704 research outputs found
A Systematic Literature Review on Automotive Digital Forensics: Challenges, Technical Solutions and Data Collection
A modern vehicle has a complex internal architecture and is wirelessly connected to the Internet, other vehicles, and the infrastructure. The risk of cyber attacks and other criminal incidents along with recent road accidents caused by autonomous vehicles calls for more research on automotive digital forensics. Failures in automated driving functions can be caused by hardware and software failures and cyber security issues. Thus, it is imperative to be able to determine and investigate the cause of these failures, something which requires trustable data. However, automotive digital forensics is a relatively new field for the automotive where most existing self-monitoring and diagnostic systems in vehicles only monitor safety-related events. To the best of our knowledge, our work is the first systematic literature review on the current research within this field. We identify and assess over 300 papers published between 2006 - 2021 and further map the relevant papers to different categories based on identified focus areas to give a comprehensive overview of the forensics field and the related research activities. Moreover, we identify forensically relevant data from the literature, link the data to categories, and further map them to required security properties and potential stakeholders. Our categorization makes it easy for practitioners and researchers to quickly find relevant work within a particular sub-field of digital forensics. We believe our contributions can guide digital forensic investigations in automotive and similar areas, such as cyber-physical systems and smart cities, facilitate further research, and serve as a guideline for engineers implementing forensics mechanisms
Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges
Vehicles are currently being developed and sold with increasing levels of connectivity and automation. As with all networked computing devices, increased connectivity often results in a heightened risk of a cyber security attack. Furthermore, increased automation exacerbates any risk by increasing the opportunities for the adversary to implement a successful attack. In this paper, a large volume of publicly accessible literature is reviewed and compartmentalised based on the vulnerabilities identified and mitigation techniques developed. This review highlighted that the majority of research is reactive and vulnerabilities are often discovered by friendly adversaries (white-hat hackers). Many gaps in the knowledge base were identified. Priority should be given to address these knowledge gaps to minimise future cyber security risks in the connected and autonomous vehicle sector
REMIND: A Framework for the Resilient Design of Automotive Systems
In the past years, great effort has been spent on enhancing the security and safety of vehicular systems. Current advances in information and communication technology have increased the complexity of these systems and lead to extended functionalities towards self-driving and more connectivity. Unfortunately, these advances open the door for diverse and newly emerging attacks that hamper the security and, thus, the safety of vehicular systems. In this paper, we contribute to supporting the design of resilient automotive systems. We review and analyze scientific literature on resilience techniques, fault tolerance, and dependability. As a result, we present the REMIND resilience framework providing techniques for attack detection, mitigation, recovery, and resilience endurance. Moreover, we provide guidelines on how the REMIND framework can be used against common security threats and attacks and further discuss the trade-offs when applying these guidelines
Towards a Secure and Resilient Vehicle Design: Methodologies, Principles and Guidelines
The advent of autonomous and connected vehicles has brought new cyber security challenges to the automotive industry. It requires vehicles to be designed to remain dependable in the occurrence of cyber-attacks. A modern vehicle can contain over 150 computers, over 100 million lines of code, and various connection interfaces such as USB ports, WiFi, Bluetooth, and 4G/5G. The continuous technological advancements within the automotive industry allow safety enhancements due to increased control of, e.g., brakes, steering, and the engine. Although the technology is beneficial, its complexity has the side-effect to give rise to a multitude of vulnerabilities that might leverage the potential for cyber-attacks. Consequently, there is an increase in regulations that demand compliance with vehicle cyber security and resilience requirements that state vehicles should be designed to be resilient to cyber-attacks with the capability to detect and appropriately respond to these attacks. Moreover, increasing requirements for automotive digital forensic capabilities are beginning to emerge. Failures in automated driving functions can be caused by hardware and software failures as well as cyber security issues. It is imperative to investigate the cause of these failures. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.In this thesis, we propose a methodology to predict and mitigate vulnerabilities in vehicles using a systematic approach for security analysis; a methodology further used to develop a framework ensuring a resilient and secure vehicle design concerning a multitude of analyzed vehicle cyber-attacks. Moreover, we review and analyze scientific literature on resilience techniques, fault tolerance, and dependability for attack detection, mitigation, recovery, and resilience endurance. These techniques are then further incorporated into the above-mentioned framework. Finally, to meet requirements to hastily and securely patch the increasing number of bugs in vehicle software, we propose a versatile framework for vehicle software updates
Log Your Car:The Non-invasive Vehicle Forensics
Digital forensics is becoming an important feature
for many embedded devices. In automotive systems, digital
forensics involves multiple electronic control units (ECUs)
used to support the connected and intelligent vehicle’s
technology. Digital evidence from these ECUs can be used in
forensics investigation and analysis. Such a mechanism can
potentially facilitate crash investigation, insurance claims and crime investigation. Issues related to forensics include the authenticity, integrity and privacy of the data. In this paper, the security of the forensic process and data in automotive systems is analysed. We propose an efficient, secure, privacy-preserving and reliable mechanism to provide a forensics data collection and storage process. A diagnostic application for smart phones, DiaLOG, is incorporated in the proposed process that uses a secure protocol to communicate the collected forensic data to a secure cloud storage. The proposed protocol for communicating forensic data is implemented to measure performance results and formally analysed using Scyther and CasperFDR with no known attack found
Industry 4.0 and Cybersecurity at Automobile Manufacturing in Smart Factories
The automotive industry in smart factories is constantly developing depending on technology. Depending on the developing technology, security problems come to the fore. Industry 4.0 and cyber security are widely used in automotive sector applications as well as in all areas of our lives. These applications pose security threats to automotive users and drivers. Attacks on vehicle software, especially by autonomous vehicle users, endanger passengers and vehicle safety. It should take the necessary precautions to be protected against cyber-attacks and be equipped to solve the problem. The rapid change of technology in smart factories and with industry 4.0 brings new security vulnerabilities and new cyber attacks. The hostility arising from inter-sectoral competition has lost its value compared to previous periods and has left its authority to cyberattacks, threats, and damaging moves against system security. Industry 4.0 is also known as the Industrial Revolution Industry, which covers a specific production technology and the interests of many groups, and exchanges data without human use and innovative system. With this industrial revolution, which also plays an active role in the establishment of a smart factory, more useful work examples are obtained as it ensures that each data is collected and analyzed in the best way in the production area. In this study, cyber attacks in the automotive industry and cyber threats in automobile factories are examined. In addition, layered protection has been proposed by investigating how to take precautions against these attacks and threats
A Systematic Approach for Cyber Security in Vehicular Networks
Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and with adjacent infrastructure by exchanging significant messages, such as road accident warnings, steep-curve ahead warnings or traffic jam warnings. However, this communication and other assets involved are subject to major threats and provide numerous opportunities for attackers to launch several attacks and compromise security and privacy of vehicular users. This paper reviews the cyber security in VANET and proposes an asset-based approach for VANET security. Firstly, it identifies relevant assets in VANET. Secondly, it provides a detailed taxonomy of vulnerabilities and threats on these assets, and, lastly, it classifies the possible attacks in VANET and critically evaluates them
SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine Learning
Cyber-physical systems (CPS) and Internet-of-Things (IoT) devices are
increasingly being deployed across multiple functionalities, ranging from
healthcare devices and wearables to critical infrastructures, e.g., nuclear
power plants, autonomous vehicles, smart cities, and smart homes. These devices
are inherently not secure across their comprehensive software, hardware, and
network stacks, thus presenting a large attack surface that can be exploited by
hackers. In this article, we present an innovative technique for detecting
unknown system vulnerabilities, managing these vulnerabilities, and improving
incident response when such vulnerabilities are exploited. The novelty of this
approach lies in extracting intelligence from known real-world CPS/IoT attacks,
representing them in the form of regular expressions, and employing machine
learning (ML) techniques on this ensemble of regular expressions to generate
new attack vectors and security vulnerabilities. Our results show that 10 new
attack vectors and 122 new vulnerability exploits can be successfully generated
that have the potential to exploit a CPS or an IoT ecosystem. The ML
methodology achieves an accuracy of 97.4% and enables us to predict these
attacks efficiently with an 87.2% reduction in the search space. We demonstrate
the application of our method to the hacking of the in-vehicle network of a
connected car. To defend against the known attacks and possible novel exploits,
we discuss a defense-in-depth mechanism for various classes of attacks and the
classification of data targeted by such attacks. This defense mechanism
optimizes the cost of security measures based on the sensitivity of the
protected resource, thus incentivizing its adoption in real-world CPS/IoT by
cybersecurity practitioners.Comment: This article has been accepted in IEEE Transactions on Emerging
Topics in Computing. 17 pages, 12 figures, IEEE copyrigh
- …