Search Results (14)

The complexity and interconnectivity of modern automotive systems are rapidly increasing, particularly with the rise of distributed and cooperative driving functions. These developments increase exposure to a range of disruptions, from technical failures to cyberattacks, and demand a shift towards resilience-by-design. This study addresses the early integration of resilience into the automotive design process by proposing a structured method for identifying gaps and eliciting resilience requirements. Building upon the concept of resilience scenarios, the approach extends traditional hazard and threat analyses as defined in ISO 26262, ISO 21448 and ISO/SAE 21434. Using a structured, graph-based modeling method, these scenarios enable the anticipation of functional degradation and its impact on driving scenarios. The methodology helps developers to specify resilience requirements at an early stage, enabling the integration of resilience properties throughout the system lifecycle. Its practical applicability is demonstrated through an example in the field of automotive cybersecurity. This study advances the field of resilience engineering by providing a concrete approach for operationalizing resilience within automotive systems engineering. Full article

The proliferation of cyber–physical systems in modern vehicles, characterized by densely interconnected Electronic Control Units (ECUs) and heterogeneous communication networks, has significantly expanded the automotive attack surface. Traditional Threat Analysis and Risk Assessment (TARA) methodologies remain predominantly manual processes that exhibit limitations in scalability, and comprehensive threat identification. This research addresses these limitations by developing a formalized framework for automating attack path analysis within the automotive architecture. While attack graph methodologies have demonstrated efficacy in conventional information technology domains, their application within automotive cybersecurity contexts presents unique challenges stemming from domain-specific architectural constraints. We propose a novel Graph-based Attack Path Prioritization (GAPP) methodology that integrates Extended Finite State Machine (EFSM) modeling. Our implementation employs the Neo4j property graph database architecture to establish the mappings between architectural components, security states, and exploitation vectors. This research contributes a systematic approach to automotive security assessment, enhancing vulnerability identification capabilities while reducing analytical complexity. Full article

The incorporation of Driver Monitoring Systems (DMSs) in vehicles is fundamental to enhancing road safety by continuously assessing driver behavior and identifying signs of fatigue or distraction. However, as these technologies evolve, they also present considerable cybersecurity challenges. This research undertakes an extensive Threat Analysis and Risk Assessment (TARA) of DMSs, adhering to the ISO/SAE 21434 standard, to methodically detect and assess potential security threats. A total of 115 threats were recognized and classified into 95 low-risk, 16 medium-risk, and 4 high-risk scenarios, underscoring key vulnerabilities in data transmission, sensor reliability, and communication frameworks. To mitigate these risks, we suggest a range of countermeasures, including enhanced encryption techniques, stringent authentication protocols, and reinforced access control mechanisms, designed to strengthen the security posture of DMSs in practical applications. This study introduces a structured framework for evaluating and addressing cybersecurity threats in alignment with industry regulations, facilitating the dependable and safeguarded implementation of DMSs in future vehicle architectures while contributing to ongoing progress in automotive cybersecurity. Full article

To ensure security and stable quality, deeper cybersecurity evaluations are essential for the development of safety features and functionalities in vehicles. Among these, the AEB system is the most relevant. This research presents a comprehensive TARA of the AEB system, emphasizing the identification, validation, and mitigation of major cybersecurity threats and risks. We systematically examine potential attack vectors by utilizing the STRIDE threat model. This approach enables a detailed analysis of each security threat associated with AEB systems, providing insights into how malicious actors could use the attack paths. The assessment aligns with ISO/SAE 21434, which offers a robust framework for risk management in automotive cybersecurity and IT security, ensuring a thorough evaluation of a system’s architecture. By assessing the AEB system’s architecture against these standards, we identify key components and communication pathways that may be particularly prone to cyberattacks. The results of this analysis highlight critical flaws within the AEB framework and propose corrective measures to enhance cybersecurity resilience. This article provides a structured methodology for assessing and mitigating automotive cybersecurity risks in compliance with industry standards, aiming to facilitate the safe implementation of AEB technology and ultimately improve overall vehicle security and safety. Full article

The evolution of Electrical and Electronic (E/E) architectures in the automotive industry has been a significant factor in the transformation of vehicles from traditional mechanical systems to sophisticated, software-defined machines. With increasing vehicle connectivity and the growing threats from cyberattacks that could compromise safety and violate user privacy, the incorporation of cybersecurity into the automotive development process is becoming imperative. As vehicles evolve into sophisticated interconnected systems, understanding their vulnerabilities becomes essential to improve cybersecurity. This paper also discusses the role of evolving standards and regulations, such as ISO 26262 and ISO/SAE 21434, in ensuring both the safety and cybersecurity of modern vehicles. This paper offers a comprehensive review of the current challenges in automotive cybersecurity, with a focus on the vulnerabilities of the Controller Area Network (CAN) protocol. Additionally, we explore state-of-the-art countermeasures, focusing on Intrusion Detection Systems (IDSs), which are increasingly leveraging artificial intelligence and machine learning techniques to detect anomalies and prevent attacks in real time. Through an analysis of publicly available CAN datasets, we evaluate the effectiveness of IDS frameworks in mitigating these threats. Full article

This study aimed to strengthen the security of autonomous vehicles by analyzing the current status of autonomous vehicle security, such as autonomous vehicle features, security threats, and compliance, and deriving security-level check items. Based on this, the relative importance could be obtained by applying it to the AHP (Analytic Hierarchy Process) model. The results of the empirical analysis showed that the order of priority was the establishment/implementation of a cybersecurity management system, encryption, and risk assessment. The significance of this study is that by deriving security-level check items related to autonomous vehicles and verifying the research model, we can reduce cyber security accidents that can cause loss of life and improve the level of autonomous vehicle security management of related companies. Additionally, by applying AHP evaluated by security experts to the autonomous vehicle field for the first time, it will contribute to the market expansion of the autonomous vehicle industry, which is concerned with security. Furthermore, major automobile companies have to manage the security levels of numerous tier companies due to the nature of the industry. Therefore, if they perform a Quick Check (QC) considering the relative importance of the autonomous vehicle security-level check items presented in this paper, they will be able to effectively identify the security levels of tier companies early. Full article

Recent advancements in the automotive field have significantly increased the level of complexity and connectivity of modern vehicles. In this context, the topic of cybersecurity becomes extremely relevant, as a successful attack can have an impact in terms of safety on the car navigation, potentially leading to harmful behavior. Risk assessment is typically performed using discrete input and output scales, which can often lead to an identical output in terms of risk evaluation despite the inputs presenting non-negligible differences. This work presents a novel fuzzy-logic-based methodology to assess cybersecurity risks which takes attack feasibility and safety impact as input factors. This technique allows us explicitly model the uncertainty and ambiguousness of input data, which is typical of the risk assessment process, providing an output on a more detailed scale. The fuzzy inference engine is based on a set of control rules expressed in natural language, which is crucial to maintaining the interpretability and traceability of the risk calculation. The proposed framework was applied to a case study extracted from ISO/SAE 21434. The obtained results are in line with the traditional methodology, with the added benefit of also providing the scatter around the calculated value, indicating the risk trend. The proposed method is general and can be applied in the industry independently from the specific case study. Full article

A cyber-physical system (CPS) integrates communication and automation technologies into the operational processes of physical systems. Nowadays, as a complex CPS, an intelligent connected vehicle (ICV) may be exposed to accidental functional failures and malicious attacks. Therefore, ensuring the ICV’s safety and security is crucial. Traditional safety/security analysis methods, such as failure mode and effect analysis and attack tree analysis, cannot provide a comprehensive analysis for the interactions between the system components of the ICV. In this work, we merge system-theoretic process analysis (STPA) with the concept phase of ISO 26262 and ISO/SAE 21434. We focus on the interactions between components while analyzing the safety and security of ICVs to reduce redundant efforts and inconsistencies in determining safety and security requirements. To conquer STPA’s abstraction in describing causal scenarios, we improved the physical component diagram of STPA-SafeSec by adding interface elements. In addition, we proposed the loss scenario tree to describe specific scenarios that lead to unsafe/unsecure control actions. After hazard/threat analysis, a unified risk assessment process is proposed to ensure consistency in assessment criteria and to streamline the process. A case study is implemented on the autonomous emergency braking system to demonstrate the validation of the proposed method. Full article

Intelligent connected vehicles (ICVs) are equipped with extensive electronic control units which offer convenience but also pose significant cybersecurity risks. Penetration testing, recommended in ISO/SAE 21434 “Road vehicles—Cybersecurity engineering”, is an effective approach to identify cybersecurity vulnerabilities in ICVs. However, there is limited research on vehicle penetration testing from a black-box perspective due to the complex architecture of ICVs. Additionally, no penetration testing framework has been proposed to guide security testers on conducting penetration testing for the whole vehicle. The lack of framework guidance results in the inexperienced security testers being uncertain about the processes to follow for conducting penetration testing. Moreover, the inexperienced security testers are unsure about which tests to perform in order to systematically evaluate the vehicle’s cybersecurity. To enhance the penetration testing efficiency of ICVs, this paper presents a black-box penetration testing framework, ICVTest. ICVTest proposes a standardized penetration testing process to facilitate step-by-step completion of the penetration testing, thereby addressing the issue of inexperienced testers lacking guidance on how to initiate work when confronted with ICV. Also, ICVTest includes 10 sets of test cases covering hardware and software security tests. Testers can select appropriate test cases based on the specific cybersecurity threats faced by the target object, thereby reducing the complexity of penetration testing tasks. Furthermore, we have developed a vehicle cybersecurity testing platform for ICVTest that seamlessly integrates various testing tools. The platform enables even novice testers to conduct vehicle black-box penetration testing in accordance with the given guidance which addresses the current industry’s challenge of an overwhelming number of testing tasks coupled with a shortage of skilled professionals. For the first time, we propose a comprehensive black-box penetration testing framework and implement the framework in the form of a cybersecurity testing platform. We apply ICVTest to evaluate an electric vehicle manufactured in 2021 for assessing the framework’s availability. With the aid of ICVTest, even testers with limited experience in automotive penetration can effectively evaluate the security risks of ICVs. In our experiments, numerous cybersecurity vulnerabilities were identified involving in-vehicle sensors, remote vehicle control systems, and in-vehicle controller area network (CAN) bus. Full article

The increasing usage of autonomous and automatic systems within the automotive industry is steering us towards a more interconnected world. This enhanced interconnectivity fosters a more streamlined driving experience, reduces costs, and provides timely driver assistance. The electric/electronic (EE) architectures of modern vehicles are inherently complex due to the multitude of components they encompass. Contemporary architectures reveal that these components converge at an electronic control unit (ECU) called the central gateway, which could potentially represent a single point of failure. While this central unit is typically adequately safeguarded, the same cannot be said for the connected components, which often remain vulnerable to cyber threats. The ISO/SAE 21434 standard paved the way for automotive cybersecurity and could be used in parallel with other standards such as ISO 26262 and ISO PAS 21488. Automatic collision notification (ACN) is one of the most typical systems in a vehicle, and limited effort has been dedicated to identifying the most suitable architecture for this feature. This paper addresses the existing security and privacy gap of this feature by conducting a comparative analysis of security threats in two distinct ACN architectures. Notably, despite ACN architectures exhibiting inherent similarities, the primary distinction between the two architectures lies in their strategies for crash estimation and detection, followed by subsequent communication with emergency response teams. A rigorous security assessment was conducted using the ISO/SAE 21434 standard, employing the TARA and STRIDE methodologies through the Ansys medini analyze software. This analysis identified an average of 310 threats per architecture, including a significant number of high-level threats (11.8% and 15%, respectively), highlighting the importance of a comprehensive evaluation. Full article

Safety-critical cyber-physical systems (CPSs), such as high-tech cars having cyber capabilities, are highly interconnected. Automotive manufacturers are concerned about cyber attacks on vehicles that can lead to catastrophic consequences. There is a need for a new risk management approach to address and investigate cybersecurity risks. Risk management in the automotive domain is challenging due to technological improvements and advances every year. The current standard for automotive security is ISO/SAE 21434, which discusses a framework that includes threats, associated risks, and risk treatment options such as risk reduction by applying appropriate defences. This paper presents a residual cybersecurity risk management framework aligned with the framework presented in ISO/SAE 21434. A methodology is proposed to develop an integrated attack tree that considers multiple sub-systems within the CPS. Integrating attack trees in this way will help the analyst to take a broad perspective of system security. Our previous approach utilises a flow graph to calculate the residual risk to a system before and after applying defences. This paper is an extension of our initial work. It defines the steps for applying the proposed framework and using adaptive cruise control (ACC) and adaptive light control (ALC) to illustrate the applicability of our work. This work is evaluated by comparing it with the requirements of the risk management framework discussed in the literature. Currently, our methodology satisfies more than 75% of their requirements. Full article

The Connected Automated Vehicle (CAV)’s deployment is proof of the wide evolution of autonomous driving technologies enabling vehicles to gradually dispose of their drivers. Within the scope of smart cities, such innovation has given rise to a new type of CAV: the Automated City Shuttle (ACS). Foreseen as the new paradigm aiming to shape the public transport model, the ACS elicits a plurality of new applications, such as the on-demand service in which a driverless shuttle offers the desired ride without human intervention. However, such a model raises cybersecurity concerns through the numerous attack surfaces and vehicle hyperconnection. This phenomenon was highlighted in several studies on CAVs, but very few research works tackled the specific case of ACSs, whose challenges and risks far exceed those of personal vehicles. The present work offers a comprehensive investigation of cybersecurity attacks, demonstrates a performed risk assessment based on the ISO/SAE 21434 standard, and showcases a penetration test over a real ACS of automation level four (L4) according to the Society of Automotive Engineering (SAE)’s ranking. Based on our experiments, we leverage fundamental cybersecurity recommendations with a focus on the ACS’s physical security. Full article

Modern vehicles are more complex and interconnected than ever before, which also means that attack surfaces for vehicles have increased significantly. Malicious cyberattacks will not only exploit personal privacy and property, but also affect the functional safety of electrical/electronic (E/E) safety-critical systems by controlling the driving functionality, which is life-threatening. Therefore, it is necessary to conduct cybersecurity testing on vehicles to reveal and address relevant security threats and vulnerabilities. Cybersecurity standards and regulations issued in recent years, such as ISO/SAE 21434 and UNECE WP.29 regulations (R155 and R156), also emphasize the indispensability of cybersecurity verification and validation in the development lifecycle but lack specific technical details. Thus, this paper conducts a systematic and comprehensive review of the research and practice in the field of automotive cybersecurity testing, which can provide reference and advice for automotive security researchers and testers. We classify and discuss the security testing methods and testbeds in automotive engineering. Furthermore, we identify gaps and limitations in existing research and point out future challenges. Full article

Modern autonomous vehicles with an electric/electronic (E/E) architecture represent the next big step in the automation and evolution of smart and self-driving vehicles. This technology is of significant interest nowadays and humans are currently witnessing the development of the different levels of automation for their vehicles. According to recent demand, the components of smart vehicles are centrally or zonally connected, as well as connected to clouds to ensure the seamless automation of driving functions. This necessity has a downside, as it makes the system vulnerable to malicious attacks from hackers with unethical motives. To ensure the control, safety, and security of smart vehicles, attaining and upholding automotive cybersecurity standards is inevitable. The ISO/SAE 21434 Road vehicle—Cybersecurity engineering standard document was published in 2021 and can be considered the Bible of automotive cybersecurity. In this paper, a comparison between four different E/E architectures was made based on the aforementioned standard. One of them is the traditional distributed architecture with many electronic control units (ECUs). The other three architectures consist of centralized or zonally distributed high-performance computers (HPCs). As the complexity of autonomous E/E systems are on the rise, the traditional distributive method is compared against the HPC (brain)-based architectures to visualize a comparative scenario between the architectures. The authors of this paper analyzed the threats and damage scenarios of the architectures using the ISO/SAE 21434 standard, “Microsoft Threat Analysis Tool - STRIDE”, TARA, and “Ansys Medini Analyze”. Security controls are recommended to mitigate the threats and risks in all of these studied architectures. This work attempted to mitigate the gap in the scholarly literature by creating a comparative image of the E/E architectures on a generalized level. The exploratory method of this research provides the reader with knowledge on four different architecture types, their fundamental properties, advantages, and disadvantages along with a general overview of the threats and vulnerabilities associated with each in light of the ISO/SAE 21434 standard. The improvement possibilities of the studied architectures are provided and their advantages and disadvantages are highlighted herein. Full article