Search Results (231)

Controller Area Network (CAN) remains a key in-vehicle communication protocol for distributed automotive control systems, where predictable communication timing is essential for coordinated operation of electronic control units (ECUs). This paper presents a cross-validated framework for timing analysis of automotive CAN networks by combining Deterministic and Stochastic Petri net (DSPN) modeling with worst-case response-time (WCRT) analysis. A DSPN model is developed to represent CAN message generation, priority-based arbitration, bus access, and non-preemptive frame transmission. The model is implemented in TimeNet to evaluate bus utilization, queue occupancy, and access-delay behavior under representative automotive traffic. In parallel, analytical WCRT equations are used to derive conservative latency bounds for each message class. The proposed framework links stochastic performance observations from DSPN simulation with deterministic schedulability guarantees from WCRT analysis, enabling consistency checks between average-case and worst-case timing results. A case study based on a 500 kbit/s automotive CAN configuration with six priority classes is presented. The results show that the network operates at approximately 35.9% bus utilization and that all message classes satisfy their timing requirements with a substantial margin, with the maximum worst-case response time remaining below 2 ms. The study further discusses the modeling assumptions, abstraction limits, and sensitivity of timing behavior to frame length and traffic configuration. The proposed framework provides a practical methodology for timing-oriented design and early-stage validation of automotive CAN communication systems. Full article

This paper presents a Threat Analysis and Risk Assessment (TARA) of the takeover request (TOR) component in Advanced Driver Assistance Systems (ADAS) for SAE Level 2–3 automation. A TOR prompts the human driver to retake control when the system approaches its Operational Design Domain limits or when risk increases; late, false, or muted requests directly impact safety. The study models the TOR pipeline (perception, driver monitoring, decision logic, in-vehicle networks, and Human–Machine Interface) as assets and data flows, applies STRIDE-based threat identification using Microsoft Threat Modeling Tool and Ansys Medini Analyze, and rates risks under ISO/SAE 21434 with traceability to ISO 26262, ISO 21448, and UNECE R155/R157. The assessment produces 165 threat rows, with an initial risk distribution of 1 Critical, 113 High, 34 Medium, and 17 Low. Results show that tampering, denial of service, and spoofing dominate the TOR threat landscape, with the central processing unit, sensor-to-CPU links, and HMI channels as primary trust anchors. After applying mitigation measures including secure boot, message authentication, intrusion detection, redundancy checks, and encrypted communication, the residual post-mitigation security levels were reduced to 0 Critical, 0 High, 13 Medium, 101 Low, and 51 Negligible. Unlike other ADAS TARA studies, this TOR-focused analysis shows that cybersecurity risk is shaped by the interaction between cyber compromise, driver-readiness estimation, HMI delivery, fallback execution, and the limited handover time budget. The results support a defence-in-depth mitigation strategy for secure TOR operation in SAE Level 2–3 vehicles. Full article

Driven by the rapid advancement of intelligence and connectivity, traditional distributed and signal-oriented automotive architectures are gradually being replaced by centralized, service-oriented architectures. In response to this transition, In-Vehicle Networks (IVNs) are expected to deliver high bandwidth, hard real-time performance, high reliability, and service-oriented capabilities. Data Distribution Service (DDS) and Time-Sensitive Networking (TSN) provide key technical support from the perspectives of service orientation and quality of service, respectively. Consequently, the integration of DDS and TSN has become a focal point in the field of IVNs. However, existing DDS message scheduling mechanisms cannot eliminate publishing time jitter, which prevents effective integration with deterministic scheduling mechanisms at the TSN layer, particularly the Time-Aware Shaper (TAS). To enable deterministic DDS communication in the DDS over TSN Architecture (DoTA), a Time-Triggered (TT) communication strategy based on message preemption and guard band mechanisms is proposed. This strategy is integrated into the flow controller of the DDS middleware. By scheduling a timed-event table, the publishing time of Time-Sensitive (TS) DDS messages is precisely controlled to align with the TAS mechanism. In addition, a schedulability analysis method is proposed to estimate the Worst-Case End-to-end Delay (WCED) of TS messages in DoTA. Experimental results from a physical testbed demonstrate that the proposed TT strategy can constrain the publishing time deviation of TS messages within 3 μs. When the TT strategy is jointly deployed with the TAS mechanism, both the end-to-end delay and jitter satisfy the requirements of safety-critical in-vehicle applications. Furthermore, the maximum deviation between the experimental results and the WCED estimated from the schedulability analysis is 15.4%. This indicates that the proposed method can effectively validate the feasibility of network designs and provide sufficient safety margins. Full article

Modern vehicles rely on in-vehicle network protocols such as Controller Area Network (CAN) protocol, but these protocols were designed without encryption or authentication. Therefore, the vehicles are exposed to cyber attacks. Motion-based Intrusion Detection Systems (MIDSs) exploit correlation between physically related signals to detect attacks. However, we show that MIDSs are vulnerable, because correlation coefficient is invariant to positive linear scaling. Hence, an adversary may manipulate a signal while keeping its correlation high. In this paper, we propose a Correlation Scaling Attack (CSA) that forges wheel speed signals by scaling their original value while keeping the temporal trend consistent with the other signal. We analyze that correlation coefficient remains unchanged when the signal is forged. Consequently, the CSA evades conventional MIDSs. To mitigate this limitation of MIDS, we exploit covariance between two signals as a complementary indicator, since covariance provides magnitude information. We evaluate the proposed attack and defense mechanism using CAN log data collected from a real vehicle. Experimental results verify the effectiveness of CSA, and we demonstrate that CSA can be detected by observing covariance between two signals. Our research not only indicates that the CSA is a significant threat to cars, but provides a feasible mitigation exploiting the covariance. Full article

Intrusion detection on in-vehicle networks requires high accuracy, which is reported by many papers so far, but also computational efficiency to make it suitable for real-world scenarios. The achievement of both requirements at the same time becomes harder to achieve, especially as the number of attacks diversifies. An approach to leverage computational costs is the use of sliding windows, i.e., batch processing, which extends the detection over multiple frames, but the use of multitask learning is also advantageous because a number of layers are shared between classes to extract common relevant features. While indeed the greatest computational gains are from the use of a sliding window, multitask learning has benefits too and is in fact necessary as multiple attack types can coexist in the same window. We explore the benefits of this approach on three existing attack datasets and we also build our own dataset that garners more attack complexity so that we can concretely measure the benefits of multitask learning both in terms of detection rate and computational savings. Our approach considers the feature-level similarity between attack types and legitimate frames, extracted from the mutual information between the two, and extends detection over windows of multiple frames, which justify multitask learning as frames belonging to different classes can co-exist in the same window. Full article

Secure real-time communication is a critical requirement in modern electric vehicle (EV) networks. These networks transmit safety-critical control commands through vulnerable in-vehicle communication channels. This study proposes a novel three-dimensional symmetric chaotic system for high-security EV communication. The system exhibits extensive multistability and symmetric double-wing attractors. To enhance dynamical complexity, its parameters are optimized using chaotic-enhanced particle swarm optimization (C-PSO). The largest Lyapunov exponent is used as the optimization objective. A fixed-time nonlinear controller is designed for rapid drive–response synchronization. The settling-time bound is independent of the initial conditions. The proposed method is evaluated through realistic Controller Area Network (CAN) bus simulations. These simulations include 12-bit quantization and a 1 ms sampling period. The experimental results show synchronization within 0.057 s. The recovered signal achieves an MSE of $1.202\times {10}^{-4}$. The encrypted signal reaches a Shannon entropy of 7.9904. These results confirm accurate recovery, strong randomness, and improved resistance to cryptographic attacks. Full article

Connected and autonomous vehicles (CAVs) increasingly rely on vehicle-to-everything (V2X) communication and distributed sensing infrastructures to support cooperative driving and intelligent transportation services. While these capabilities improve traffic efficiency and safety, they also expand the attack surface of vehicular networks and expose in-vehicle communication systems such as the Controller Area Network (CAN) bus to a wide range of cyber threats. Machine learning-based anomaly detection has emerged as a promising approach for identifying malicious CAN traffic patterns; however, conventional centralized learning requires large-scale data aggregation from vehicles, which raises privacy and scalability concerns. Federated learning (FL) enables collaborative model training across distributed vehicles without requiring the exchange of raw in-vehicle data, making it attractive for privacy-preserving vehicular security applications. Nevertheless, FL systems remain vulnerable to adversarial participants that manipulate local training data or model updates to poison the global model during aggregation. In this work, we present a systematic robustness evaluation of federated anomaly detection in connected vehicular networks under adversarial conditions. The study compares six aggregation strategies, including Federated Averaging (FedAvg), coordinate-wise Median, Trimmed Mean, Krum, Multi-Krum, and Geometric Median (GeoMed), within a non-IID federated CAN bus anomaly detection setting. The evaluation covers label-flipping attacks, gradient-scaling attacks, and a feature-triggered backdoor attack. In addition, the analysis examines malicious client participation, attack-strength variation, learning-rate sensitivity, Trimmed Mean beta sensitivity, multi-seed reliability, and server-side aggregation time. The results show that FedAvg is vulnerable under strong adversarial manipulation, while Trimmed Mean is sensitive to the selected trimming fraction. Median and GeoMed provide strong robustness against gradient-scaling attacks, whereas Multi-Krum achieves the strongest resistance to label-flipping and backdoor attacks. These findings demonstrate that no single aggregation strategy is optimal across all threat models. Instead, robust aggregation for federated CAV anomaly detection should be selected according to the expected attack type, reliability requirement, and computational overhead. Full article

The Controller Area Network (CAN) protocol used in in-vehicle networks is vulnerable to external attacks because it lacks authentication and encryption mechanisms. Accordingly, CAN Intrusion Detection Systems (IDSs) have been studied. However, existing IDSs remain difficult to deploy in practical vehicles because of their limited real-time capability, complex preprocessing, and high computational cost. To overcome these limitations, this paper proposes an ultra-lightweight Convolutional Neural Network (CNN)-based IDS that significantly reduces parameters and computational complexity while maintaining high detection performance. The proposed IDS improves area efficiency through a streaming pipeline, computation-block reuse, and constrained Processing Element (PE) parallelism. In addition, its lightweighting effect was quantitatively evaluated against an RTL baseline implemented under identical platform and design constraints. When an attack is detected, an Intrusion Prevention System (IPS) integrated with the CAN controller generates an error frame to block it in real time. The proposed IDS achieved over 99.97% detection performance for known frame-level message-injection scenarios on the Car-Hacking Dataset. It also achieved branch-wise real-time feasibility with an 11.46 µs ID-branch precomputation latency and a 5.68 µs DATA-complete-to-decision latency at 50 MHz. In TSMC 28 nm ASIC synthesis, the proposed IDS required 70,592 gates, with an estimated ASIC power of 2.0231 mW and an active inference energy of 34.68 nJ. Full article

With the rapid development of automotive intelligent driving technologies, the demand for real-time performance and bandwidth in in-vehicle bus networks is increasing day by day. When contrasted with conventional in-vehicle bus protocols like LIN and CAN, FlexRay delivers superior performance in bandwidth capacity, communication latency and data transmission speed. Such prominent strengths establish it as a core technical solution for modern automotive network systems. Targeting the flexible bandwidth characteristics of FlexRay bus systems, this work develops a novel heterogeneous message scheduling algorithm (DHSA) tailored for the dynamic segment of FlexRay. The DHSA enables flexible timeslot and priority configuration for event-triggered and low-priority messages, thereby improving the overall scheduling efficiency of FlexRay bus communication. This work adopts the CANoe.FlexRay simulation tool to construct a dedicated experimental platform and perform comparative simulations for the proposed algorithm. The experimental results show that the bandwidth utilization of the heterogeneous scheduling algorithm proposed in this paper reaches 96.6%, an increase of 13.4% compared to the Earliest Deadline First (EDF) algorithm; meanwhile, the fastest response time of the proposed algorithm is reduced by 50% compared to the EDF algorithm. This study effectively reduces message transmission latency and enhances system real-time performance and determinism, thereby further improving the communication efficiency of the in-vehicle FlexRay bus network. Full article

The Controller Area Network (CAN) remains the backbone of in-vehicle communication, but its lack of built-in security exposes safety-critical systems to cyberattacks. This paper presents a real-time, reconfigurable, specification-driven intrusion detection system (IDS) implemented on a custom test bench that emulates an EV powertrain. The CAN traffic captured from the four-ECU setup formed the dataset used in this study. The IDS enforces a compact, reconfigurable ruleset covering timing bounds, jitter envelopes, identifier whitelists, frame format, data length code (DLC) compliance, bus-load thresholds, application-level CRC, and alive-counter verification. The IDS achieves detection times below 2 ms with false positive rates under 1% for injection, denial of service (DoS), and fuzzy attacks, even at CAN bus loads up to 70%, while microcontroller resource usage remains within the constraints of automotive-grade devices, supporting deployment in embedded environments. The main contributions of this study are as follows: (i) a validated and reproducible EV powertrain test bench with millisecond-level timing, (ii) a deployable and easily reconfigurable ruleset with deterministic runtime, and (iii) a latency-oriented evaluation framework that is portable across automotive microcontroller platforms. The EV powertrain dataset v1.0 was released in a public GitHub repository to facilitate reproducible research and enable future benchmarking studies. Full article

Having long served as the backbone of automotive communication, the Controller Area Network utilizes error handling mechanisms under the ISO 11898 standard for communication reliability. However, these legacy error types do not explicitly distinguish between simple electrical noise and malicious intent. To address this structural limitation, we propose a sixth error type as a specialized protocol extension considering cybersecurity along with an error frame designed to notify other controllers and the driver of cybersecurity attacks. By defining a specific detection logic capable of identifying impersonation and replay attacks and introducing a specialized frame structure, this study enables the data link layer to take immediate defensive action without complex cryptographic overhead. Through FPGA based prototyping and Vector CANoe testing, we demonstrated that this mechanism successfully invalidates malicious attempts while preserving compatibility with the existing CAN error-handling mechanism. This research argues that cybersecurity can no longer be treated as an add-on but should be embedded within the protocol itself. Our findings provide a technical foundation for the next evolution of the ISO 11898 standard and toward security integrated CAN communication. Full article

As a higher-layer protocol over a controller area network (CAN) or CAN with a flexible data-rate bus, Society of Automotive Engineers (SAE) J1939 has been widely adopted in commercial vehicles. Although it supports advanced diagnostics, complex data transmission, and network management in harsh environments, SAE J1939 lacks native authentication mechanisms. Consequently, in-vehicle communication remains vulnerable to replay, spoofing, and injection attacks. In practice, deploying a Security-designated Electronic Control Unit (SeCU) is often deemed necessary to provide robust authentication, as generating and distributing session keys is essential. However, this introduces a single point of failure and renders the SeCU a high-value target for attackers. To address these issues, we propose J1939-ADBE, an authentication and key-distribution scheme that operates without a centralized SeCU. The scheme is built on Authenticated Distributed Broadcast Encryption (ADBE), a tightly integrated construction that augments distributed broadcast encryption with publicly verifiable sender authentication in a shared bilinear setting. By leveraging ADBE, we eliminate the requirement for a SeCU while achieving the desired security goals. Using the Tamarin Prover, we formally verify in the Dolev–Yao model that J1939-ADBE satisfies injective agreement, session secrecy, known-key security, and forward secrecy. Furthermore, the broadcast nature of ADBE reduces the communication cost of key distribution from $\mathcal{O}\left(n\right)$ to $\mathcal{O}\left(\right|\mathcal{G}\left|\right)$, where n denotes the number of Electronic Control Units (ECUs) and $\left|\mathcal{G}\right|$ denotes the number of ECU logical groups. Experimental results show that our proposal is practical for authentication within SAE J1939 networks. Full article

Vehicle networking is a new paradigm in wireless technology that facilitates communication between vehicles in close proximity and in-vehicle internet access. This technology paves the way for a variety of safety, convenience and entertainment applications, including safety message exchange, real-time traffic information sharing and public internet access. The overall goal of vehicular networks is to create an efficient, safe and convenient environment for vehicles on the road. This paper presents a Sensitive Node Election (SNE) algorithm adapted to routing protocols in certain opportunistic network environments. The algorithm focuses on selecting the best agent for communication using an innovative approach for message forwarding. Quality of Service (QoS) metrics targeted for optimization include network end-to-end throughput and packet delivery, with the aim of improving the overall performance of the network. Our algorithm includes a stochastic rebroadcasting scheme that takes into account parameters, such as vehicle density, distance between vehicles and transmission distance, and adapts to various network conditions. Furthermore, the SNE algorithm uses a metric based on transmission distance and can dynamically adapt to application requirements, such as prioritization. It provides high throughput and minimizes delay. The results demonstrate the effectiveness of this approach in improving QoS in various vehicular ad hoc network (VANET) simulations and influencing the neural network ensemble (NNE Algorithm). Full article

Security measures are essential in the automotive industry to detect intrusions in-vehicle networks. However, developing a one-size-fits-all intrusion detection system (IDS) is challenging because each vehicle has a unique data profile. This is due to the complex and dynamic nature of the data generated by vehicles regarding their model, driving style, test environment, and firmware update. To address this issue, a universal IDS has been developed that can be applied to all types of vehicles without the need for customization. Unlike conventional IDSs, the universal IDS can adapt to data distribution shifts caused by changes in driving style, vehicle platform, or firmware updates. In this study, a new hybrid approach has been developed, combining Pearson correlation with deep learning techniques. This approach has been tested using data obtained from four distinct mechanical and electronic vehicles, including Tesla, Sonata, and two Kia models. The data has been combined into two frequency datasets, and wavelet transformation has been employed to convert them into the frequency domain, enhancing generalizability. Additionally, a statistical method based on independent rule-based systems using Pearson correlation has been utilized to improve system performance. The system has been compared with eight different IDSs, three of which utilize the universal approach, while the remaining five are based on conventional techniques. The accuracy of each system has been evaluated through benchmarking, and the results demonstrate that the hybrid system effectively detects intrusions in various vehicle models. Full article

SOME/IP is a core AUTOSAR middleware for Automotive Ethernet, enabling scalable service-oriented communication among distributed embedded devices; however, its lack of built-in authentication, encryption, and integrity protection exposes vehicles to threats such as eavesdropping, denial-of-service, fuzzing, and man-in-the-middle attacks. To study these risks, we empirically reproduce representative attack behaviors in a realistic SOME/IP simulation and propose an anomaly detection framework tailored to SOME/IP traffic. The framework parses raw Ethernet frames into layered SOME/IP and SOME/IP Service Discovery representations and extracts behavior-centric features, including time-interval variation, payload likelihood and entropy, and payload and length change rates. Based on these features, it performs real-time classification using an XGBoost-based model. Experimental evaluation on a large-scale dataset demonstrates that the proposed approach achieves 0.93 PR-AUC, 0.99 ROC-AUC, and a 0.97 F1-score on a real-world-reflective, imbalanced dataset, while also delivering an end-to-end efficiency of 0.556 ms per packet, covering both feature generation and XGBoost inference. Full article