Automotive System Security: Recent Advances and Challenges

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Applications".

Deadline for manuscript submissions: 31 May 2024 | Viewed by 21884

Special Issue Editors


E-Mail Website
Guest Editor
Cyber Security, Computer Science Department, Swansea University, Swansea SA1 8EN, UK
Interests: cybersecurity; harmonizing safety and security; automated vehicles; complex system design; process improvement; cross-disciplinary research

E-Mail Website
Guest Editor
Centre for Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK
Interests: cybersecurity; automated and autonomous vehicles; cyber-physical systems; formal verification; threat analysis and risk assessment; systems of systems

E-Mail Website
Guest Editor
Centre for Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK
Interests: vehicular ad hoc networks; trust management; cyber security; automotive security; secure cooperative intelligent transportation systems; cellular communication
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Automotive systems include a wide variety of systems ranging from in-vehicle systems, such as driving automation and infotainment systems, to vehicle-to-everything (V2X) systems, intelligent transportation systems (ITS), and over-the-air (OTA) update systems, among others.

The increase in the connectivity of vehicles and automation of driving functions are expected to bring numerous benefits to individuals and wider society. However, these technologies will create new security concerns, such as threats to vehicle users’ and mobility operators’ privacy and finances, and safety of vehicle occupants and other road users.

The purpose of this Special Issue is to deepen our understanding of the recent challenges and the advances in automotive system security. We look forward to receiving papers not only from the automotive security (both physical and cybersecurity) area, but other related areas as well, such as the relationship and inter-dependencies between security and safety, the relationship between security and trust, and ethical and legal aspects of automotive security.

Dr. Giedre Sabaliauskaite
Dr. Jeremy Bryans
Dr. Farhan Ahmad
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Physical security of automotive systems
  • Cybersecurity of automotive systems
  • ITS security
  • V2X security
  • Inter-dependencies between automotive system security and safety
  • Relationship between automotive system security and trust
  • Ethical and legal aspects of automotive security
  • Security issues of emerging transportation systems
  • Privacy concerns within the automotive systems
  • Novel trust models for ITS
  • Security of cellular networks (4G, 5G, and beyond) based on ITS
  • Integration of human factors within ITS

Published Papers (7 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review, Other

25 pages, 1334 KiB  
Article
Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis
by Jeremy Bryans, Lin Shen Liew, Hoang Nga Nguyen, Giedre Sabaliauskaite and Siraj Ahmed Shaikh
Information 2023, 14(9), 481; https://doi.org/10.3390/info14090481 - 29 Aug 2023
Cited by 1 | Viewed by 1219
Abstract
Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees [...] Read more.
Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

28 pages, 837 KiB  
Article
THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity
by Sebastian Chlup, Korbinian Christl, Christoph Schmittner, Abdelkader Magdy Shaaban, Stefan Schauer and Martin Latzenhofer
Information 2023, 14(1), 14; https://doi.org/10.3390/info14010014 - 27 Dec 2022
Cited by 4 | Viewed by 3740
Abstract
The automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attackers if [...] Read more.
The automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attackers if not secured thoroughly. Thus, the automotive sector is exposed to new cyber risk factors. Consequently, joint approaches targeting securing vehicles and infrastructure by identifying and mitigating potential threats for the automotive domain have been developed in several research projects. This paper builds on developments originating from these projects and correlated standards and regulations. Moreover, the extension of an existing threat modeling tool—THREATGET—with a novel automated approach toward attack propagation will be introduced. Therefore, we will conduct an analysis of a real-world example from the automotive domain. Furthermore, we will identify and analyze potential threats and discuss their accumulation to automatically generate an attack tree. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

34 pages, 1541 KiB  
Article
Cybersecurity Comparison of Brain-Based Automotive Electrical and Electronic Architectures
by Nadera Sultana Tany, Sunish Suresh, Durgesh Nandan Sinha, Chinmay Shinde, Cristina Stolojescu-Crisan and Rahamatullah Khondoker
Information 2022, 13(11), 518; https://doi.org/10.3390/info13110518 - 31 Oct 2022
Cited by 4 | Viewed by 3455
Abstract
Modern autonomous vehicles with an electric/electronic (E/E) architecture represent the next big step in the automation and evolution of smart and self-driving vehicles. This technology is of significant interest nowadays and humans are currently witnessing the development of the different levels of automation [...] Read more.
Modern autonomous vehicles with an electric/electronic (E/E) architecture represent the next big step in the automation and evolution of smart and self-driving vehicles. This technology is of significant interest nowadays and humans are currently witnessing the development of the different levels of automation for their vehicles. According to recent demand, the components of smart vehicles are centrally or zonally connected, as well as connected to clouds to ensure the seamless automation of driving functions. This necessity has a downside, as it makes the system vulnerable to malicious attacks from hackers with unethical motives. To ensure the control, safety, and security of smart vehicles, attaining and upholding automotive cybersecurity standards is inevitable. The ISO/SAE 21434 Road vehicle—Cybersecurity engineering standard document was published in 2021 and can be considered the Bible of automotive cybersecurity. In this paper, a comparison between four different E/E architectures was made based on the aforementioned standard. One of them is the traditional distributed architecture with many electronic control units (ECUs). The other three architectures consist of centralized or zonally distributed high-performance computers (HPCs). As the complexity of autonomous E/E systems are on the rise, the traditional distributive method is compared against the HPC (brain)-based architectures to visualize a comparative scenario between the architectures. The authors of this paper analyzed the threats and damage scenarios of the architectures using the ISO/SAE 21434 standard, “Microsoft Threat Analysis Tool - STRIDE”, TARA, and “Ansys Medini Analyze”. Security controls are recommended to mitigate the threats and risks in all of these studied architectures. This work attempted to mitigate the gap in the scholarly literature by creating a comparative image of the E/E architectures on a generalized level. The exploratory method of this research provides the reader with knowledge on four different architecture types, their fundamental properties, advantages, and disadvantages along with a general overview of the threats and vulnerabilities associated with each in light of the ISO/SAE 21434 standard. The improvement possibilities of the studied architectures are provided and their advantages and disadvantages are highlighted herein. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

19 pages, 1999 KiB  
Article
A New Multivariate Approach for Real Time Detection of Routing Security Attacks in VANETs
by Souad Ajjaj, Souad El Houssaini, Mustapha Hain and Mohammed-Alamine El Houssaini
Information 2022, 13(6), 282; https://doi.org/10.3390/info13060282 - 31 May 2022
Cited by 9 | Viewed by 1772
Abstract
Routing security attacks in Vehicular Ad hoc Networks (VANETs) represent a challenging issue that may dramatically decrease the network performances and even cause hazardous damage in both lives and equipment. This study proposes a new approach named Multivariate Statistical Detection Scheme (MVSDS), capable [...] Read more.
Routing security attacks in Vehicular Ad hoc Networks (VANETs) represent a challenging issue that may dramatically decrease the network performances and even cause hazardous damage in both lives and equipment. This study proposes a new approach named Multivariate Statistical Detection Scheme (MVSDS), capable of detecting routing security attacks in VANETs based on statistical techniques, namely the multivariate normality tests (MVN). Our detection approach consists of four main stages: first, we construct the input data by monitoring the network traffic in real time based on multiple metrics such as throughput, dropped packets ratio, and overhead traffic ratio. Secondly, we normalize the collected data by applying three different rescaling techniques, namely the Z-Score Normalization (ZSN), the Min-Max Normalization (MMN), and the Normalization by Decimal Scaling (NDS). The resulting data are modeled by a multivariate dataset sampled at different times used as an input by the detection step. The next step allows separating legitimate behavior from malicious one by continuously verifying the conformity of the dataset to the multivariate normality assumption by applying the Rao–Ali test combined with the Ryan–Joiner test. At the end of this step, the Ryan–Joiner correlation coefficient (R–J) is computed at various time windows. The measurement of this coefficient will allow identifying an attacker’s presence whenever this coefficient falls below a threshold corresponding to the normal critical values. Realistic VANET scenarios are simulated using SUMO (Simulation of Urban Mobility) and NS-3 (network simulator). Our approach implemented in the Matlab environment offers a real time detection scheme that can identify anomalous behavior relying on multivariate data. The proposed scheme is validated in different scenarios under routing attacks, mainly the black hole attack. As far as we know, our proposed approach unprecedentedly employed multivariate normality tests to attack detection in VANETs. It can further be applied to any VANET routing protocol without making any additional changes in the routing algorithm. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

24 pages, 602 KiB  
Article
Finding Optimal Moving Target Defense Strategies: A Resilience Booster for Connected Cars
by Maxime Ayrault, Ulrich Kühne and Étienne Borde
Information 2022, 13(5), 242; https://doi.org/10.3390/info13050242 - 9 May 2022
Viewed by 1923
Abstract
During their life-cycle, modern connected cars will have to face various and changing security threats. As for any critical embedded system, security fixes in the form of software updates need to be thoroughly verified and cannot be deployed on a daily basis. The [...] Read more.
During their life-cycle, modern connected cars will have to face various and changing security threats. As for any critical embedded system, security fixes in the form of software updates need to be thoroughly verified and cannot be deployed on a daily basis. The system needs to commit to a defense strategy, while attackers can examine vulnerabilities and prepare possible exploits before attacking. In order to break this asymmetry, it can be advantageous to use proactive defenses, such as reconfiguring parts of the system configuration. However, resource constraints and losses in quality of service need to be taken into account for such Moving Target Defenses (MTDs). In this article, we present a game-theoretic model that can be used to compute an optimal MTD defense for a critical embedded system that is facing several attackers with different objectives. The game is resolved using off-the-shelf MILP solvers. We validated the method with an automotive use case and conducted extensive experiments to evaluate its scalability and stability. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

Review

Jump to: Research, Other

43 pages, 1060 KiB  
Review
Formal Methods and Validation Techniques for Ensuring Automotive Systems Security
by Moez Krichen
Information 2023, 14(12), 666; https://doi.org/10.3390/info14120666 - 18 Dec 2023
Viewed by 3006
Abstract
The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims [...] Read more.
The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims to provide a comprehensive overview of the current state-of-the-art formal methods and validation techniques employed in the automotive industry for system security. The paper begins by discussing the challenges associated with automotive system security and the potential consequences of security breaches. Then, it explores various formal methods, such as model checking, theorem proving, and abstract interpretation, which have been widely used to analyze and verify the security properties of automotive systems. Additionally, the survey highlights the validation techniques employed to ensure the effectiveness of security measures, including penetration testing, fault injection, and fuzz testing. Furthermore, the paper examines the integration of formal methods and validation techniques within the automotive development lifecycle, including requirements engineering, design, implementation, and testing phases. It discusses the benefits and limitations of these approaches, considering factors such as scalability, efficiency, and applicability to real-world automotive systems. Through an extensive review of relevant literature and case studies, this survey provides insights into the current research trends, challenges, and open research questions in the field of formal methods and validation techniques for automotive system security. The findings of this survey can serve as a valuable resource for researchers, practitioners, and policymakers involved in the design, development, and evaluation of secure automotive systems. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

Other

Jump to: Research, Review

41 pages, 4505 KiB  
Systematic Review
Artificial Intelligence and Software Modeling Approaches in Autonomous Vehicles for Safety Management: A Systematic Review
by Shirin Abbasi and Amir Masoud Rahmani
Information 2023, 14(10), 555; https://doi.org/10.3390/info14100555 - 11 Oct 2023
Cited by 4 | Viewed by 4994
Abstract
Autonomous vehicles (AVs) have emerged as a promising technology for enhancing road safety and mobility. However, designing AVs involves various critical aspects, such as software and system requirements, that must be carefully addressed. This paper investigates safety-aware approaches for AVs, focusing on the [...] Read more.
Autonomous vehicles (AVs) have emerged as a promising technology for enhancing road safety and mobility. However, designing AVs involves various critical aspects, such as software and system requirements, that must be carefully addressed. This paper investigates safety-aware approaches for AVs, focusing on the software and system requirements aspect. It reviews the existing methods based on software and system design and analyzes them according to their algorithms, parameters, evaluation criteria, and challenges. This paper also examines the state-of-the-art artificial intelligence-based techniques for AVs, as AI has been a crucial element in advancing this technology. This paper reveals that 63% of the reviewed studies use various AI methods, with deep learning being the most prevalent (34%). The article also identifies the current gaps and future directions for AV safety research. This paper can be a valuable reference for researchers and practitioners on AV safety. Full article
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)
Show Figures

Figure 1

Back to TopTop