The innovations of vehicle connectivity have been increasing dramatically to enhance the safety and user experience of driving, while the rising numbers of interfaces to the external world also bring security threats to vehicles. Many security countermeasures have been proposed and discussed to protect the systems and services against attacks. To provide an overview of the current states in this research field, we conducted a systematic mapping study on the topic area "security countermeasures of in-vehicle communication systems". 279 papers are identified based on the defined study identification strategy and criteria. We discussed four research questions related to the security countermeasures, validation methods, publication patterns, and research trends and gaps based on the extracted and classified data. Finally, we evaluated the validity threats, the study identification results, and the whole mapping process. We found that the studies in this topic area are increasing rapidly in recent years. However, there are still gaps in various subtopics like automotive Ethernet security, anomaly reaction, and so on. This study reviews the target field not only related to research findings but also research activities, which can help identify research gaps at a high level and inspire new ideas for future work.

<div>The lack of traceability in today’s supply-chain system for auto components makes counterfeiting a significant problem leading to millions of dollars of lost revenue every year and putting the lives of customers at risk. Traditional solutions are usually built upon hardware such as radio-frequency identification (RFID) tags and barcodes, and these solutions cannot stop attacks from supply-chain (insider) parties themselves as they can simply duplicate products in their local database.</div> <div>This industry-academia collaborative work studies the benefits and challenges associated with the use of distributed ledger (or blockchain) technology toward preventing counterfeiting in the presence of malicious supply-chain parties. We illustrate that the provision of a distributed and append-only ledger jointly governed by supply-chain parties themselves makes permissioned blockchains such as Hyperledger Fabric a promising approach toward mitigating counterfeiting. Meanwhile, we demonstrate that the privacy of supply-chain parties can be preserved as competing supply-chain parties strive to protect their businesses from the prying eyes of competitors and counterparties. Besides, we show that the recall process can be achieved efficiently with the help of the blockchain. The proposed solution, Fordchain, overcomes the challenges to achieve the best of both worlds: a solution to the counterfeiting problem using distributed ledger technology while providing accountability and the privacy notions of interest for supply-chain parties. Although our efforts to build a blockchain-based counterfeiting prevention system aim at automotive supply chains, the lessons learned are highly applicable to other supply chains. We end-to-end implement our Fordchain solution in the Hyperledger Fabric framework, analyze it over AWS EC2 clusters, and illustrate that the performance of our solution is good enough to be applied in practice.</div>

Reviewer Acknowledgment

<div>Connected vehicles and intelligent transportation systems are currently evolving into highly interconnected digital environments. Due to the interconnectivity of different systems and complex communication flows, a joint risk analysis for combining safety and security from a system perspective does not yet exist. We introduce a novel method for joint risk assessment in the automotive sector as a combination of the Diamond Model, Failure Mode and Effects Analysis (FMEA), and Factor Analysis of Information Risk (FAIR). These methods have been sequentially composed, which results in a comprehensive risk management approach to information security in an intelligent transport system (ITS). The Diamond Model serves to identify and structurally describe threats and scenarios, the widely accepted FMEA provides threat analysis by identifying possible error combinations, and FAIR provides a quantitative estimation of probabilities for the frequency and magnitude of risk events. We present the methodology and its step-by-step application on a practice-oriented automotive use case. As a result of this risk management approach, we can finally provide quantitative values from FAIR instead of a qualitative categorization, enabling a more accurate assessment of risks and prioritization of their mitigation. Simultaneously, the FMEA ensures complete risk identification at a component level. The approach is transparent, reusable, and can be adjusted to new estimations or insights easily and at any time, thus addressing the complexity and diversity of services in the transportation domain.</div>