Securing Safety Critical Automotive Systems

In recent years, several attacks were successfully demonstrated against automotive safety systems. The advancement towards driver assistance, autonomous driving, and rich connectivity make it impossible for automakers to ignore security. However, automotive systems face several unique challenges that make security adoption a rather slow and painful process. Challenges with safety and security co-engineering, the inertia of legacy software, real-time processing, and memory constraints, along with resistance to costly security countermeasures, are all factors that must be considered when proposing security solutions for automotive systems. In this work, we aim to address those challenges by answering the next questions. What is the right safety security co-engineering approach that would be suitable for automotive safety systems? Does AUTOSAR, the most popular automotive software platform, contain security gaps and how can they be addressed? Can an embedded HSM be leveraged as a security monitor to stop common attacks and maintain system safety? When an attack is detected, what is the proper response that harmonizes the security reaction with the safety constraints? And finally, can trust be established in a safety-critical system without violating its strict startup timing requirements? We start with a qualitative analysis of the safety and security co-engineering problem to derive the safety-driven approach to security. We then apply the approach to the AUTOSAR classic platform to uncover security gaps. Using a real automotive hardware environment, we construct security attacks against AUTOSAR and evaluate countermeasures. We then propose an HSM based security monitoring system and apply it against the popular CAN masquerading attack. Finally, we turn to the trust establishment problem in constrained devices and offer an accelerated secure boot method to improve the availability time by several factors. Overall, the security techniques and countermeasures presented in this work improve the security resilience of safety-critical automotive systems to enable future technologies that require strong security foundations. Our methods and proposed solutions can be adopted by other types of Cyber-Physical Systems that are concerned with securing safety.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/152321/1/Ahmad Nasser Final Thesis (1).pdfDescription of Ahmad Nasser Final Thesis (1).pdf : Dissertatio

Context-aware Security for Vehicles and Fleets: A Survey

Vehicles are becoming increasingly intelligent and connected. Interfaces for communication with the vehicle, such as WiFi and 5G, enable seamless integration into the user’s life, but also cyber attacks on the vehicle. Therefore, research is working on in-vehicle countermeasures such as authentication, access controls, or intrusion detection. Recently, legal regulations have also become effective that require automobile manufacturers to set up a monitoring system for fleet-wide security analysis. The growing amount of software, networking, and the automation of driving create new challenges for security. Context-awareness, situational understanding, adaptive security, and threat intelligence are necessary to cope with these ever-increasing risks. In-vehicle security should be adaptive to secure the car in an infinite number of (driving) situations. For fleet-wide analysis and alert triage, knowledge and understanding of the circumstances are required. Context-awareness, nonetheless, has been sparsely considered in the field of vehicle security. This work aims to be a precursor to context-aware, adaptive and intelligent security for vehicles and fleets. To this end, we provide a comprehensive literature review that analyzes the vehicular as well as related domains. Our survey is mainly characterized by the detailed analysis of the context information that is relevant for vehicle security in the future

Systematic Approaches for Telemedicine and Data Coordination for COVID-19 in Baja California, Mexico

Conference proceedings info: ICICT 2023: 2023 The 6th International Conference on Information and Computer Technologies Raleigh, HI, United States, March 24-26, 2023 Pages 529-542We provide a model for systematic implementation of telemedicine within a large evaluation center for COVID-19 in the area of Baja California, Mexico. Our model is based on human-centric design factors and cross disciplinary collaborations for scalable data-driven enablement of smartphone, cellular, and video Teleconsul-tation technologies to link hospitals, clinics, and emergency medical services for point-of-care assessments of COVID testing, and for subsequent treatment and quar-antine decisions. A multidisciplinary team was rapidly created, in cooperation with different institutions, including: the Autonomous University of Baja California, the Ministry of Health, the Command, Communication and Computer Control Center of the Ministry of the State of Baja California (C4), Colleges of Medicine, and the College of Psychologists. Our objective is to provide information to the public and to evaluate COVID-19 in real time and to track, regional, municipal, and state-wide data in real time that informs supply chains and resource allocation with the anticipation of a surge in COVID-19 cases. RESUMEN Proporcionamos un modelo para la implementación sistemática de la telemedicina dentro de un gran centro de evaluación de COVID-19 en el área de Baja California, México. Nuestro modelo se basa en factores de diseño centrados en el ser humano y colaboraciones interdisciplinarias para la habilitación escalable basada en datos de tecnologías de teleconsulta de teléfonos inteligentes, celulares y video para vincular hospitales, clínicas y servicios médicos de emergencia para evaluaciones de COVID en el punto de atención. pruebas, y para el tratamiento posterior y decisiones de cuarentena. Rápidamente se creó un equipo multidisciplinario, en cooperación con diferentes instituciones, entre ellas: la Universidad Autónoma de Baja California, la Secretaría de Salud, el Centro de Comando, Comunicaciones y Control Informático. de la Secretaría del Estado de Baja California (C4), Facultades de Medicina y Colegio de Psicólogos. Nuestro objetivo es proporcionar información al público y evaluar COVID-19 en tiempo real y rastrear datos regionales, municipales y estatales en tiempo real que informan las cadenas de suministro y la asignación de recursos con la anticipación de un aumento de COVID-19. 19 casos.ICICT 2023: 2023 The 6th International Conference on Information and Computer Technologieshttps://doi.org/10.1007/978-981-99-3236-

Multikonferenz Wirtschaftsinformatik (MKWI) 2016: Technische Universität Ilmenau, 09. - 11. März 2016; Band I

Übersicht der Teilkonferenzen Band I: • 11. Konferenz Mobilität und Digitalisierung (MMS 2016) • Automated Process und Service Management • Business Intelligence, Analytics und Big Data • Computational Mobility, Transportation and Logistics • CSCW & Social Computing • Cyber-Physische Systeme und digitale Wertschöpfungsnetzwerke • Digitalisierung und Privacy • e-Commerce und e-Business • E-Government – Informations- und Kommunikationstechnologien im öffentlichen Sektor • E-Learning und Lern-Service-Engineering – Entwicklung, Einsatz und Evaluation technikgestützter Lehr-/Lernprozess