ThreatSurf: A method for automated Threat Surface assessment in automotive cybersecurity engineering

Zelle, Daniel; Plappert, Christian; Rieke, Roland; Scheuermann, Dirk; Krauß, Christoph

doi:10.1016/j.micpro.2022.104461

Cited by 14 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The potential for cyber attacks on vehicles, infrastructure, and autonomous networks has already yielded some protective actions: situation reviews (Chen et al, 2022;Sharma and Gillanders, 2022), policy recommendations (Girdhar et al, 2022;Khan et al, 2022;Kukkala et al, 2022;Benyahya et al, 2023), honey-pots (Panda et al, 2022;Anastasiadis et al, 2023;Baldo et al, 2023), and attack detection (Chen et al, 2021;Zelle et al, 2022;Zhang et al, 2023). This activity demonstrates a high level of concern for the cybersecurity of vehicles, infrastructure, and autonomous vehicles.…”

Section: Security Considerationsmentioning

confidence: 99%

Key parameters linking cyber-physical trust anchors with embedded internet of things systems

Maasberg,

Butler,

Taylor

2023

Front. Comms. Net.

View full text Add to dashboard Cite

Integration of the Internet of Things (IoT) in the automotive industry has brought benefits as well as security challenges. Significant benefits include enhanced passenger safety and more comprehensive vehicle performance diagnostics. However, current onboard and remote vehicle diagnostics do not include the ability to detect counterfeit parts. A method is needed to verify authentic parts along the automotive supply chain from manufacture through installation and to coordinate part authentication with a secure database. In this study, we develop an architecture for anti-counterfeiting in automotive supply chains. The core of the architecture consists of a cyber-physical trust anchor and authentication mechanisms connected to blockchain-based tracking processes with cloud storage. The key parameters for linking a cyber-physical trust anchor in embedded IoT include identifiers (i.e., serial numbers, special features, hashes), authentication algorithms, blockchain, and sensors. A use case was provided by a two-year long implementation of simple trust anchors and tracking for a coffee supply chain which suggests a low-cost part authentication strategy could be successfully applied to vehicles. The challenge is authenticating parts not normally connected to main vehicle communication networks. Therefore, we advance the coffee bean model with an acoustical sensor to differentiate between authentic and counterfeit tires onboard the vehicle. The workload of secure supply chain development can be shared with the development of the connected autonomous vehicle networks, as the fleet performance is degraded by vehicles with questionable replacement parts of uncertain reliability.

show abstract

Section: Security Considerationsmentioning

confidence: 99%

Key parameters linking cyber-physical trust anchors with embedded internet of things systems

Maasberg,

Butler,

Taylor

2023

Front. Comms. Net.

View full text Add to dashboard Cite

show abstract

“…As V2X communication technology continues to evolve, vehicles have more and more interfaces with the external world, leading to more entry points for cyberattacks. The expansion of the attack surface leads to an increasing probability of attacks on in-vehicle systems as well [ 4 ]. According to the Global Automotive Cybersecurity Report [ 5 ] released by Upstream Security in 2023, the complexity of attacks targeting vehicles continues to rise, with 97% of these attacks being initiated remotely.…”

Section: Introductionmentioning

confidence: 99%

Complying with ISO 26262 and ISO/SAE 21434: A Safety and Security Co-Analysis Method for Intelligent Connected Vehicle

Li,

Liu,

Liu

et al. 2024

Sensors

View full text Add to dashboard Cite

A cyber-physical system (CPS) integrates communication and automation technologies into the operational processes of physical systems. Nowadays, as a complex CPS, an intelligent connected vehicle (ICV) may be exposed to accidental functional failures and malicious attacks. Therefore, ensuring the ICV’s safety and security is crucial. Traditional safety/security analysis methods, such as failure mode and effect analysis and attack tree analysis, cannot provide a comprehensive analysis for the interactions between the system components of the ICV. In this work, we merge system-theoretic process analysis (STPA) with the concept phase of ISO 26262 and ISO/SAE 21434. We focus on the interactions between components while analyzing the safety and security of ICVs to reduce redundant efforts and inconsistencies in determining safety and security requirements. To conquer STPA’s abstraction in describing causal scenarios, we improved the physical component diagram of STPA-SafeSec by adding interface elements. In addition, we proposed the loss scenario tree to describe specific scenarios that lead to unsafe/unsecure control actions. After hazard/threat analysis, a unified risk assessment process is proposed to ensure consistency in assessment criteria and to streamline the process. A case study is implemented on the autonomous emergency braking system to demonstrate the validation of the proposed method.

show abstract

Low-Cost Home Intrusion Detection System: Attacks and Mitigations

Alblooshi¹,

Alhammadi²,

Alsuwaidi³

et al. 2022

International Conference on Information Systems and Intelligent Applications

View full text Add to dashboard Cite

ThreatSurf: A method for automated Threat Surface assessment in automotive cybersecurity engineering

Cited by 14 publications

References 4 publications

Key parameters linking cyber-physical trust anchors with embedded internet of things systems

Key parameters linking cyber-physical trust anchors with embedded internet of things systems

Complying with ISO 26262 and ISO/SAE 21434: A Safety and Security Co-Analysis Method for Intelligent Connected Vehicle

Low-Cost Home Intrusion Detection System: Attacks and Mitigations

Contact Info

Product

Resources

About