Abstract
With the ever-increasing degree of inter-connectivity inside vehicles and the emergence of self-driving capabilities, security has become a critical demand since, without proper consideration, adversaries may become capable to remotely control vehicles endangering the life of occupants and bystanders. While several cybersecurity standards have recently emerged, such as the ISO 21434, the secure design of various automotive components is still challenging. In this chapter we make an in-depth analysis of the Autonomous Emergency Braking (AEB) system, i.e., a system designed to avoid collisions between the car and objects in front of it, having security objectives in mind. We make a careful evaluation of adversarial actions, that is, the manipulation of various sensor data and commands that are sent over CAN buses and we follow the ISO 21434 to reach concrete cyber-security goals regarding the system. We account for various types of attacks, ranging from the more conspicuous fuzzy or DoS attacks, to less visible stealthy attacks that induce small biases in the system to evade detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
https://nl.mathworks.com/help/driving/ug/autonomous-emergency-braking-with-sensor-fusion.html
References
Addendum 154 – UN regulation no. 155: uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system (2021)
AUTOSAR: Specification of intrusion detection system protocol, r20–11 edition (2020)
AUTOSAR. Specification of secure onboard communication, r20–11 edition (2020). No. 654
Ben Othmane, L., Ranchal, R., Fernando, R., Bhargava, B., Bodden, E.: Incorporating attacker capabilities in risk estimation and mitigation. Comput. Secur. 51, 41–61 (2015)
Brandt, T., Tamisier, T.: The future connected car–safely developed thanks to Unece Wp. 29? In: 21 Internationales Stuttgarter Symposium, pp. 461–473. Springer, Berlin (2021)
Brown, M.: Addressing the challenges of a sector in transformation and preparing to meet new cyber compliance requirements (ISO/SAE 21434). BSI Group (2022)
Cárdenas, A.A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366 (2011)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX Security Symposium (USENIX Security 11) (2011)
Gautham, S., Jayakumar, A.V., Elks, C.: Multilevel runtime security and safety monitoring for cyber physical systems using model-based engineering. In: International Conference on Computer Safety, Reliability, and Security, pp. 193–204. Springer, Berlin (2020)
Groza, B., Murvay, P.-S.: Efficient intrusion detection with bloom filtering in controller area networks. IEEE Trans. Inf. Forens. Secur. 14(4), 1037–1051 (2018)
Groza, B., Gurban, H.-E., Murvay, P.-S.: Designing security for in-vehicle networks: a body control module (BCM) centered viewpoint. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), pp. 176–183. IEEE, Piscataway (2016)
Gurban, E.H., Groza, B., Murvay, P.-S.: Risk assessment and security countermeasures for vehicular instrument clusters. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 223–230. IEEE, Piscataway (2018)
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications,(ITST), pp. 641–646. IEEE, Piscataway (2009)
Islam, R., Refat, R.U.D., Yerram, S.M., Malik, H.: Graph-based intrusion detection system for controller area networks. IEEE Trans. Intell. Transp. Syst. 23, 1727–1736 (2020)
ISO/IEC, ISO/SAE DIS 21434 - Road Vehicles - Cybersecurity Engineering, International Organization for Standardization, Geneva, Switzerland (2021)
Jichici, C., Groza, B., Ragobete, R., Murvay, P.-S., Andreica, T.: Effective intrusion detection and prevention for the commercial vehicle sae j1939 can bus. IEEE Trans. Intell. Transp. Syst. 23, 17425–17439 (2022)
Kapoor, P., Vora, A., Kang, K.-D.: Detecting and mitigating spoofing attack against an automotive radar. In: 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall), pp. 1–6. IEEE, Piscataway (2018)
Macher, G., Schmittner, C., Veledar, O., Brenner, E.: ISO/SAE DIS 21434 automotive cybersecurity standard-in a nutshell. In: International Conference on Computer Safety, Reliability, and Security, pp. 123–135. Springer, Berlin (2020)
Mader, R., Winkler, G., Reindl, N.: Thomas amd Pandya. The car’s electronic architecture in motion: the coming transformation. In: 42nd International Vienna Motor Symposium (2021)
Marchetti, M., Stabili, D., Guido, A., Colajanni, M.: Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. In: 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a Better Tomorrow (RTSI), pp. 1–6. IEEE, Piscataway (2016)
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015(S 91) (2015)
Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115. IEEE, Piscataway (2011)
Narayanan, S.N., Mittal, S., Joshi, A.: Obd_securealert: an anomaly detection system for vehicles. In: 2016 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–6. IEEE, Piscataway (2016)
Nassi, B., Mirsky, Y., Nassi, D., Ben-Netanel, R., Drokin, O., Elovici, Y.: Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks, pp. 293–308. Association for Computing Machinery, New York (2020)
Nie, S., Liu, L., Du, Y.: Free-fall: hacking tesla from wireless to can bus. Brief. Black Hat USA 25, 1–16 (2017)
Plappert, C., Zelle, D., Gadacz, H., Rieke, R., Scheuermann, D., Krauß, C.: Attack surface assessment for cybersecurity engineering in the automotive domain. In: 2021 29th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 266–275. IEEE, Piscataway (2021)
Püllen, D., Liske, J., Katzenbeisser, S.: ISO/SAE 21434-based risk assessment of security incidents in automated road vehicles. In: International Conference on Computer Safety, Reliability, and Security, pp. 82–97. Springer, Berlin (2021)
Razikin, K., Soewito, B.: Cybersecurity decision support model to designing information technology security system based on risk analysis and cybersecurity framework. Egypt. Inf. J. 23, 383–404 (2022)
Sato, T., Shen, J., Wang, N., Jia, Y., Lin, X., Chen, Q.A.: Dirty road can attack: security of deep learning based automated lane centering under {Physical-World} attack. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3309–3326 (2021)
Schmittner, C., Schrammel, B., König, S.: Asset driven ISO/SAE 21434 compliant automotive cybersecurity analysis with threatget. In: European Conference on Software Process Improvement, pp. 548–563. Springer, Berlin (2021)
Studnia, I., Alata, E., Nicomette, V., Kaâniche, M., Laarouchi, Y.: A language-based intrusion detection approach for automotive embedded networks. Int. J. Embed. Syst. 10(1), 1–12 (2018)
Sun, J., Cao, Y., Chen, Q.A., Mao, Z.M.: Towards robust {LiDAR-based} perception in autonomous driving: general black-box adversarial sensor attack and countermeasures. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 877–894 (2020)
Test protocol – AEB VRU systems, version 3.0.3. In: Vulnerable Road User (VRU) Protection. Euro NCAP (2020)
Wang, Y., Wang, Y., Qin, H., Ji, H., Zhang, Y., Wang, J.: A systematic risk assessment framework of automotive cybersecurity. Autom. Innov. 4(3), 253–261 (2021)
Yan, C., Xu, Z., Yin, Z., Ji, X., Xu, W.: Rolling colors: adversarial laser exploits against traffic light recognition. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston (2022)
Zhou, C., Yan, Q., Shi, Y., Sun, L.: DoubleStar: long-range attack towards depth estimation based obstacle avoidance in autonomous systems. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Berdich, A., Groza, B. (2023). Secure by Design Autonomous Emergency Braking Systems in Accordance with ISO 21434. In: Kukkala, V.K., Pasricha, S. (eds) Machine Learning and Optimization Techniques for Automotive Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-031-28016-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-28016-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28015-3
Online ISBN: 978-3-031-28016-0
eBook Packages: EngineeringEngineering (R0)