Since modern vehicles are connected and their transport processes are strongly supported by different automated functions, malicious external interventions can impair safety integrity. Therefore, it seems to be critically important in the future to introduce safety and security co-engineering approaches in the automotive industry.

Automotive safety and security related development of co-engineering methodology and validation framework are of key importance from the viewpoint of autonomous transportation.

With the advent of cyber-physical (systems of) systems, new challenges for safety and security arise. Especially in the context of autonomous driving we are currently facing a complex environment, where security problems can easily result in safety-relevant issues, and vice versa. There have been multiple approaches in the past to combine the approaches from safety and security best practices into a combined view, all with their individual challenges.

To bridge the gap between the two separated domains the Safety and Security Research group at BME, Department of Automotive Technologies, the Fachhochschule Campus Wien together with the ZalaZONE Automotive Proving Ground proposed a fully integrated approach, combining safety with security and modeling their complex interactions. In this work we started by giving a thorough definition of the basic terms and concepts used in safety and security, in order to identify similarities and differences. We then proposed and outline a combined view on the safety and security causal chains and define their interdependencies.

At the same time, BME, Department of Automotive Technologies and ZalaZONE Automotive Proving Ground have set up a working group to support the necessary methodological background for cybersecurity-related validation processes for the automotive industry. The objective of this cooperation was to reconsider safety integrity levels in the automotive industry related to the field of cyber-security. Following this, we provided a comprehensive structure of integrity levels that serves the safety requirements of nowadays new cybersecurity challenges.

Fig 2. Horizontal components of C-SIL framework involve the security integrity of private data(PR-S), the security integrity of public data (PU-S), and the safety and security integrity of national systems (NS). Columns of the table contain classes of treat ability and detectability. [2]

‍

Beyond this, due to the increasing number of automotive industry related cyber incidents, our research group introduced a comprehensive cybersecurity reference model to provide a solid basis for describing attack patterns and characterizing malicious intervention profiles regarding complex transportation systems.

Fig. 3. Reference space of cybersecurity incident characterization. Where: S axis represents the spatial relationship of the attacker and the target, including: a)   direct local b)   indirect, local and c)   indirect, remote attacks. T axis represents the time and periodic aspects of the incident, including: D) the attacker targets to influence a data describing a process in the past E) the attacker targets to influence a data describing a process in the present  F) the attacker targets to influence a data describing a process in the future I) the perpetrator performs the attack through a single intervention II) the perpetrator performs the attack through multiple interventions III) the perpetrator performs the attack through a continuous intervention. C axis represents the considered components of the transport system: INF) the transport infrastructure VEH) the moving unit of the system PROD) the manufacturer of the system components. [3]

‍

Furthermore, our research group developed a new approach for describing and measuring the vulnerability of in-vehicle networks regarding cyberattacks. Cyberattacks targeting in-vehicle networks can result in a reasonable threat considering passenger safety. Unlike previous research studies, our methodology focused on a comparatively large sample of vehicle networks (114 objects) by proposing a new framework of statistical techniques for measuring, classifying, and modeling in-vehicle networks concerning the changed vulnerability, instead of dealing with each vehicle network individually. To facilitate understanding of the vulnerability patterns of in-vehicle networks, the dataset has been evaluated through three analytic stages: vulnerability identification, classification, and modeling. The result has helped in ranking vehicles based on their network vulnerability level. The result of the modeling has shown that every additional remote endpoint installation causes a relevant weakening in security. Higher cost vehicles have also appeared to be more vulnerable to cyberattacks, while the increase in the number of segmented network domains has had a positive effect on network security.

In the further, our research group will focus on complex test and validation solutions related to in-vehicle networks, especially considering cybersecurity vulnerabilities of automotive systems.

On the other, hand we would like to introduce the scenario-based testing approach of cybersecurity vulnerabilities which can make it possible to investigate the realistic effects of a malicious intervention targeting real-time operating vehicular systems.

‍

In addition to internal vehicle network attacks, we consider the domain of wireless channels using state-of-the-art V2X hardware and software tools outstandingly important. Accordingly, the analysis, evaluation, and countermeasures related to V2X communication solutions are of great scientific interest to Safety and Security Research group.

For example, DSRC communication based on the 802.11p standard involves a number of vulnerabilities that can be exploited remotely by experienced hackers. To mitigate these, our research team is working on methods that take into account the impact of a cyberattack on vehicle safety.

References

1. Koschuch, M., Sebron, W., Szalay, Z., Török, Á., Tschiürtz, H., & Wahl, I. (2019, November). Safety & Security in the Context of Autonomous Driving. In 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE) (pp. 1-7). IEEE.

2. Török, Á., Szalay, Z., & Sághi, B. (2020). New Aspects of Integrity Levels in Automotive Industry-Cybersecurity of Automated Vehicles. IEEE Transactions on Intelligent Transportation Systems.

3. Obaid, M., Szalay, Z., Török, Á.  (2020). Reconsidering the Cybersecurity Framework in the Road Transportation Domain. Acta Polytechnica Hungarica, 17(9).

4. M., Sali, Á., Szalay, Z., & Török, Á. (2020). A new methodology for analyzing vehicle network topologies for critical hacking. Journal of Ambient Intelligence and Humanized Computing, 1-12.

5. EFFECTIVE ANOMALY INTRUSION DETECTION SYSTEMS BASED ON MACHINE LEARNING METHODS IN VEHICULAR NETWORK (Zsombor PETHŐ, Dr. Máté ZÖLDY, Dr. Árpád TÖRÖK)

‍