Extended ServicesARINC653P2-5 (Current)12/16/2024
As avionics software continues to evolve, so does ARINC Specification 653. ARINC 653 Part 2 specifies extensions (i.e., optional services) to the required Application Program Interfaces (APIs) described in ARINC 653 Part 1.
Airlines Electronic Engineering Committee
Specification
Automotive Cybersecurity: Defend the Future of Connected Vehicles2024-28-012312/05/2024
Cybersecurity, particularly in the automotive sector, is of paramount importance in today’s digital age. With the advent of connected commercial vehicles, which leverage telematics for efficient fleet management, the landscape of automotive cybersecurity is rapidly evolving. These vehicles, integral to logistics and transportation businesses, are becoming increasingly connected, thereby escalating the risks associated with cybersecurity threats. These commercial vehicles are becoming prime targets for cyber-attacks due to their connectivity and the valuable data they hold. The potential consequences of these cyber-attacks can range from data breaches to disruptions in fleet operations, and even safety risks. This paper analyses the unique challenges faced by the commercial vehicle sector, such as the need for robust telematics systems, secure communication channels, and stringent data protection measures. Case studies of notable cybersecurity incidents involving commercial vehicles are
Mahendrakar, ShrinidhiMadarla, ManojGangapuram, SivaDadoo, Vishal
Technical Paper
Understanding the Vulnerability in Wireless Backhaul Networks for 5GTBMG-5219912/01/2024
A research team led by Rice University’s Edward Knightly has uncovered an eavesdropping security vulnerability in high-frequency and high-speed wireless backhaul links, widely employed in critical applications such as 5G wireless cell phone signals and low-latency financial trading on Wall Street.
Magazine Article
A Methodology to Enhance Transparency for Trustworthy Artificial Intelligence for Cooperative, Connected, and Automated Mobility12-08-01-001009/02/2024
In this research, we propose a set of reporting documents to enhance transparency and trust in artificial intelligence (AI) systems for cooperative, connected, and automated mobility (CCAM) applications. By analyzing key documents on ethical guidelines and regulations in AI, such as the Assessment List for Trustworthy AI and the EU AI Act, we extracted considerations regarding transparency requirements. Recognizing the unique characteristics of each AI system and its application sector, we designed a model card tailored for CCAM applications. This was made considering the criteria for achieving trustworthy autonomous vehicles, exposed by the Joint Research Centre (JRC), and including information items that evidence the compliance of the AI system with these ethical aspects and that are also of interest to the different stakeholders. Additionally, we propose an MLOps Card to share information about the infrastructure and tools involved in creating and implementing the AI system.
Cañas, Paola NataliaNieto, MarcosOtaegui, OihanaRodriguez, Igor
Journal Article
Synthetic On Board Diagnostics Data Generation and Evaluation for Vehicle Diagnostic TestingSAE-PP-0040508/21/2024
The generation of data plays a vital role in Machine Learning (ML) techniques by providing the foundation for training and improvement of forecast models. As one application area for these models, in-vehicle systems, like vehicle diagnostics, have the potential to enhance the reliability and durability of vehicles by utilizing ML models in the testing phases. However, acquiring a high volume of quality On-Board Diagnostics (OBD) data is time-consuming and poses challenges like the risk of exposing sensitive information. To address this issue, synthetic data generation offers a promising alternative that is already in use in other domains. Thereby, synthetic data allows the exploitation of knowledge found in original data, ensuring the privacy of sensitive data, with less time costs of data acquisition. For this purpose, the research presented in this contribution investigates the use of statistical and ML-based synthetic OBD data generation methods. The models are evaluated with the
Vucinic, VeljkoHantschel, FrankKotschenreuther, Thomas
Pre-Print Article
Privacy for Software-defined Battery Electric VehiclesEPR202401206/17/2024
The integration of software-defined approaches with software-defined battery electric vehicles brings forth challenges related to privacy regulations, such as European Union’s General Data Protection Regulation and Data Act, as well as the California Consumer Privacy Act. Compliance with these regulations poses barriers for foreign brands and startups seeking entry into these markets. Car manufacturers and suppliers, particularly software suppliers, must navigate complex privacy requirements when introducing vehicles to these regions. Privacy for Software-defined Battery Electric Vehicles aims to educate practitioners across different market regions and fields. It seeks to stimulate discussions for improvements in processes and requirements related to privacy aspects regarding these vehicles. The report covers the significance of privacy, potential vulnerabilities and risks, technical challenges, safety risks, management and operational challenges, and the benefits of compliance with
Abdul Hamid, Umar Zakir
Research Report
Facial Recognition Software and Privacy Law in Transportation TechnologyEPR202401105/07/2024
Data privacy questions are particularly timely in the automotive industry as—now more than ever before—vehicles are collecting and sharing data at great speeds and quantities. Though connectivity and vehicle-to-vehicle technologies are perhaps the most obvious, smart city infrastructure, maintenance, and infotainment systems are also relevant in the data privacy law discourse. Facial Recognition Software and Privacy Law in Transportation Technology considers the current legal landscape of privacy law and the unanswered questions that have surfaced in recent years. A survey of the limited recent federal case law and statutory law, as well as examples of comprehensive state data privacy laws, is included. Perhaps most importantly, this report simplifies the balancing act that manufacturers and consumers are performing by complying with data privacy laws, sharing enough data to maximize safety and convenience, and protecting personal information. Click here to access the full SAE EDGETM
Eastman, Brittany
Research Report
Evaluating Network Security Configuration (NSC) Practices in Vehicle-Related Android Applications2024-01-288104/09/2024
Android applications have historically faced vulnerabilities to man-in-the-middle attacks due to insecure custom SSL/TLS certificate validation implementations. In response, Google introduced the Network Security Configuration (NSC) as a configuration-based solution to improve the security of certificate validation practices. NSC was initially developed to enhance the security of Android applications by providing developers with a framework to customize network security settings. However, recent studies have shown that it is often not being leveraged appropriately to enhance security. Motivated by the surge in vehicular connectivity and the corresponding impact on user security and data privacy, our research pivots to the domain of mobile applications for vehicles. As vehicles increasingly become repositories of personal data and integral nodes in the Internet of Things (IoT) ecosystem, ensuring their security moves beyond traditional issues to one of public safety and trust. To
Zhang, LinxiMa, Di
Technical Paper
Opportunities, Challenges and Requirements for Use of Blockchain in Unmanned Aircraft Systems Operating Below 400ft Above Ground Level for Commercial Use2024-01-192803/05/2024
The number of Unmanned Aircraft Systems (UAS) has been growing over the past few years and will continue to grow at a faster pace in the near future. UAS faces many challenges in certification, airspace management, operations, supply chain, and maintenance. Blockchain, defined as a distributed ledger technology for the enterprise that features immutability, traceability, automation, data privacy, and security, can help address some of these challenges. However, blockchain also has certain drawbacks and, additionally, it is still not fully mature. Hence it is essential to study how blockchain can help UAS. This Aerospace Information Report (AIR) presents the current opportunities, challenges of UAS operating at or below 400 ft Above Ground Level (AGL) altitude for commercial use and how blockchain can help meet these challenges. It also provides requirements for developing a blockchain solution for UAS along with the need for the standardization of blockchain enabled processes.
Rencher, RobertManoharan, DineshR, PrithivirajGhimire, RiteshMarkou, ChrisFabre, ChrisRoboff, MarkBudeanu, DragosWalthall, RhondaVeluri, Sastry
Technical Paper
Integrating Ergonomic and Artificial Intelligence in the Automotive2023-36-004201/08/2024
The integration of ergonomics and artificial intelligence (AI) in the automotive industry has the potential to revolutionize the way how vehicles are designed, manufactured and used. The aim of this article is to review the recent literature on the subject and discuss the opportunities and challenges presented by the integration of these two fields. The paper begins defining the ergonomics and the AI and providing an overview of their respective roles in the automotive industry. It then examines the benefits of the integration of ergonomics and AI in the automotive industry, including the optimization of vehicle design and manufacturing process. The enhancement of the driver experience, and improvement of safety accessibility, and customization, however, the integration of ergonomics and AI in the automotive industry also presents challenges, including ethical and legal considerations, data privacy, liability, and the impact on the employment in the automotive industry. The paper
Puertas, Carlos Augusto PalermoGalhardi, Antonio Cesar
Technical Paper
Users’ Perception of Data Privacy in Self-Driving Vehicles in Dubai2023-01-190812/29/2023
The concerns surrounding AV adoption encompass the data protection factor. An online survey was conducted to gain insights into this concern, targeting UAE residents with knowledge about Autonomous Vehicle (AV) technology. The collected data were subjected to statistical analysis to provide valuable information for the UAE government and private sectors. To achieve this goal, we conducted a statistical analysis of the collected data, which resulted in further insights regarding the obstacles impeding the adoption of AV technologies in the United Arab Emirates. This analysis further quantifies the factors that contributed to UAE public concerns. We also examined user group evaluations in terms of their propensity to employ the technology in the future.
shweky, shuq hussenNasiruddeen Muhammad, Nasiruddeen MuhammadEman Abu Shabab, EmanSaad Amin, SaadHussain Al-Ahmad, HussainMukhtar, HusameldinMohammad Rababa, MohammadBurkhard Schafer, Burkhard
Technical Paper
Autonomous Vehicle Engineering: November 202323AVEP1111/09/2023
Editorial Automated driving's continuing mission: One step forward… The Navigator Are robotaxis ready for prime time? AV Simulation Faces a Long and Winding Road There are many divergent-but-related ideas about how best to leverage simulation to 'teach' and test automated vehicles. Global AV simulation experts continue to attack the technology's persistent obstacles. DOT's 'Framework' for AV Development The U.S. Department of Transportation establishes structure to advance collaborative AV testing. The Chaos of Automotive Data Privacy Regulators and other privacy advocates believe vehicle-related data collection and brokering is in overdrive. One expert believes a day of reckoning is coming. Simulation Developer rFpro Mimics Vehicle Sensors 'Ray-tracing' software enables the training of ADAS systems entirely by simulation. Eight of the top 10 OEMs are using it. New Tools & Technologies
Magazine Issue
Opportunities, Challenges and Requirements for Use of Blockchain in Unmanned Aircraft Systems2023-01-150409/05/2023
Unmanned Aircraft Systems (UAS) have been growing over the past few years and will continue to grow at a faster pace in future. UAS faces many challenges in certification, airspace management, operations, supply chain, and maintenance. Blockchain, defined as a distributed ledger technology for the enterprise that features immutability, traceability, automation, data privacy, and security, can help address some of these challenges. However, blockchain also has certain challenges and is still evolving. Hence it is essential to study on how blockchain can help UAS. G-31 technical committee of SAE International responsible for electronic transactions for aerospace has published AIR 7356 [1] entitled Opportunities, Challenges and Requirements for use of Blockchain in Unmanned Aircraft Systems Operating below 400ft above ground level for Commercial Use. This paper is a teaser for AIR 7356 [1] document. It presents the current opportunities, challenges of UAS operating at or below 400 ft
Manoharan, DineshG.V.V., Ravi KumarR, PrithivirajGhimire, RiteshRencher, RobertMarkou, ChrisFabre, ChrisRoboff, MarkBudeanu, DragosRajamani, RaviWalthall, RhondaVeluri, Sastry
Technical Paper
ADAS Sensor Data Handling in the World of Autonomous Mobility2023-01-099303/07/2023
By 2030, about 95% of new vehicles sold globally will be connected, up from around 50% today. Around 45% of these vehicles will have intermediate and advanced connectivity features (source: McKinsey, 2021). Modernization, standardization, and automation are the key steps in the roadmap of data handling for connected vehicles. Vehicle software increasingly sits within a connected ecosystem of devices. Consumer expectations are shifting more towards digital compatibility, connectivity, and new functionalities offered in autonomous vehicles. Digitalization is turning the vehicles of the future into commodities that are as experimental as they are useful. Many OEMs are at the beginning of this transformation journey and have struggled on the software side of things. The entire automotive industry is putting its efforts into effectively monetizing the data captured during the development and management of autonomous vehicles. It is not easy to handle the complexity, elasticity, and volume
Samantaray, Rojalin
Technical Paper
Opportunities, Challenges, and Requirements for Use of Blockchain in Unmanned Aircraft Systems Operating Below 400 Feet Above Ground Level for Commercial UseAIR7356 (Current)01/25/2023
This SAE Aerospace Information Report (AIR) focuses on opportunities, challenges, and requirements in use of blockchain for Unmanned Aircraft Systems (UAS) operating at and below 400 feet above ground level (AGL) for commercial use. UAS stakeholders like original equipment manufacturers (OEMs), suppliers, operators, owners, regulators, and maintenance repair and overhaul (MRO) providers face many challenges in certification, airspace management, operations, supply chain, and maintenance. Blockchain—defined as a distributed ledger technology that includes enterprise blockchain—can help address some of these challenges. Blockchain technology is evolving and also poses certain concerns in adoption. This AIR provides information on the current UAS challenges and how these challenges can be addressed by deploying blockchain technology along with identified areas of concern when using this technology. The scope of this AIR includes elicitation of key requirements for blockchain in UAS across
G-31 Digital Transactions for Aerospace
Information Report
Legal Issues Facing Automated Vehicles, Facial Recognition, and Privacy RightsEPR202201607/28/2022
Facial recognition software (FRS) is a form of biometric security that detects a face, analyzes it, converts it to data, and then matches it with images in a database. This technology is currently being used in vehicles for safety and convenience features, such as detecting driver fatigue, ensuring ride share drivers are wearing a face covering, or unlocking the vehicle. Public transportation hubs can also use FRS to identify missing persons, intercept domestic terrorism, deter theft, and achieve other security initiatives. However, biometric data is sensitive and there are numerous remaining questions about how to implement and regulate FRS in a way that maximizes its safety and security potential while simultaneously ensuring individual’s right to privacy, data security, and technology-based equality. Legal Issues Facing Automated Vehicles, Facial Recognition, and Individual Rights seeks to highlight the benefits of using FRS in public and private transportation technology and
Eastman, Brittany
Research Report
SAE TOMORROW TODAY: Innovating in Real-Time with Software-Defined Vehicles1323607/25/2022
The future of mobility is software-defined. For automakers, this means that vehicles will transition to a combination of software-centric computing systems on wheels. The key to unlocking this incredible opportunity is the capability to update vehicles instantly. Enabling this transformation is Jeffrey Chou, Co-Founder and CEO of Sonatus. With a proven track record of revolutionizing IT data centers, Jeff and his team are bringing to life an extensive array of advanced technologies and a cloud-connected in-vehicle infrastructure that is accelerating the OEM journey toward fully Software-Defined Vehicles (SDVs). The Sonatus Digital Dynamics platform - which was recently integrated into the Hyundai Genesis GV60 - helps automakers create a foundation for dynamic SDVs that can evolve and adapt in real-time, empowering them to innovate faster, reduce complexity and costs, and become more agile. Along with this opportunity comes an increased focus on cybersecurity and data protection. Hear
Hineman, Marcie
Podcast
Security IP ModuleTBMG-4580605/01/2022
Curtiss-Wright Defense Solutions Ashburn, VA 703-779-7800
Magazine Article
Vulnerability Management - Practical Challenges and Solutions for Cybersecurity EngineeringSAE-PP-0018609/29/2021
Integrating cybersecurity development, testing and operations activities around a common risk and vulnerability management framework is key to implementing an effective and efficient cybersecurity engineering process. We describe a case study to investigate the practical implementation of vulnerability management within an automotive cybersecurity engineering process. The case study is based on applying a combination of Cybellum's Product Security Assessment tool for identifying software vulnerabilities with HORIBA MIRA's vulnerability management method. We illustrate how effective vulnerability management requires a combination of people, processes and tools, explore the challenges of scaling this activity and identify opportunities for further development of a scalable solution.
Lazebnik, EddieTraitel, EyalWooderson, PaulRuddle, Douglas
Pre-Print Article
Efficient On-Premises Data Storage Solution for Autonomous Driving2021-26-004209/22/2021
Total autonomy will be 100% accident free by testing more than 8 Billion miles of sensor data*. However, testing the software in real driving situations on the road would be extremely time consuming, expensive, cumbersome. Numerous improvements of the algorithms are necessary to perfect the control software for autonomous driving. To train and test the algorithms we need sensor data. Here the challenge is to store and manage petabytes of sensor data across the global locations with data integrity. In autonomous vehicle to maintain the road safety, multiple sensors are mounted with varying levels of maturity. Multisensory data is the process of combining observations from different sources to provide a robust and complete description of an environment and to overcome the limitation in term of availability. This paper describes an end to end architecture and design of global data ingest, data processing accessing sensor data effectively, data service and data protection method. It gives
samantaray, Rojalin
Technical Paper
Unsettled Legal Issues Facing Data in Autonomous, Connected, Electric, and Shared VehiclesEPR202101909/13/2021
Modern automobiles collect around 25 gigabytes of data per hour and autonomous vehicles are expected to generate more than 100 times that number. In comparison, the Apollo Guidance Computer assisting in the moon launches had only a 32-kilobtye hard disk. Without question, the breadth of in-vehicle data has opened new possibilities and challenges. The potential for accessing this data has led many entrepreneurs to claim that data is more valuable than even the vehicle itself. These intrepid data-miners seek to explore business opportunities in predictive maintenance, pay-as-you-drive features, and infrastructure services. Yet, the use of data comes with inherent challenges: accessibility, ownership, security, and privacy. Unsettled Legal Issues Facing Data in Autonomous, Connected, Electric, and Shared Vehicles examines some of the pressing questions on the minds of both industry and consumers. Who owns the data and how can it be used? What are the regulatory regimes that impact
Dukarski, Jennifer
Research Report
SAE TOMORROW TODAY: Protection from Global Threats: Cyber Terrorism & Personal Security with Bryan Hurd1316008/27/2021
Imagine living in a world where everyone knows your name. Our world is becoming more and more connected every day. Ask yourself: if you were a high-profile individual, how would you keep your data secure? What if your day-to-day safety was at risk? Are there bad actors that would be able to take control of your finances or your business? These are the questions that keep Bryan Hurd up at night. As Chief of Office in Seattle for Aon's Cyber Solutions, Hurd and the team help corporations, individuals, and their families stay safe from cyber terrorism and threats using special security details, organizational education, and more. To learn more about the work from the team at Aon, head to https://www.aon.com/cyber-solutions and follow Bryan Hurd on LinkedIn (https://www.linkedin.com/in/bryanhurd/).
Hineman, Marcie
Podcast
Determination of Cost Benefits from Implementing a Blockchain SolutionARP6984 (Current)08/19/2021
This SAE Aerospace Recommended Practice (ARP) provides insights on how to perform a Cost Benefit Analysis (CBA) to determine the Return on Investment (ROI) that would result from implementing a blockchain solution to a new or an existing business process. The word “blockchain” refers to a method of documenting when data transactions occur using a distributed ledger with desired immutable qualities. The scope of the current document is on enterprise blockchain which gives the benefit of standardized cryptography, legal enforceability and regulatory compliance. The document analyzes the complexity involved with this technology, lists some of the different approaches that can be used for conducting a CBA, and differentiates its analysis depending on whether the application uses a public or a private distributed network. This document is intended for people who do not have a deep technical understanding or familiarity with blockchain solutions to qualify and quantify its economic benefits
G-31 Digital Transactions for Aerospace
Recommended Practice
Requirements for Aviation, Space, and Defense Auditor Training, Development, Competence, and AuthenticationAS9104/3A (Current)11/11/2020
This document defines the minimum requirements for auditors, CBs, Auditor Authentication Bodies (AABs), Training Provider Approval Bodies (TPABs), and Training Providers (TPs) who participate in the IAQG Industry Controlled Other Party (ICOP) scheme. The requirements in this standard supplement those defined within the 9104/1, 9104/2, ISO/IEC 17021-1, and ISO/IEC 17021-3 standards. Data protection for the parties subject to this document and other relevant requirements of the ICOP scheme are managed via bi-lateral contracts between the joint controllers of the data.
G-14 Americas Aerospace Quality Standards Committee (AAQSC)
Technical Standard
Challenges in Integrating Cybersecurity into Existing Development Processes2020-01-014404/14/2020
For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits. Adapting development processes to take cybersecurity into account introduces challenges not present in engineering divisions so far. Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. Moreover, this leads
Lenhart, PatricArndt, Paulvon Wedel, JanaBeul, ChristianWeldert, Jan
Technical Paper
Guidelines for Mobility Data Sharing Governance and ContractingMDC0000120200404/08/2020
Digitally enabled mobility vehicles and services, including dockless bikesharing and electric scooter sharing, are generating and collecting a growing amount of mobility data. Mobility data holds great potential to support transportation officials and their efforts to manage the public right-of-way, but the unlimited distribution of mobility data carries untested risks to privacy and public trust. The Mobility Data Collaborative™ has identified the need to improve and coordinate understanding among all parties around foundational policy and legal issues to support mobility data sharing, including privacy and contracting. The guidelines are geared towards supporting a scalable mobility data sharing framework that aligns the interests of the public and private sectors while addressing privacy, transparency, data ownership, and consumer trust.
Mobility Data Collaborative
Best Practice
Seeing with Sound Next-Level Ultrasonic Sensors for Intelligent CarsTBMG-3637404/01/2020
Even though ultrasound has been studied by scientists for many years, its capabilities in practical applications are yet to be fully harnessed.
Magazine Article
Hardware Protected Security for Ground VehiclesJ3101_202002 (Current)02/10/2020
Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper. Examples are: Creating a new key fob Re-flashing ECU firmware Reading/exporting PII out of the ECU Using a subscription-based feature Performing some service on an ECU Transferring ownership of the vehicle Some of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive. Other use cases that require hardware protected security environment-based access control may be used by each manufacturer
Vehicle Electrical System Security Committee
Recommended Practice
Data Privacy in the Emerging Connected Mobility Services: Architecture, Use Cases, Privacy Risks, and Countermeasures11-02-01-000410/14/2019
The rapid development of connected and automated vehicle technologies together with cloud-based mobility services is transforming the transportation industry. As a result, huge amounts of consumer data are being collected and utilized to provide personalized mobility services. Using big data poses serious challenges to data privacy. To that end, the risks of privacy leakage are amplified by data aggregations from multiple sources and exchanging data with third-party service providers, in face of the recent advances in data analytics. This article provides a review of the connected vehicle landscape from case studies, system characteristics, and dataflows. It also identifies potential challenges and countermeasures.
Li, HuaxinMa, DiMedjahed, BrahimKim, Yu SeungMitra, Pramita
Journal Article
Maintaining Data Protection and Security for the Connected CarTBMG-3527110/01/2019
The connected car has already become a reality. It is a subject not just electrifying customers and manufacturers but also security researchers and IT experts. And in a worst-case scenario, criminal hackers as well. For years, security experts have observed the fact that the desktop PC is not the only target of digital attacks anymore. A large part of the malware is now customized to hit mobile devices. It would be negligent to believe that this development would leave the connected car unmolested.
Magazine Article
Autonomous Vehicle Engineering: September 201919AVEP0909/05/2019
Editorial The new 'face' of privacy The Navigator No trust in AI systems without data protection Innovation Nation In the mobility space, Israel is rivaling Silicon Valley for smarts and start-ups - and beats it in chutzpah. Autonomy in your Face Biometric technology is deemed essential to ensuring AV driving safety and advancing the user experience-if privacy issues don't derail its deployment. About Face! To win acceptance, deployment of facial-recognition technology needs to fit within a picture-perfect consumer and legal framework that balances benefits with privacy protection. The Vehicle as Gaming Device Audi spin-off Holoride uses VR to turn the back seat into an entertainment platform. BlackBerry Tech Duo Sees Emergence of Vehicle-based Platforms Though likely to provide the OS of autonomy, BlackBerry also anticipates a larger shift to automobiles as software platforms. Improving Lidar - or Defeating It The buzz at Sensors Expo pitted lidar-tech optimism against the reality of
Magazine Issue
The Navigator19AVEP09_0209/01/2019
No trust in AI systems without data protection When people surround themselves with microphones and cameras, others will be listening and watching. This reality shouldn't come as a surprise, but remarkably it does. The advent of automated driving will dramatically expand this activity. In fact, it is already creating controversy. At its core is the challenge of training so-called artificial intelligence systems. As human children, we learn in large part through the guidance we get from parents, teachers and other caregivers. AI systems are no different. They ingest data and “learn” from it. But just as children must be shown the difference between red and green, a circle and a square, or A and Z, machine learning systems need data that has been labeled.
Magazine Article
Editorial19AVEP09_0109/01/2019
Although editor-in-chief Lindsay Brooke's cover story detailing the foundations of Israel's surging tech sector helps to explain the nation's expanding expertise in all things cyber-secure, much of this issue deals with security and privacy of another kind-the access we grant almost daily to all manner of digital “providers” of goods and services. The access we'll be expected to cede is in exchange for some of the promising new features of the looming connected-vehicle future.
Visnic, Bill
Magazine Article
Editorial19AVEP05_0105/01/2019
AVs, data and ‘surveillance capitalism’ I finally hit my limit after seeing a Twitter post-from, almost paradoxically, a privacy engineer at Google-showing a taxi cab in Asia with a passenger-area screen announcing it was employing facial recognition “to deliver the most optimized content” to the rider. “The image data is discarded immediately,” the little tablet professed.
Visnic, Bill
Magazine Article
Survey of Automotive Privacy Regulations and Privacy-Related Attacks2019-01-047904/02/2019
Privacy has been a rising concern. The European Union has established a privacy standard called General Data Protection Regulation (GDPR) in May 2018. Furthermore, the Facebook-Cambridge Analytica data incident made headlines in March 2018. Data collection from vehicles by OEM platforms is increasingly popular and may offer OEMs new business models but it comes with the risk of privacy leakages. Vehicular sensor data shared with third-parties can lead to misuse of the requested data for other purposes than stated/intended. There exists a relevant regulation document introduced by the Alliance of Automobile Manufacturers (“Auto Alliance”), which classifies the vehicular sensors used for data collection as covered and non-sensitive parameters. This paper reviews existing privacy standards as well as ongoing efforts in the automotive domain, and surveys the landscape of automotive privacy-related attacks which can be classified into three categories: driver fingerprinting, location
Pesé, Mert D.Shin, Kang G.
Technical Paper
Evaluating Trajectory Privacy in Autonomous Vehicular Communications2019-01-048704/02/2019
Autonomous vehicles might one day be able to implement privacy preserving driving patterns which humans may find too difficult to implement. In order to measure the difference between location privacy achieved by humans versus location privacy achieved by autonomous vehicles, this paper measures privacy as trajectory anonymity, as opposed to single location privacy or continuous privacy. This paper evaluates how trajectory privacy for randomized driving patterns could be twice as effective for autonomous vehicles using diverted paths compared to Google Map API generated shortest paths. The result shows vehicles mobility patterns could impact trajectory and location privacy. Moreover, the results show that the proposed metric outperforms both K-anonymity and KDT-anonymity.
Banihani, AbdelnasserZaiter, AbdulrahmanCorser, George P.Fu, HuirongAlzahrani, Abdulrahman
Technical Paper
Analyzing and Preventing Data Privacy Leakage in Connected Vehicle Services2019-01-047804/02/2019
The rapid development of connected and automated vehicle technologies together with cloud-based mobility services are revolutionizing the transportation industry. As a result, huge amounts of data are being generated, collected, and utilized, hence providing tremendous business opportunities. However, this big data poses serious challenges mainly in terms of data privacy. The risks of privacy leakage are amplified by the information sharing nature of emerging mobility services and the recent advances in data analytics. In this paper, we provide an overview of the connected vehicle landscape and point out potential privacy threats. We demonstrate two of the risks, namely additional individual information inference and user de-anonymization, through concrete attack designs. We also propose corresponding countermeasures to defend against such privacy attacks. We evaluate the feasibility of such attacks and our defense strategies using real world vehicular data.
Li, HuaxinMa, DiMedjahed, BrahimKim, Yu SeungMitra, Pramita
Journal Article
Robust Method for Data Protection and Change DetectionTBMG-2755509/01/2017
Methods exist for processing an original data sequence in order to generate information about the data for the purposes of integrity measurement, ownership demonstration, and authentication. The first category is digital watermarking, the second is data hashing, and the third is error detection coding. In the present context, watermarking is often used for ownership demonstration and authentication purposes; data hashing is often used for integrity measurement purposes; and as with data hashing, error detection coding is used to measure data integrity. However, the latter is normally done as part of data transmission protocol, and therefore addresses transmission errors rather than tampering.
Magazine Article
Ensuring a Safe Medical DesignTBMG-2732708/01/2017
Until recently, developers and manufacturers of medical devices have not been required to consider security in their products. New guidance from the U.S. Food and Drug Administration (FDA) and expanded European Union requirements for personal data protection now make security design in medical devices a necessity. While IT network attacks get most of the press, it is important to remember that physical attacks, such as accessing a maintenance serial port, can be just as dangerous.
Magazine Article
Big Data Analytics: How Big Data is Shaping Our Understanding of Electrified Vehicle Customers2017-01-024703/28/2017
Electrified vehicles including Battery Electric Vehicles (BEVs) and Plug-In Hybrid Vehicles (PHEVs) made by Ford Motor Company are fitted with a telematics modem to provide customers with the means to communicate with their vehicles and, at the same time, receive insight on their vehicle usage. These services are provided through the “MyFordMobile” website and phone applications, simultaneously collecting information from the vehicle for different event triggers. In this work, we study this data by using Big Data Methodologies including a Hadoop Database for storing data and HiveQL, Pig Latin and Python scripts to perform analytics. We present electrified vehicle customer behaviors including geographical distribution, trip distances, and daily distances and compare these to the Atlanta Regional Survey data. We discuss customer behaviors pertinent to electrified vehicles including charger types used, charging occurrence, charger plug-in times etc. Throughout this discussion, we
Ahmed, N. KhalidKapadia, Jimmy
Journal Article
Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric SystemTBMG-1328004/01/2012
As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives.
Magazine Article
Prioritized LT CodesTBMG-989405/01/2011
The original Luby Transform (LT) coding scheme is extended to account for data transmissions where some information symbols in a message block are more important than others. Prioritized LT codes provide unequal error protection (UEP) of data on an erasure channel by modifying the original LT encoder. The prioritized algorithm improves high-priority data protection without penalizing low-priority data recovery. Moreover, low-latency decoding is also obtained for high-priority data due to fast encoding. Prioritized LT codes only require a slight change in the original encoding algorithm, and no changes at all at the decoder. Hence, with a small complexity increase in the LT encoder, an improved UEP and low-decoding latency performance for high-priority data can be achieved.
Magazine Article
Optimal Scheduling in Graphical Modeling Environments2009-01-026804/20/2009
Methods for controlling execution order in traditional text-based languages such as C and Fortran are well established. The transition to graphical programs has revealed some of the hidden issues inherent in any scheduling routine, specifically data dependency and data protection (in multirate systems). Graphical programming languages provided built-in diagnostics that allow users to analyze the data dependencies to develop optimal schedules from a data propagation perspective. This paper examines one heuristic that can be used to develop an optimal schedule for an arbitrary model.
Burke, Michael
Journal Article
Enterprise Information Security and PrivacyB-ART-01701/01/2009
Here’s a unique and practical book that addresses the rapidly growing problem of information security, privacy, and secrecy threats and vulnerabilities. This authoritative resource helps you understand what really needs to be done to protect sensitive data and systems and how to comply with the burgeoning roster of data protection laws and regulations. The book examines the effectiveness and weaknesses of current approaches and guides you towards practical methods and doable processes that can bring about real improvement in the overall security environment. You gain insight into the latest security and privacy trends, learn how to determine and mitigate risks, and discover the specific dangers and responses regarding the most critical sectors of a modern economy.
Axelrod, C. WarrenBayuk, JenniferSchutzer, Daniel
Reference
Conflicting Uses of Data from Private Vehicle Data Systems2001-01-080403/05/2001
The disclosure by General Motors in the spring of 1999 that private passenger vehicles record crash event data has lead to numerous proposals for the use of this data for engineering, crash research, liability, enforcement, traffic safety and medical uses.1 Many of these applications are traditional “static” uses where the time frame in which the data is collected is not critical to the use (within the bounds of a few days or weeks). Medical use of the data, however, for activation of EMS services and triage is a new “dynamic” use that requires immediate access to the data in order to achieve results. Currently the static and dynamic uses of the data may conflict, with use in one area potentially inhibiting use in the other. This arises in principal part because of protections generally provided to data secured and maintained incident to providing medical care. The lead author of this paper is a member of the NHTSA's Event Data Recorder Working Group serving as a representative of the
Garthe, E. A.Mango, N.K.
Technical Paper
The Impact of Internet Privacy Regulation on the U.S. Mobility Industry: Nuisance or Economic Catalyst?2000-01-136903/06/2000
Internet privacy regulation has an enormous potential to impact the automotive industry financially. Automotive companies rely on Internet data collection to market directly to consumers successfully, advertise merchandise and services, and expedite a number of internal operations. Government legislation would inevitably require significant changes in these data collection methods and consequently produce large compliance costs. On the other hand, consumer distrust and business loss to the more stringently regulated European Union can also produce significant costs, if Internet privacy regulation is not more effectively enforced. The current method of enforcement, self-regulation, has been highly criticized despite considerable improvement from industry. Many privacy advocates are actively seeking legislation to remedy the problem. This paper recommends the automotive industry play a more active role in addressing Internet privacy concerns by improving self-regulation enforcement and
Nicholls, Stephen M.
Technical Paper
Items per page:
1 – 50 of 52