ccelerate your journey of securing safety-critical automotive systems through practical and standard-compliant methods
Key Features
Understand how automotive systems can become vulnerable to cyberattacks
Apply security controls to all vehicle layers for mitigating cybersecurity risks
Find out how systematic secure engineering mitigates cyber risks while ensuring compliance
Purchase of the print or Kindle book includes a free PDF eBook
Book Description
Replete with exciting challenges, automotive cybersecurity is an emerging domain, and cybersecurity is a foundational enabler for current and future connected vehicle features. This book addresses the severe talent shortage faced by the industry in meeting the demand for building cyber-resilient systems by consolidating practical topics on securing automotive systems to help automotive engineers gain a competitive edge.
The book begins by exploring present and future automotive vehicle architectures, along with relevant threats and the skills essential to addressing them. You’ll then explore cybersecurity engineering methods, focusing on compliance with existing automotive standards while making the process advantageous. The chapters are designed in a way to help you with both the theory and practice of building secure systems while considering the cost, time, and resource limitations of automotive engineering. The concluding chapters take a practical approach to threat modeling automotive systems and teach you how to implement security controls across different vehicle architecture layers.
By the end of this book, you'll have learned effective methods of handling cybersecurity risks in any automotive product, from single libraries to entire vehicle architectures.
What you will learn
Get to grips with present and future vehicle networking technologies
Explore basic concepts for securing automotive systems
Discover diverse approaches to threat modeling of systems
Conduct efficient threat analysis and risk assessment (TARA) for automotive systems using best practices
Gain a comprehensive understanding of ISO/SAE 21434's cybersecurity engineering approach
Implement cybersecurity controls for all vehicle life cycles
Master ECU-level cybersecurity controls
Who this book is for
If you’re an engineer wondering where to get started in the field of automotive cybersecurity or trying to understand which security standards apply to your product and how, then this is the book for you. This book is also for experienced engineers looking for a practical approach to automotive cybersecurity development that can be achieved within a reasonable time frame while leveraging established safety and quality processes. Familiarity with basic automotive development processes across the V-model will help you make the most of this book.
Author(s): Dr. Ahmad MK Nasser
Publisher: Packt Publishing Pvt Ltd
Year: 2023
Language: English
Pages: 393
Automotive Cybersecurity Engineering Handbook
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
Part 1:Understanding the Cybersecurity Relevance of the Vehicle Electrical Architecture
1
Introducing the Vehicle Electrical/Electronic Architecture
Overview of the basic building blocks of the E/E architecture
Electronic control units
Looking at MCU-based ECUs
Looking at SoC-based ECUs
Looking inside the MCU and SoC software layers
ECU domains
Fuel-based powertrain domain
Electric drive powertrain domain
Chassis safety control domain
Interior cabin domain
Infotainment and connectivity domain
Cross-domain
Exploring the in-vehicle network
CAN
FlexRay
LIN
UART
SENT
GMSL
I2C
Ethernet
J1939
Sensors and actuators
Sensor types
Actuators
Exploring the vehicle architecture types
Highly distributed E/E architecture
Domain-centralized E/E architecture
Zone architecture
Commercial truck architecture types
Summary
Answers to discussion points
Further reading
2
Cybersecurity Basics for Automotive Use Cases
Exploring the attack classes
Passive attacks
Active attacks
Identifying security objectives
Integrity
Authenticity
Confidentiality
Accountability
Availability
Cryptography applied to automotive use cases
Building blocks
One-way hash functions
Message authentication code algorithms
Random number generators
Public key cryptography
Key management
NIST defined security strength
Chinese cryptography
PQC algorithms
Security principles
Defense in depth
Domain separation
Least privilege
Least sharing
Mediated access
Protective defaults
Anomaly detection
Distributed privilege
Hierarchical protection and zero trust
Minimal trusted elements
Least persistence
Protective failure
Continuous protection
Redundancy
Use of standardized cryptography
Summary
Further reading
3
Threat Landscape against Vehicle Components
Threats against external vehicle interfaces
Backend-related threats
Connectivity threats
Threats against the E/E topology
Highly distributed E/E architecture
Domain-centralized E/E architecture
Central vehicle computer architecture
Threats against in-vehicle networks
CAN
FlexRay
Ethernet
The Unified Diagnostic Services (UDS) protocol
SAE J1939 protocols
SAE J2497 (PLC4TRUCKS)
Threats against sensors
Common ECU threats
Debug ports
Flash programming
Power and mode manipulation
Tampering with machine learning algorithms
Software attacks
Disclosure and tampering of cryptographic keys
Summary
References
Part 2: Understanding the Secure Engineering Development Process
4
Exploring the Landscape of Automotive Cybersecurity Standards
Primary standards
UNECE WP.29
Chinese regulation and standardization
Secondary standards
IATF 16949:2016
Automotive SPICE (ASPICE)
Trusted Information Security Assessment Exchange (TISAX)
SAE J3101 – hardware-protected security for ground vehicles
Coding and software standards
NIST cryptographic standards
Supporting standards and resources
MITRE Common Weakness Enumeration (CWE)
US DoT NHTSA Cybersecurity Best Practices for the Safety of Modern Vehicles
ENISA good practices for the security of smart cars
SAE J3061 – cybersecurity guidebook for cyber-physical vehicle systems
ISO/IEC 27001
NIST SP 800-160
Uptane
Summary
References
5
Taking a Deep Dive into ISO/SAE21434
Notations
At a glance – the ISO 21434 standard
Organizational cybersecurity management
Management systems
Intersection of cybersecurity with other disciplines
Tool management
Planning
Acquisition and integration of supplier components
Supplier capability assessment and the role of the CSIA
The concept phase
Item-level concept
Cybersecurity concept
Implications to component-level development
Design and implementation
Post-development requirements
Configuration and calibration
Weakness analysis
Unit implementation
Verification testing
Validation testing
Product release
Cybersecurity case
Cybersecurity assessment
Production planning
Operations and maintenance
Monitoring
Vulnerability analysis
Vulnerability management
Updates
End of life
Summary
6
Interactions Between Functional Safety and Cybersecurity
A tale of two standards
A unified versus integrated approach
Establishing a foundational understanding of functional safety and cybersecurity
Understanding the unique aspects and interdependencies between the two domains
Differences between safety and security scope
Differences in the level of interdependence between safety and security requirements
Conflict resolution
Extending the safety and quality supporting processes
Planning
Supplier management
Concept
Design
Implementation
Testing and validation
Release
Production
End of life
Creating synergies in the concept phase
Item functions
Item boundaries and operational environments
Damage scenarios and hazards
Safety and security goals
Safety and security requirements
Finding synergies and conflicts in the design phase
Leveraging safety and security mechanisms
Self-tests across safety and security
Leveraging error detection safety mechanisms
Eliminating inconsistencies in the error response
Parallels in design principles
Secure coding practices versus safe coding techniques
Synergies and differences in the testing phase
Summary
References
Part 3: Executing the Process to Engineer a Secure Automotive Product
7
A Practical Threat Modeling Approach for Automotive Systems
The fundamentals of performing an effective TARA
Assets
Damage scenarios
Threat scenarios
Attacker model and threat types
Attack paths
Risk assessment methods
Risk treatment
Common pitfalls when preparing a TARA
Defining the appropriate TARA scope
The practical approach
Know your system
Make your assumptions known
Use case-driven analysis
Prepare context and data flow diagrams
Damages versus assets – where to start
Identifying assets with the help of asset categories
Building threat catalogs
Creating attack paths using a system flow diagram
Risk prioritization
Defining cybersecurity goals
Choosing security controls and operational environment (OE) requirements
Tracking shared and accepted risks
Review and signoff
Case study using a digital video recorder (DVR)
Assumptions
Context diagram
Identifying the assets
Damage scenarios
Cybersecurity requirements and controls
Summary
References
8
Vehicle-Level Security Controls
Choosing cybersecurity controls
Challenging areas
Vehicle-level versus ECU-level controls
Policy controls
Secure manufacturing
Challenges
Secure off-board network communication
Wi-Fi
Bluetooth
Cellular
Host-based intrusion detection
Network intrusion detection and prevention (NIDP)
Domain separation and filtering
Sensor authentication
Secure software updates
In-vehicle network protection
CAN message authentication
Ethernet
Securing diagnostic abilities
Security access control via UDS service 0x27
Role-based access control via UDS service 0x29
Securing flash programming services
Secure decommissioning
Summary
Further reading
9
ECU-Level Security Controls
Understanding control actions and layers
Exploring policy controls
Exploring hardware controls
RoT
OTP memory
Hardware-protected keystore
Secure Universal Flash Storage
Cryptographic accelerators
Lockable hardware configuration
CPU security
Isolation through MMUs and MPUs
Encrypted volatile memories
Debug access management
Exploring software security controls
Software debug and configuration management
Secure manufacturing
Key management policies
Multi-stage secure boot
Trusted runtime configuration
TEEs
Secure update
Spatial isolation
Temporal isolation
Encrypted and authenticated filesystems
Runtime execution hardening
Security monitors
Exploring physical security controls
Tamper detection and prevention
Printed circuit board layout pin and trace hiding
Concealment and shielding
Summary
Further reading
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
