Abstract
In this work, we conduct and discuss a consensus-based risk analysis for a novel architecture of a driverless and electric prototype vehicle. While well-established safety standards like ISO 26262 provide frameworks to systematically assess risks of hazardous operational situations, the automotive security field has emerged only in the last years. Today, SAE J3061 provides recommendations and high-level guiding principles of how to incorporate security into vehicle systems. ISO/SAE 21434 is a novel automotive security standard, which, however, is still under development. Therefore, we treat the aforementioned architecture as a single Industrial Automation and Control System (IACS) and provide an implementation of the IEC 62443 series. We collaboratively identify threats in a three-round process and define a scoring scheme for automotive risks. As a result, we obtain a tailored bundle of compensating security mechanisms. Based on our work, we suggest improvements for future automotive security standards when it comes to the co-engineering of safety and security.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
References
ISO 26262 Road vehicles - Functional Safety. Standard, International Organization for Standardization (2011)
Healing vulnerabilities to enhance software security and safety (HEAVENS) project (2016). https://research.chalmers.se/en/project/5809. Accessed 25 Feb 2020
SAE J3061 - Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Standard, Society of Automotive Engineers (2016)
ISA-62443 Security for Industrial Automation and Control Systems. Standard, International Society of Automaton (2017)
ISO/SAE DIS 21434:2020(E): Road vehicles - cybersecurity engineering (2020)
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, vol. 4, pp. 447–462 (2011)
Chen, V.Y., et al.: Fuzzy mcdm approach for selecting the best environment-watershed plan. Appl. Soft Comput. 11(1), 265–275 (2011)
Cho, K.T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: 25th USENIX Security Symposium, pp. 911–927 (2016)
El-Rewini, Z., et al.: Cybersecurity challenges in vehicular communications. Veh. Commun., 100214 (2019)
Henniger, O., et al.: Securing vehicular on-board IT systems: the Evita project. In: VDI/VW Automotive Security Conference, p. 41 (2009)
Kampmann, A., et al.: A dynamic service-oriented software architecture for highly automated vehicles. In: 2019 ITSC, pp. 2101–2108. IEEE (2019)
Keilhoff, D., et al.: UNICARagil – new architectures for disruptive vehicle concepts. 19. Internationales Stuttgarter Symposium. P, pp. 830–842. Springer, Wiesbaden (2019). https://doi.org/10.1007/978-3-658-25939-6_65
Kohnhäuser, F., et al.: Ensuring the safe and secure operation of electronic control units in road vehicles. In: 2019 IEEE Security and Privacy Workshops (SPW)
Mejri, M., et al.: Survey on VANET security challenges and possible cryptographic solutions. Veh. Commun. 1(2), 53–66 (2014)
Nie, S., Liu, L., Du, Y.: Free-fall: Hacking tesla from wireless to CAN bus, pp. 1–16. Briefing, Black Hat USA (2017)
Ben Othmane, L., et al.: Incorporating attacker capabilities in risk estimation and mitigation. Comput. Secur. 51, 41–61 (2015)
Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transp. Syst. 16(2), 546–556 (2014)
Püllen, D., et al.: Using implicit certification to efficiently establish authenticated group keys for in-vehicle networks. In: 2019 IEEE VNC, pp. 1–8 (2019)
Putra, D.W.T., Punggara, A.A.: Comparison analysis of Simple Additive Weighting (SAW) and weigthed product (WP) in decision support systems, p. 01003 (2018)
Schmittner, C., Ma, Z., Reyes, C., Dillinger, O., Puschner, P.: Using SAE J3061 for automotive security requirement engineering. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 157–170. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45480-1_13
Shevchenko, N., Chick, T.A., O’Riordan, P., Scanlon, T.P., Woody, C.: Threat modeling: a summary of available methods, July 2018
U.S. DoT: Revised departmental guidance 2016: Treatment of the value of preventing fatalities and injuries in preparing economic analyses (2016)
Verma, K., et al.: Prevention of DoS attacks in VANET. Wireless Pers. Commun. 73(1), 95–126 (2013)
Woopen, T., et al.: UNICARagil-disruptive modular architectures for agile, automated vehicle concepts. Aachener Kolloquium GbR (2018)
Yan, C., Xu, W., Liu, J.: Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. DEF CON 24 (2016)
Acknowledgement
This work has been accomplished within the project “UNICARagil” (FKZ 16EMO0392). We acknowledge the financial support for the project by the Federal Ministry of Education and Research of Germany (BMBF). We also thank the Security Engineering Group for their support in assessing, scoring, and ranking security parameters.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Püllen, D., Anagnostopoulos, N., Arul, T., Katzenbeisser, S. (2020). Safety Meets Security: Using IEC 62443 for a Highly Automated Road Vehicle. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2020. Lecture Notes in Computer Science(), vol 12234. Springer, Cham. https://doi.org/10.1007/978-3-030-54549-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-54549-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54548-2
Online ISBN: 978-3-030-54549-9
eBook Packages: Computer ScienceComputer Science (R0)