Towards a Standardised Framework for Securing Connected Vehicles

Vehicular security was long limited to physical security - to prevent theft. However, the trend of adding more comfort functions and delegating advanced driving tasks back to the vehicle increased the magnitude of attacks, making cybersecurity inevitable. Attackers only need to find one vulnerability in the myriad of electronic control units (ECUs) and communication technologies used in a vehicle to compromise its functions. Vehicles might also be attacked by the owners, who want to modify or even disable certain vehicle functions.Many different parties are involved in the development of such a complex system as the functions are distributed over more than 100 ECUs, making it difficult to get an overall picture of the achieved security. Therefore, moving towards a standardised security framework tailored for the automotive domain is necessary.In this thesis we study various safety and security standards and proposed frameworks from different industrial domains with respect to their way of classifying demands in the form of levels and their methods to derive requirements. In our proposed framework, we suggest security levels appropriate for automotive systems and continue with a mapping between these security levels and identified security mechanisms and design rules to provide basic security. We further study in detail a mechanism which provides freshness to authenticated messages, namely AUTOSAR SecOC Profile 3, and present a novel extension that offers a faster synchronisation between ECUs and reduces the number of required messages for synchronisation

Location closeness model for VANETs with integration of 5G

Nowadays. 5G is playing a significant role in the efficiency of network security and creating more and faster channels for communication. 5G is evoking industries such as healthcare, education, marketing, transportation, and V2X (Vehicle-to-everything). In addition. 5G considers a new radio access technology that is adding new applications like the Internet of Tilings (IoT). Augmented Reality. Virtual Reality, connected cars, connected people-to-people, smart city, connected homes that are considered using higher bandwidth and low latency. Mainly, this paper is focusing on security challenges faced by the Vehicular ad-hoc network (VANET). VANET faces threats in three different fields: Security, safety, and infotainment, which further have numerous attacks. More precisely, this research conducted an in-depth study and proposed a VANET trust model. Therefore the proposed model deals specifically with the "location closenessb" parameter. Moreover, the trust model integrated with 5G cloud to support greater coverage, effective network density with respect to network infrastructure and IoT as well. Therefore, in this article, an effort has been put forward to implement the model using case studies to validate the trust model based on the "location closeness parameter. The results proved the valid implementation of the model by identifying the trusted communication between the vehicles

Defining interactions: a conceptual framework for understanding interactive behaviour in human and automated road traffic

Rapid advances in technology for highly automated vehicles (HAVs) have raised concerns about coexistence of HAVs and human road users. Although there is a long tradition of research into human road user interactions, there is a lack of shared models and terminology to support cross-disciplinary research and development towards safe and acceptable interaction-capable HAVs. Here, we review the main themes and findings in previous theoretical and empirical interaction research, and find large variability in perspectives and terminologies. We unify these perspectives in a structured, cross-theoretical conceptual framework, describing what road traffic interactions are, how they arise, and how they get resolved. Two key contributions are: (1) a stringent definition of “interaction”, as “a situation where the behaviour of at least two road users can be interpreted as being influenced by the possibility that they are both intending to occupy the same region of space at the same time in the near future”, and (2) a taxonomy of the types of behaviours that road users exhibit in interactions. We hope that this conceptual framework will be useful in the development of improved empirical methodology, theoretical models, and technical requirements on vehicle automation

Urban (UMaaS) and Rural (RMaaS) Mobility as a Service (MaaS) : practical insights from international practitioners and experts.

This research was supported by the University of Aberdeen, United Kingdom, ETP (Energy Technology Partnership) and HITRANS (Highlands and Islands Transport Regional Authority). The Grant Number RG14413.Peer reviewedPublisher PD

A holistic review of cybersecurity and reliability perspectives in smart airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

A holistic review of cybersecurity and reliability perspectives in smart airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

A holistic review of cybersecurity and reliability perspectives in smart airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

Quantitative Performance Assessment of LiDAR-based Vehicle Contour Estimation Algorithms for Integrated Vehicle Safety Applications

Many nations and organizations are committing to achieving the goal of `Vision Zero\u27 and eliminate road traffic related deaths around the world. Industry continues to develop integrated safety systems to make vehicles safer, smarter and more capable in safety critical scenarios. Passive safety systems are now focusing on pre-crash deployment of restraint systems to better protect vehicle passengers. Current commonly used bounding box methods for shape estimation of crash partners lack the fidelity required for edge case collision detection and advanced crash modeling. This research presents a novel algorithm for robust and accurate contour estimation of opposing vehicles. The presented method is evaluated via a developed framework for key performance metrics and compared to alternative algorithms found in literature

Untersuchungen zur Anomalieerkennung in automotive Steuergeräten durch verteilte Observer mit Fokus auf die Plausibilisierung von Kommunikationssignalen

Die zwei herausragenden automobilen Trends Konnektivität und hochautomatisiertes Fahren bieten viele Chancen, aber vor allem in ihrer Kombination auch Gefahren. Einerseits wird das Fahrzeug immer mehr mit seiner Außenwelt vernetzt, wodurch die Angriffsfläche für unautorisierten Zugriff deutlich steigt. Andererseits erhalten Steuergeräte die Kontrolle über sicherheitsrelevante Funktionen. Um das Risiko und die potentiellen Folgen eines erfolgreichen Angriffs möglichst gering zu halten, sollte eine Absicherung auf mehreren Ebenen erfolgen. Der Fokus dieser Arbeit liegt auf der innersten Absicherungsebene und dabei speziell auf der Überwachung von Fahrezug-interner Kommunikation. Hierfür empfehlen Wissenschaft und Industrie unter anderem den Einsatz von Intrusion Detection/Intrusion Prevention Systemen. Das erarbeitete Konzept greift diesen Vorschlag auf und berücksichtigt bei der Detaillierung die Steuergeräte-spezifischen Randbedingungen, wie beispielsweise die vergleichsweise statische Fahrzeugvernetzung und die limitierten Ressourcen. Dadurch entsteht ein hybrider Ansatz, bestehend aus klassischen Überwachungsregeln und selbstlernenden Algorithmen. Dieser ist nicht nur für die Fahrzeug-interne Kommunikation geeignet, sondern gleichermaßen für den Steuergeräte-internen Informationsaustausch, die Interaktion zwischen Applikations- und Basissoftware sowie die Überwachung von Laufzeit- und Speichereigenschaften. Das übergeordnete Ziel ist eine ganzheitliche Steuergeräte-Überwachung und damit eine verbesserte Absicherung im Sinne der Security. Abweichungen vom Sollverhalten - sogenannte Anomalien - werden jedoch unabhängig von deren Ursache erkannt, sei es ein mutwilliger Angriff oder eine Fehlfunktion. Daher kann dieser Ansatz auch zur Verbesserung der Safety beitragen, speziell wenn Applikationen und Algorithmen abzusichern sind, die sich während des Lebenszyklus eines Fahrzeugs verändern oder weiterentwickeln. Im zweiten Teil der Arbeit steht die Plausibilisierung von einzelnen Kommunikationssignalen im Vordergrund. Da deren möglicher Verlauf nicht formal beschrieben ist, kommen hierfür selbstlernende Verfahren zum Einsatz. Neben der Analyse und der Auswahl von grundsätzlich geeigneten Algorithmen ist die Leistungsbewertung eine zentrale Herausforderung. Die zu erkennenden Anomalien sind vielfältig und in der Regel sind nur Referenzdaten des Normalverhaltens in ausreichender Menge vorhanden. Aus diesem Grund werden unterschiedliche Anomalie-Typen definiert, welche die Anomaliesynthese in Normaldaten strukturieren und somit eine Evaluierung anhand der Erkennungsrate erlauben. Die Evaluierungsergebnisse zeigen, dass eine Signalplausibilisierung mittels künstlichen neuronalen Netzen (Autoencoder) vielversprechend ist. Zum Abschluss betrachtet die vorliegende Arbeit daher die Herausforderungen bei deren Realisierung auf automotive Steuergeräten und liefert entsprechende Kennzahlen für die benötigte Laufzeit und den Speicherverbrauch

Machine Learning-based Methods for Driver Identification and Behavior Assessment: Applications for CAN and Floating Car Data

The exponential growth of car generated data, the increased connectivity, and the advances in artificial intelligence (AI), enable novel mobility applications. This dissertation focuses on two use-cases of driving data, namely distraction detection and driver identification (ID). Low and medium-income countries account for 93% of traffic deaths; moreover, a major contributing factor to road crashes is distracted driving. Motivated by this, the first part of this thesis explores the possibility of an easy-to-deploy solution to distracted driving detection. Most of the related work uses sophisticated sensors or cameras, which raises privacy concerns and increases the cost. Therefore a machine learning (ML) approach is proposed that only uses signals from the CAN-bus and the inertial measurement unit (IMU). It is then evaluated against a hand-annotated dataset of 13 drivers and delivers reasonable accuracy. This approach is limited in detecting short-term distractions but demonstrates that a viable solution is possible. In the second part, the focus is on the effective identification of drivers using their driving behavior. The aim is to address the shortcomings of the state-of-the-art methods. First, a driver ID mechanism based on discriminative classifiers is used to find a set of suitable signals and features. It uses five signals from the CAN-bus, with hand-engineered features, which is an improvement from current state-of-the-art that mainly focused on external sensors. The second approach is based on Gaussian mixture models (GMMs), although it uses two signals and fewer features, it shows improved accuracy. In this system, the enrollment of a new driver does not require retraining of the models, which was a limitation in the previous approach. In order to reduce the amount of training data a Triplet network is used to train a deep neural network (DNN) that learns to discriminate drivers. The training of the DNN does not require any driving data from the target set of drivers. The DNN encodes pieces of driving data to an embedding space so that in this space examples of the same driver will appear closer to each other and far from examples of other drivers. This technique reduces the amount of data needed for accurate prediction to under a minute of driving data. These three solutions are validated against a real-world dataset of 57 drivers. Lastly, the possibility of a driver ID system is explored that only uses floating car data (FCD), in particular, GPS data from smartphones. A DNN architecture is then designed that encodes the routes, origin, and destination coordinates as well as various other features computed based on contextual information. The proposed model is then evaluated against a dataset of 678 drivers and shows high accuracy. In a nutshell, this work demonstrates that proper driver ID is achievable. The constraints imposed by the use-case and data availability negatively affect the performance; in such cases, the efficient use of the available data is crucial