Automotive Cybersecurity Research Articles

A privacy-preserving Self-Supervised Learning-based intrusion detection system for 5G-V2X networks

In light of the ongoing transformation in the automotive industry, driven by the adoption of 5G and the proliferation of connected vehicles, network security has emerged as a critical concern. This is particularly true for the implementation of cutting-edge 5G services such as Network Slicing (NS), Software Defined Networking (SDN), and Multi-access Edge Computing (MEC). As these advanced services become more prevalent, they introduce new vulnerabilities that can be exploited by cyber attackers. Consequently, Network Intrusion Detection Systems (NIDSs) are pivotal in safeguarding vehicular networks against cyber threats. Still, their efficacy hinges on extensive data, which often contains sensitive and confidential information such as vehicle positions and owner’s behaviors, raising privacy concerns. To address this issue, we propose a Privacy-Preserving Self-Supervised Learning (SSL) based Intrusion Detection System for 5G-V2X networks. The majority of works in the literature relying on Federated Learning (FL) and often overlook data labeling on the end devices. Our methodology leverages SSL to pre-train NIDSs using unlabeled data. Post-training is then performed with a minimal amount of labeled data, which can be carefully crafted by an expert. This novel technique allows the training of NIDSs with huge datasets without compromising privacy, consequently enhancing the efficacy of cyber-attack protection. Our innovative SSL pre-training methodology has yielded remarkable results, demonstrating a substantial improvement of up to 9% in accuracy across a diverse range of training dataset sizes, including scenarios with as few as 200 data samples. Our approach highlights the potential to enhance automotive network security significantly, showcasing groundbreaking achievements that set a new standard in the field of automotive cybersecurity.

Automotive Cybersecurity: A Survey on Frameworks, Standards, and Testing and Monitoring Technologies.

Modern vehicles are increasingly interconnected through various communication channels, which requires secure access for authorized users, the protection of driver assistance and autonomous driving system data, and the assurance of data integrity against misuse or manipulation. While these advancements offer numerous benefits, recent years have exposed many intrusion incidents, revealing vulnerabilities and weaknesses in current systems. To sustain and enhance the performance, quality, and reliability of vehicle systems, software engineers face significant challenges, including in diverse communication channels, software integration, complex testing, compatibility, core reusability, safety and reliability assurance, data privacy, and software security. Addressing cybersecurity risks presents a substantial challenge in finding practical solutions to these issues. This study aims to analyze the current state of research regarding automotive cybersecurity, with a particular focus on four main themes: frameworks and technologies, standards and regulations, monitoring and vulnerability management, and testing and validation. This paper highlights key findings, identifies existing research gaps, and proposes directions for future research that will be useful for both researchers and practitioners.

A simulation framework for automotive cybersecurity risk assessment

Human-initiated disruptions such as cyberattacks on connected vehicles have the potential to cause cascading failures in transport systems, leading to systemic risks. ‘ISO/SAE 21434:2021 Road vehicles - Cybersecurity engineering’ is the current standard for risk management of road vehicles. However, the threat analysis and risk assessment framework given in the standard focuses on asset-level analysis and assessment. Hence, this study develops a novel simulation-based framework to perform threat analysis and risk assessment on connected vehicles from a transport network perspective. The proposed framework is developed based on the ISO/SAE 21434 threat analysis and risk assessment methodology. We demonstrate the applicability and usefulness of the framework through a remote attack via the cellular network on the in-vehicle communication bus system of a connected vehicle to show the potential impacts on the transport network. Based on the findings of our case studies, we exemplify how cyberattacks on individual system components of a connected vehicle have the potential to cause systemic failures.

Automotive Cyber Security - Emerging Risks and New Case Study Insights

Automotive Cyber Security - Emerging Risks and New Case Study Insights

Reconfigurable CAN Intrusion Detection and Response System

The controller area network (CAN) remains the de facto standard for intra-vehicular communication. CAN enables reliable communication between various microcontrollers and vehicle devices without a central computer, which is essential for sustainable transportation systems. However, it poses some serious security threats due to the nature of communication. According to caranddriver.com, there were at least 150 automotive cybersecurity incidents in 2019, a 94% year-over-year increase since 2016, according to a report from Upstream Security. To safeguard vehicles from such attacks, securing CAN communication, which is the most relied-on in-vehicle network (IVN), should be configured with modifications. In this paper, we developed a configurable CAN communication protocol to secure CAN with a hardware prototype for rapidly prototyping attacks, intrusion detection systems, and response systems. We used a field programmable gate array (FPGA) to prototype CAN to improve reconfigurability. This project focuses on attack detection and response in the case of bus-off attacks. This paper introduces two main modules: the multiple generic errors module with the introduction of the error state machine (MGEESM) module and the bus-off attack detection (BOAD) module for a frame size of 111 bits (BOAD111), based on the CAN protocol presenting the introduction of form error, CRC error, and bit error. Our results show that, in the scenario with the transmit error counter (TEC) value 127 for switching between the error-passive state and bus-off state, the detection times for form error, CRC error, and bit error introduced in the MGEESM module are 3.610 ms, 3.550 ms, and 3.280 ms, respectively, with the introduction of error in consecutive frames. The detection time for BOAD111 module in the same scenario is 3.247 ms.

Data-Driven Solutions for Next-Generation Automotive Cybersecurity

Data-Driven Solutions for Next-Generation Automotive Cybersecurity

The Need for Cybersecurity in Automotive Industry

This research paper analyzes the importance of cybersecurity in the automotive industry and explains how cybersecurity threats impact the modern world of connected, autonomous, and electrical vehicles. Furthermore, this paper covers in-depth research into the different types of automotive cyber threats such as physical, sensor, software, and network attacks on a vehicle, and various methods to prevent these threats from happening in real-world scenarios. The research paper also helps the reader to gain a broader understanding of cybersecurity in the automotive world. The methodology of this research involved analyzing and collecting information through various external websites, articles, and research papers. Information was collected on automotive cybersecurity incidents from news articles and international cyber security conference presentations. Based on this evidence from various external sources, the research problem was supported by factual data. This paper also talks about all the various solutions to cybersecurity threats in depth such as authentication and encryption, malware detection, software analysis, VPNs (Virtual Private Network), and cryptography. This paper also provides information about some of the new regulations and standards that are currently adopted in the automotive industry. With the rapid change in automotive technology, it is important to be aware that cars can have up to 150 ECUs (Electronic Control Unit) and about 300 million lines of code in near future which could expose more vulnerabilities. (2020, McKinsey & Company). To meet the challenge of these automotive cyber security threats, it is important that awareness should be created among the product engineers and researchers working on future automobiles. This paper attempts at exploring the challenges with automotive cyber security and creating this awareness.

Fast and efficient context-aware embedding generation using fuzzy hashing for in-vehicle network intrusion detection

In the rapidly advancing field of automotive cybersecurity, the protection of In-Vehicle Networks (IVNs) against cyber threats is crucial. Current deep learning solutions offer robustness but at the cost of high computational demand and potential privacy breaches due to the extensive IVN data required for model training. Our study proposes a novel intrusion detection system (IDS) specifically designed for IVNs that prioritizes computational efficiency and data privacy. Utilizing fuzzy hashing techniques, we generate context-aware embeddings that effectively preserve the privacy of IVN data. Among the machine learning algorithms evaluated, the Support Vector Machine (SVM) emerged as the most effective, particularly when paired with TLSH hash embeddings. This combination achieved notable detection performance, as substantiated by T-SNE visualizations that demonstrate a distinct segregation of normal and attack traffic within the vector space. To validate the effectiveness and practicality of our proposed IDS, we conducted exhaustive experiments on the well-known car-hacking dataset and the more complex ROAD dataset, which includes diverse and sophisticated attack scenarios. Our findings reveal that the proposed lightweight IDS not only demonstrates high detection accuracy but also maintains this performance within the computational constraints of current IVN systems. The system's capability to operate effectively in real-time environments makes it a viable solution for modern automotive cybersecurity needs.

Systematic Risk Characterisation of Hardware Threats to Automotive System

The increasing dependence of modern automotive systems on electronics and software poses cybersecurity risks previously not factored into design and engineering of such systems. Attacks on hardware components, communication modules and embedded software – many of which are purposefully designed for automotive control and communications – are the key focus of this paper. We adopt a novel approach to characterise such attacks using Gajski-Kuhn Y-charts to represent attack manipulation across behavioural, structural and physical domains. Our selection of attacks is evidence-driven demonstrating threats that have been demonstrated to be feasible in the real-world. We then risk assess impact of such threats using the recently adopted ISO/SAE 21434 standard for automotive cybersecurity risk assessment, including mitigations for potential adoption. Our work serves to provide unique insights into the complex dynamic of hardware vulnerabilities and how the industry may address system-level security and protection of modern automotive platforms.

The performance of Logistic Regression, Decision Tree, KNN, Naive Bayes and SVM for identifying Automotive Cybersecurity Attack and Prevention: An Experimental Study

The automotive industry has witnessed a significant increase in cyber threats as vehicles become more connected and reliant on software-driven systems. To safeguard against these threats, effective cybersecurity measures must be implemented. This paper explores the use of Support Vector Machine (SVM) algorithms as a means of bolstering automotive cybersecurity attack prevention. SVM algorithms have demonstrated remarkable capabilities in various domains due to their ability to handle complex and high-dimensional data. By leveraging SVM algorithms, this research aims to enhance the detection and prevention of cybersecurity attacks targeting automotive systems.
 The proposed approach involves training SVM models using labeled datasets that include both normal and anomalous driving scenarios. By analyzing various features and patterns extracted from the data, the SVM models can learn to differentiate between normal and malicious behaviour. These models can then be used in real-time to identify and mitigate potential cyber threats.
 The results of this study is compared with other machine learning algorithm like Logistic Regression, Naive Bayes, KNN, Decision Tree, highlight the effectiveness of SVM algorithms in detecting and preventing automotive cybersecurity attacks. The models exhibit high accuracy rates in distinguishing between normal and anomalous behavior, providing a robust defense mechanism against potential threats.
 In conclusion, this research emphasizes the significance of leveraging SVM learning algorithms for automotive cybersecurity attack prevention. By harnessing the power of machine learning, automotive systems can be fortified against cyber threats, ensuring the safety and integrity of vehicles and their passengers.

Enhancing Communication Security an In-Vehicle Wireless Sensor Network

Confronting the challenges of securing communication in-vehicle wireless sensor networks demands innovative solutions, particularly as vehicles become more interconnected. This paper proposes a tailored communication security framework for in-vehicle wireless sensor networks, addressing both scientific and technical challenges through effective encryption methods. It segments the local vehicle network into independent subsystems communicating via encrypted and authenticated tunnels, enhancing automotive system safety and integrity. The authors introduce a process for periodic cryptographic key exchanges, ensuring secure communication and confidentiality in key generation without disclosing parameters. Additionally, an authentication technique utilizing the sender’s message authentication code secures communication tunnels, significantly advancing automotive cybersecurity and interconnectivity protection. Through a series of steps, including key generation, sending, and cryptographic key exchange, energy costs were investigated and compared with DTLS and TLS methods. For cryptographic security, testing against brute-force attacks and analysis of potential vulnerabilities in the AES-CBC 128 encryption algorithm, HMAC authentication, and HKDF key derivation function were carried out. Additionally, an evaluation of the memory resource consumption of the DTLS and TLS protocols was compared with the proposed solution. This work is crucial for mitigating risks associated with in-vehicle communication compromises within smart cities.

Generative Artificial Intelligence for Automotive Cybersecurity

Generative Artificial Intelligence for Automotive Cybersecurity

Secure Over-the-Air (OTA) Update Mechanisms for ADAS

This research aims to develop robust, resilient, and user-friendly over-the-air (OTA) software update mechanisms for advanced driver assistance systems (ADAS) in modern vehicles. The study conducts a comprehensive review on existing OTA update approaches, identifies security threats and vulnerabilities, and proposes an algorithm that incorporates cryptographic techniques, secure authentication, firmware validation, and rollback protection. The methodology utilized in this study involves secure package generation, distribution, installation, and monitoring, as well as adhering to automotive cybersecurity standards, such as ISO/SAE 21434 and UNECE WP.29. Extensive evaluation of OTA systems is important as it helps to assess their resilience against adversarial attacks, ensures regulatory compliance, and optimizes usability through user studies. The results demonstrate successful execution of secure OTA update mechanisms, preventing risks, fostering reliability and safety of ADAS software updates. The case studies highlight real-world deployments, best practices, and the effectiveness of the developed solution in improving automotive cybersecurity and functional safety.

Automotive Cybersecurity Application Based on CARDIAN

Nowadays, a vehicle can contain from 20 to 100 ECUs, which are responsible for ordering, controlling and monitoring all the components of the vehicle itself. Each of these units can also send and receive information to other units on the network or externally. For most vehicles, the controller area network (CAN) is the main communication protocol and system used to build their internal network. Technological development, the growing integration of devices and the numerous advances in the field of connectivity have allowed the vehicle to become connected, and the flow of information exchanged between the various ECUs (electronic control units) becomes increasingly important and varied. Furthermore, the vehicle itself is capable of exchanging information with other vehicles, with the surrounding environment and with the Internet. As shown by the CARDIAN project, this type of innovation allows the user an increasingly safe and varied driving experience, but at the same time, it introduces a series of vulnerabilities and dangers due to the connection itself. The job of making the vehicle safe therefore becomes critical. In recent years, it has been demonstrated in multiple ways how easy it is to compromise the safety of a vehicle and its passengers by injecting malicious messages into the CAN network present inside the vehicle itself. The purpose of this article is the construction of a system that, integrated within the vehicle network, is able to effectively recognize any type of intrusion and tampering.

Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems

The increasing usage of autonomous and automatic systems within the automotive industry is steering us towards a more interconnected world. This enhanced interconnectivity fosters a more streamlined driving experience, reduces costs, and provides timely driver assistance. The electric/electronic (EE) architectures of modern vehicles are inherently complex due to the multitude of components they encompass. Contemporary architectures reveal that these components converge at an electronic control unit (ECU) called the central gateway, which could potentially represent a single point of failure. While this central unit is typically adequately safeguarded, the same cannot be said for the connected components, which often remain vulnerable to cyber threats. The ISO/SAE 21434 standard paved the way for automotive cybersecurity and could be used in parallel with other standards such as ISO 26262 and ISO PAS 21488. Automatic collision notification (ACN) is one of the most typical systems in a vehicle, and limited effort has been dedicated to identifying the most suitable architecture for this feature. This paper addresses the existing security and privacy gap of this feature by conducting a comparative analysis of security threats in two distinct ACN architectures. Notably, despite ACN architectures exhibiting inherent similarities, the primary distinction between the two architectures lies in their strategies for crash estimation and detection, followed by subsequent communication with emergency response teams. A rigorous security assessment was conducted using the ISO/SAE 21434 standard, employing the TARA and STRIDE methodologies through the Ansys medini analyze software. This analysis identified an average of 310 threats per architecture, including a significant number of high-level threats (11.8% and 15%, respectively), highlighting the importance of a comprehensive evaluation.

A Global Survey of Standardization and Industry Practices of Automotive Cybersecurity Validation and Verification Testing Processes and Tools

<div>The United Nation Economic Commission for Europe (UNECE) Regulation 155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle’s lifecycle. An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval. Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. This research provides guidance on automotive cybersecurity testing and verification by providing an overview of the state-of-the-art in relevant automotive standards, outlining their transposition into national regulation and the currently used processes and tools in the automotive industry. Through engagement with state-of-the-art literature and workshops and surveys with industry groups, our study found that national regulatory authorities are moving to enshrine UN R155 as part of their vehicle regulations, with differences of implementation based on regulatory culture and pre-existing approaches to vehicle regulation. Validation and verification testing is developing aligned to UN R155 and ISO21434:2021; however, the testing approaches currently used within industry utilize elements of traditional enterprise information technology methods for penetration testing and toolsets. Electrical/electronic (E/E) components such as embedded control units (ECUs) are considered the primary testing target; however, connected and autonomous vehicle technologies are increasingly attracting more focus for testing.</div>

Design and Experimental Assessment of Real-Time Anomaly Detection Techniques for Automotive Cybersecurity.

In recent decades, an exponential surge in technological advancements has significantly transformed various aspects of daily life. The proliferation of indispensable objects such as smartphones and computers underscores the pervasive influence of technology. This trend extends to the domains of the healthcare, automotive, and industrial sectors, with the emergence of remote-operating capabilities and self-learning models. Notably, the automotive industry has integrated numerous remote access points like Wi-Fi, USB, Bluetooth, 4G/5G, and OBD-II interfaces into vehicles, amplifying the exposure of the Controller Area Network (CAN) bus to external threats. With a recognition of the susceptibility of the CAN bus to external attacks, there is an urgent need to develop robust security systems that are capable of detecting potential intrusions and malfunctions. This study aims to leverage fingerprinting techniques and neural networks on cost-effective embedded systems to construct an anomaly detection system for identifying abnormal behavior in the CAN bus. The research is structured into three parts, encompassing the application of fingerprinting techniques for data acquisition and neural network training, the design of an anomaly detection algorithm based on neural network results, and the simulation of typical CAN attack scenarios. Additionally, a thermal test was conducted to evaluate the algorithm's resilience under varying temperatures.

Intelligent Learning Algorithm and Intelligent Transportation-Based Energy Management Strategies for Hybrid Electric Vehicles: A Review

As one of the alternatives to conventional fuel vehicles, hybrid electric vehicles (HEV) offer lower fuel consumption and fewer exhaust emissions. To improve the performance of the HEV, the energy management strategy (EMS) is one of the most critical technologies. Classic EMS can be broadly classified into rule-based and optimization-based. With the development of machine learning technology, the deep reinforcement learning (DRL) algorithm of intelligent learning algorithms has been applied to the EMS. This paper mainly reviews the research progress of the EMS based on DRL from two aspects of the algorithm and training environment, and the EMS research involving combining the intelligent transportation system (ITS) is reviewed. In addition, the experimental test progress situations of DRL-based EMS research are discussed. Finally, the challenge of DRL-based EMSs is analyzed and some solutions are provided. In particular, it also involves some discussion about automotive cyber security in the intelligent transportation environment.

Safety and Theft Detection in Autonomous Vehicles

Abstract: The proposed work revolves around bolstering automotive cybersecurity and safety through a comprehensive strategy that encompasses various technological facets. The workflow commences with an advanced accident detection mechanism, facilitated by a set of IoT components such as bump switches, buzzers, ESP32 modules, switches, and device sensors. Upon detecting an accident, these components collaborate to promptly notify relevant entities, potentially minimizing the aftermath of collisions. Furthermore, the incident data is securely stored in the cloud, ensuring its availability for subsequent analysis and response coordination. The crux of this work lies in its application of machine learning algorithms—K-Means and Support Vector Machine (SVM) to tackle cybersecurity challenges. These algorithms undertake the vital task of classifying different types of cyber attacks. By learning patterns from labelled datasets, the algorithms become adept at identifying and categorizing various cyber threats. This classification empowers the system to swiftly recognize and respond to potential attacks, mitigating potential damages and risks to the vehicle's security. Another noteworthy feature of this work is its proactive stance against theft. Through a network of IoT components including switches and sensors, the system is primed to detect any unauthorized tampering or theft of vehicle parts. In such instances, the system triggers immediate notifications to relevant parties, thereby facilitating swift intervention and recovery measures. This real-time response capability greatly enhances the security of the vehicle and its components.

VitroBench: Manipulating in-vehicle networks and COTS ECUs on your bench: A comprehensive test platform for automotive cybersecurity research

With the increasing connectivity employed in automotive systems, remote cyber attacks have now become a possibility and concrete threat. Prior works on automotive cyber security solutions have primarily focused evaluation either on real cars or via emulations of electronic control units (ECUs). Evaluation on real cars offers limited flexibility in manoeuvring the packets communicated through in-vehicle network (IVN). Meanwhile, emulations of ECUs rely on assumptions that may not correspond to the exact features in an IVN.In this paper, we present VitroBench, a comprehensive test platform involving commercial off-the-shelf (COTS) ECUs that allows arbitrary packet control over IVN. In contrast to existing automotive testbed, an appealing feature of VitroBench is that it allows replication of driving use cases and scenarios directly on the testbed involving COTS ECUs. This, in turn, allows us to design and evaluate concrete attacks that are directly related to a driving scenario. We present the design of VitroBench that allows us to sniff, inject packets to and isolate targeted ECU via bridging. The isolation of ECUs also offers fuzzing the respective ECUs. We evaluate the capability of VitroBench via launching concrete attacks and demonstrating the impact of such attacks. We discuss the careful design choices involved in VitroBench that inspire automotive cybersecurity research in future.