Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems
Abstract
:1. Introduction
- Comprehensive analysis of ACN architecture components: We provide a detailed analysis of the fundamental components of a typical ACN architecture, elucidating the role and functionality of each device. This analysis provides a clear understanding of the ACN system’s operation and the interdependencies between its components.
- Security evaluation of ACN architectures using ISO/SAE 21434: We employ ISO/ SAE 21434, a cybersecurity standard designed for automotive systems, to conduct a comprehensive security assessment of ACN architectures. This structured approach categorizes threats based on their severity and identifies potential vulnerabilities that could be exploited.
- In-depth analysis and countermeasures for high-risk ACN threats: We explore the root causes and possible impacts of high-risk threats to ACN systems, enabling the development of effective countermeasures. This detailed examination strengthens the security posture of ACN systems by mitigating the most critical threats.
- The second section delves into related work analogous to the current paper within the context of ACN and threat analysis in the automotive domain.
- The third section introduces the research methodology employed, highlighting the objective of the present work and the research question it seeks to address.
- The fourth section provides an overview of the features essential for the realization of a typical ACN architecture, accompanied by an analysis of selected architectures.
- The fifth section elaborates on the TARA methodology utilized for the security evaluation of the considered architectures.
- The sixth section presents a comparative analysis of the considered system architectures.
- The seventh section meticulously outlines a comprehensive threat analysis of both systems.
- The eighth section aims to engage in a discussion on potential security enhancements to the architectures under consideration. The impetus for this discussion stems from the necessity of providing a practical and tangible response to the threats identified in the seventh section.
- The ninth section concludes the research findings.
2. Related Work
2.1. Secure ACN Systems
2.2. Security Standard
3. Research Methodology
3.1. Research Questions
- RQ1: Which are the components used for creating a typical ACN system?
- RQ2: Which are the typical communication means used in the ACN system for connecting components?
- RQ3: Which are the external services used in the ACN system?
3.2. Study Selection and Data Extraction
- Sensing layer—mobile application, car application, GPS, camera.
- Communication layer—WiFi, Bluetooth, GPS, cellular, IoT.
- Cloud layer—cloud, ML model, ERS system.
3.3. Synthesis
- The dissimilarity between these two architectures primarily lies in the diversity of connectivity options they offer. While one architecture presents a multitude of methods, the other exclusively relies on WiFi. Our focus centers on assessing the ramifications of employing a singular communication method in contrast to an architecture that incorporates a variety of means.
- While alternative architectures may exhibit similar disparities in connectivity, these two stand out as the exclusive implementations integrating a camera system alongside diverse connectivity. This amalgamation represents a novel direction in ACN systems, necessitating thorough consideration and mitigation of privacy concerns.
- A direct comparison of a non-ML-based system with an ML-based system can be achieved by examining these two architectures. This comparative endeavor is driven by the aspiration to contribute valuable insights into the comparative efficacy and performance characteristics of these divergent technological approaches.
4. Feature Description
4.1. Typical Components and Interactions
- In-vehicle communication mechanisms: Sensors typically communicate with ECUs using CAN-bus. Depending on circumstantial evidence and data collected from sensors, some additional modules can be activated to enhance the quality of the input. Upon identifying a possible crash, the ACN system activates communication modules within the vehicle, like cellular or satellite technology. These modules help the transmission of data to external entities.
- Efficient data transmission: A standardized data package dispatched to a dedicated emergency response hub, manned by trained operators. This package commonly includes vital details such as the vehicle’s precise location, impact severity, and in some instances, occupant information.
- Sophisticated crash detection algorithms: Utilizing advanced algorithms, the sensor data are instantaneously assessed to determine if a crash has occurred. These algorithms weigh factors like the seriousness of impact, rapid deceleration, and the collision’s nature to make an accurate evaluation.
- Central emergency response center: The emergency response center receives the data package and promptly dispatches suitable emergency services—ranging from paramedics to law enforcement or fire personnel—to the scene of the accident. The operators in the center can also communicate with the vehicle’s occupants through an integrated communication system.
- User notification mechanisms: Beyond notifying emergency services, some ACN systems may also inform the vehicle’s manufacturer or a designated contact about the crash occurrence. This enables swift communication with concerned parties, including family members.
- Accelerated response: ACN systems are designed to drastically diminish the time between a collision and the arrival of emergency services at the incident site. This holds critical importance in scenarios where immediate medical attention is needed.
4.2. Components and Interactions in Chang et al. [27] Architecture
- Sensor data collection: The ECU receives data from various sensors such as sound, pulse, gyroscope, and accelerometer sensors. These sensors are responsible for gathering different types of data related to vehicle movement, environment, and user well-being.
- Threshold comparison: The received sensor data are compared against predefined thresholds that are set within the ECU. If any of the sensor values cross their respective thresholds, it indicates a potential event of interest, such as a crash or accident.
- Sending data to cloud and deep learning platform: If a sensor value crosses its threshold, the ECU sends the relevant sensor data to the cloud. These data are then forwarded to a deep learning platform for further analysis and decision-making.
- Deep learning model analysis: The deep learning model processes the sensor data to determine whether a crash or accident has occurred. If the model detects that no crash has taken place, no further action is taken and the ECU continues monitoring the sensor data.
- Alert generation for user interaction: If the deep learning model detects a crash or accident, an alert is generated and is displayed on the head unit of the car. The alert likely asks the users if they are alright or not.
- User response handling: If the user responds to the alert and confirms they are okay, the ECU resumes monitoring the sensor data without taking any further action.
- No user response (assumed crash): If the user does not respond to the alert, the ECU assumes a crash has occurred and proceeds with further actions.
- Sending data to TCU: The ECU sends the sensor data, images captured by the camera, and location information fetched from GPS to the TCU.
- Data transmission to cloud: The TCU sends all the collected data (sensor data, images, location) to the cloud.
- Emergency services dispatch: The cloud processes the received data and informs the appropriate emergency services based on the severity and type of accident. This could include paramedics, law enforcement, or fire personnel.
- User-generated alarm: If the user generates an alarm, indicating that they need help, the same sequence of steps are followed as in the case of crash detection.
4.3. Components and Interactions of Khaliq et al. [28] Architecture
- ECU: The ECU receives sensor data from various sensors (temperature, sound, pulse, gyroscope, accelerometer) placed within the car. Then, it compares the received sensor values with predefined thresholds. If any of the sensor values cross their respective thresholds, the ECU triggers an alert.
- Head unit: The head unit receives alerts from the ECU when sensor values cross the thresholds. If a sensor reading is unusual, a message appears on the car’s screen, asking if the occupants are okay.
- User interaction: The user responds to the alert (either confirming they are okay or not responding).
- Crash detection: If the user does not respond to the alert, the ECU interprets it as a crash. The ECU then activates the camera and GPS unit.
- Camera and GPS: The camera captures visual data of the surroundings, while the GPS unit accurately determines the precise location of the vehicle.
- Telematics control unit (TCU): The ECU sends the collected sensor data, images, and GPS location to the TCU. The TCU then aggregates and packages these data.
- Control room: The TCU sends the combined data to the control room. Experts in the control room process and analyze the data.
- Emergency services dispatch: Based on the analysis, appropriate emergency services (paramedics, law enforcement, fire personnel) are informed and dispatched to the accident scene.
- Cloud platform: The crash data are securely saved in a cloud platform. This repository of crash data will be invaluable in refining the system, ensuring more effective responses in future accidents.
4.4. Data Flow Diagrams of the Features
5. Threat Analysis and Risk Assessment (TARA)
5.1. Asset Identification
5.2. Threat Scenario Identification
5.3. Impact Rating
5.4. Attack Path Analysis
5.5. Attack Feasibility Rating
5.6. Risk Value Determination
5.7. Risk Treatment Decision
6. Architectures Comparison
6.1. Chang et al. [27] Architecture
- Sensing layer: This layer is defined as the layer responsible for the sensing of data values to detect the head-on collision in a vehicle. The sensing layer includes the six-axis gyroscope and MEMS sensor with an embedded accelerometer, OBD-II bridge, and GPS. A collision detection system is a continuous process. When a collision occurs, the window of the collision is 0.1 to 0.2 s, as per several reports. When a collision occurs, the data fetched from the above-mentioned sensors is sent to the network layer to further communicate it to the cloud for deep learning analysis.
- Networking layer: Since the development and use of vehicular networks and infrastructure has increased in the past years to automate vehicles and services, there is a dedicated use of the Telemetrics platform in vehicles, which is the main basis for the communication here. The telematics unit uses in-vehicle infotainment (IVI) to update the mobile application. This system uses 3G/4G mobile networks for sending the data to the cloud from the network layer. Messages from the IVI system are directly transmitted to the user via this interface:
- (a)
- Driver information screen: The information is digitized and transmitted to the driver directly through the driving information screen of the IVI system.
- (b)
- Collision detection and alarm screen: The collision detection and alarm screen updates the driver of a car during the driving process. A camera is placed in the front of the vehicle and connected to the proposed IVI system to record real-time streaming images. The collision threshold is defined when the braking is at 4 g and the speed of the car is greater than 80 km/h, as per the Insurance Institute for Highway Safety (IIHS) report for a fatal accident. In such a case, the IVI system will record an image of the abnormal event and upload the relevant information to the cloud-based platform for further vehicle crash-event analysis.
- Application layer: The IVI system utilizes 3G/4G mobile networks to send relevant data to a cloud server database. The recorded data in the cloud database is then utilized to create a data model that can recognize high-speed head-on collisions or accidents involving a single vehicle. In this research, the cloud-based information platform was built using web development tools like hypertext preprocessor (PHP) and Structured Query Language (SQL). This platform facilitates real-time notifications for incidents of high-speed head-on collisions or single-vehicle accidents.
6.2. Khaliq et al. [28] Architecture
- On-board sensors: In order to detect accidents, the on-board sensors constantly track the acceleration and gyroscope data. In case of an accident, the crucial data like the date, time, location of the accident, age, gender, and even images is sent to the edge. This phase has two major features: automatic accident detection with emergency alert, and accident management. The architecture is deployed in the vehicle but also in the nearby control room with the edge gateway. The on-board unit (OBU), where all the sensors are deployed, is constantly active and monitoring the data. When an accident happens, the speed decreases drastically, which can be measured by the accelerometer. Rollovers can be detected by the change in orientation using the gyroscope. In this case information is directly sent to the control room with the information from other sensors. In case of a collision, all the sensors are taken into account. All sensors have pre-defined threshold values, against which the real-time sensor values are checked. If the threshold is crossed by any sensor, the vehicle generates an alert to check for a false alarm. If it is not a false alarm the data are sent to the edge node. Once the data are sent, a nearby hospital dispatches an ambulance with accident-specific first aid.
- IoT gateway: This gateway handles collecting data in the edge node, refining it, and then sending the refined data to the nearby control room edge gateway to save the network bandwidth. The data are transferred via a vehicle ad hoc network, using a Institute of Electrical and Electronics Engineers (IEEE) 802.11n dongle. This node extracts useful data, stores associated pictures, and forwards the processed data. It also has the following features:
- (a)
- Face detection: This is used to identify the number of victims involved in the accident, and the state of the victims, using Open Source Computer Vision Library (OpenCV).
- (b)
- Data pre-processing: Whenever needed, the OBU monitors the sensor data. The data are sent to the edge node, where the data are processed closer to the network i.e., in the control room. Then, the data are transmitted to the cloud for long-term storage. There are two benefits resulting from this: the non-useful information is cleaned beforehand to avoid reducing the network bandwidth, and it simplifies the data in the cloud for easier interpretation. The communication of the edge is achieved using transmission control protocol (TCP)/IP because of its connection-oriented nature and reliability.
- Cloud platform: The central control unit accepts the accident alert notification to take action. It handles receiving data packets, storage, and visualization. We needed a testbed on which to test the implemented system. It required an infrastructure-as-a-service model as per the defined architecture. The web server application Apache was used to build a personal server on a Linux-based operating system. This cloud stores accident data and provides it to the authorities to implement road safety on the most insecure places in a road structure.
6.3. Components Comparison
- Sensing layer: The sensors used in each of the systems are similar. As shown by Table 4, a difference exists between the two architectures. The Chang et al. [27] architecture utilizes fewer sensors but is based on a deep learning model where the user input is required to confirm the model prediction, while the second architecture [28] uses all the sensors mentioned above, and every time the values of these sensors cross the defined threshold, the user is asked to confirm the accident. The first model is based on artificial intelligence (AI) and automation prediction, while the second model is more manual and inaccurate as it will generate more alerts. In the first paper, the sensors are connected to the ECU using various communication technologies, e.g., Bluetooth, WiFi, universal serial bus (USB), CAN, ethernet, and BLE.
- Communication layer: This layer is used to communicate with the vehicles and infrastructure outside the car. As reported in Table 5, the architecture proposed by Chang et al. [27] uses telematics with 3G/4G and cellular services to connect to the outside V2X. This layer also includes networking protocols like BLE, Bluetooth, ethernet, WiFi, and cellular to communicate with in-vehicle sensors and other parts. Bluetooth communicates with the sensors and ECU, ethernet with the camera and ECU, and the CAN bus with the display. On the other hand, the architecture proposed by Khaliq et al. [28] uses this layer to create an ad hoc network dynamically to use V2X to transfer the data to the edge. There the data are refined, filtered, and cached, and face detection takes place to recognize the number of passengers and check the injuries. The communication layer then uses TCP to send the data to the cloud. A comparison of the network protocols used in the above papers is given below.
- Cloud layer: This layer in both architectures is used to contact the emergency services when an accident is detected and confirmed with the user. In the first paper [27], this layer is used to install the deep learning model. It checks if the accident has taken place by analyzing the data provided by the sensors and other mounted devices, and then contacts the emergency services with all the vehicle data and the prediction from the model. The second paper [28] uses this unit to accept the accident alert notification to contact the emergency services. It handles receiving data packets, storage, and visualization, and shares the statistics with the authorities to implement accident countermeasures.
6.4. Security Comparison
6.4.1. Security Analysis of Chang et al. [27] Architecture
- Very Low Risk Threats: This category represents the lowest possible level of threat to the component that it relates to, and through the application of TARA we concluded that 106 (33%) of all of the threats fitted into this level of risk.From the above statistical analysis, we can draw conclusions. The highest percentage of very low risk threats comes from elevation of privilege (40% of total elevation of privilege (EoP) threats), which corresponds to putting more authorization in sensors, which is not possible as most sensors are permanently configured and calibrated during manufacturing. The least come from spoofing (12.5%), as it is a major risk. Important assets can be spoofed to cause harm to the user. Other threats contribute almost one third to the very low risk category as those attacks on the assets would not cause trouble for the user.
- Low-Risk Threats: This category represents a low level of threat to the component that it relates to. Through the application of TARA we concluded that 64 (19.9%) of all of the threats fitted into this level of risk. From the above analysis, it is clear that a low percentage of threats fall into this category, with the highest percentage of these being information disclosure threats (25%). Information disclosure of assets like temperature sensor, pulse sensor, and accelerometer data would not harm the user physically or cause failure of systems. The lowest percentage of low-risk threats is elevation of privilege threats, with only one threat (6.7%). There is no compromising event that an attacker can cause, only the control over the display can be obtained. The rest of the attacks contribute less than 20%.
- Medium-Risk Threats: The threats presented here are the ones that are classified as medium risk, through the application of TARA. We concluded that 112 (34.9%) of all of the threats fitted into this level of risk.It is evident that information disclosure threats and spoofing contribute the most to the medium-risk threat category. When the information of some of the assets can be monitored by the attacker, harm could be done to the user. For example, the TCU or ECU can be attacked to check the communication within and outside the system or track all the car data that run through the ECU. Repudiation contributes the least to this category as repudiation of only a few selected components can cause damage to the user. For example, repudiation of GPS can occur, where the attacker can send wrong GPS information to the user as well as to the emergency services, which can be threatening. The rest of the threats also contribute a large amount to this category as they can cause critical damage depending on the attacked asset, e.g., DoS on the ECU can compromise all functions of the car, and tampering can give control to the attacker completely.
- High-Risk Threats: This category represents the highest possible level of threat to the component that it relates to, and through our analysis, we concluded that 39 (12.1%) of all of the threats fitted into this level of risk. A dokeeper analysis will be given in the next section.
6.4.2. Security Analysis of Khaliq et al. [28] Architecture
- Very Low Risk Threats: We concluded that 96 (31.9%) of all of the threats fitted into this level of risk. By looking at the percentage distribution of each type of threat within each risk category, it is noticeable how evenly they are all distributed. The lowest value is 26.7% and the highest is 37.5%, corresponding to spoofing and elevation of privilege, and information disclosure, respectively. The latter concerns privacy risks associated with violation of confidentiality, thus does not carry a high risk for the safety or operability of the ACN. Other threats such as tampering or denial of service, whose risk is usually high, fall within this region because they are associated with non-critical components, for which the vehicle behavior is not compromised, like sound or pulse sensors. Lastly, for spoofing or elevation of privilege, these percentage values are once again associated with low-importance sensors, which will not impact the ACN considerably.
- Low-Risk Threats: We conclude that the paper has 68 low-risk threats in total (22.6%).We noticed that there are no repudiation threats associated with a low risk level, with them being concentrated more on the medium and high levels. The same logic applies to the low level of spoofing and elevation of privilege threats. Although there are fifteen threats present, these represent only 17% of the total information disclosure threats. This is mainly because information disclosure of extremely sensitive private data falls under a higher level of risk. For example, when the information disclosed relates to the gyroscope, cloud, or accelerometer, it can relate to a low risk level as it does not allow attacker to interfere with the ACN functionality. About 27.3% of denial of service attacks are categorized as low risk level. This is mainly because certain components being out of commission by a denial of service does not directly affect the functioning of the overall ACN system, for example, the gyroscope, cloud, and OBD. Lastly, the highest percentage of overall threats present in the low level of risk are related to tampering. This is mainly because there are many components, whose tampering does not affect the overall functionality of the system, similarly to denial of service.
- Medium-Risk Threats: Through the analysis we found that 92 (30.6%) of the threats belong to this category. It is important to note that for each type of threat the percentage of medium threats is near 25%, which means that at least a quarter of the threats are medium risk level. When we talk about the automotive scenario and ACN functionality it is more likely that all threats will not have a very high impact, but also not a low impact. So, the rest of the threats will be split among the others risk levels. Looking into each percentage, we see that denial of service is the lowest, which is expected because normally this threat will represent a high level of risk. Finally, spoofing has the highest percentage here. Within the context of ACN functionality, this threat usually has clearly a medium level of risk; as we have stated, the majority of these threats have a low severity level and a high feasibility level or vice-versa. The elements affected also correspond to some of the most important in the vehicle, but attacking them will most likely be quite infeasible or the earnings from it will not compensate for the effort; this is why most of these spoofing attacks are medium-level risk. Finally, spoofing has the highest percentage here, which again is not a surprise because this threat is something that cannot pose a high level of threat, but it cannot ignored too, so a medium level is a normal value for this.
- High-Risk Threats: Through the application of TARA we concluded that 45 (15%) of all of the threats fitted into this level of risk, a deeper analysis is given in the next section.
7. Risk Analysis
7.1. ECU
7.1.1. Tampering
- ComponentSecurity risk: If unauthorized individuals gain access to the ECU and tamper with its functionality, they could intentionally trigger false crash notifications. This could lead to unnecessary deployment of emergency services, wasting resources, and causing confusion. In some cases, tampering with the ECU might be achieved by modifying the log files of the insurance about crashes. This can result in financial losses for insurance companies and increased premiums for users. Tampering with the ECU could also potentially compromise the privacy of the vehicle owner, as the attacker might collect data beyond crash-related information and expose sensitive personal data.Security measures: Encryption can be used to ensure that communication between the ECU and other components of the system is encrypted, making it difficult for unauthorized parties to intercept or manipulate data. Intrusion detection mechanisms can also be incorporated to detect and respond to attempts to tamper with the ECU. For instance, if unauthorized changes are detected, the system might disable itself or start security protocols.
- PortsSecurity risk: If the ECU port is tampered with, the ACN system may not receive accurate crash data on time. This could result in delayed or no response from emergency services, putting the safety of the vehicle occupants at risk. In some cases, attackers might target the ECU port with the intention of disrupting the ACN service. This could lead to a complete or partial service outage, leaving users without the safety features they rely on.Security measures: Firewalls can be used to segment the network and restrict direct access to the ECU port. Hashes of sensor data can be computed and stored by the ECU. The ACN system can compare these hashes with the received data to detect any discrepancies that may indicate tampering. The ACN system can also digitally sign the data it sends to the ECU. This signature verifies the authenticity of the data and ensures that it has not been altered since being signed. Strong authentication mechanisms can also be used to ensure that only authorized personnel or systems can access the ECU port. This prevents unauthorized tampering attempts.
- ConnectionsSecurity risk: The TCU is responsible for relaying critical information to emergency services. Tampering with the connection between the ECU and TCU can lead to delays or failures in transmitting crash data to these services, resulting in slower response times. Delays in emergency response can have severe consequences, particularly in situations where prompt assistance is crucial. Tampering with ECU connections to the TCU can also lead to service outages or system failures. These outages can result in the complete loss of ACN functionality, rendering the system incapable of providing any crash-related notifications.Security measures: The secure on-board communication protocol (SecOC) protocol can implemented to establish secure communication channels between the ECU and other components, such as the TCU. During the initialization process, the SecOC protocol can also be utilized for secure bootstrapping to ensure that the ECU authenticates itself before data exchange begins.
7.1.2. Denial of Service (DoS)
- Ports and ConnectionsSecurity risk: A DoS attack on the ECU would result in the complete shutdown of the entire automatic crash notification system. This is because it would become impossible to receive information from sensors that detect accidents and to communicate with the components responsible for triggering the alarm.Security measure: By implementing a firewall and an intrusion detection system (IDS), it is possible to establish an effective defense against DoS attacks directed at the ECU within connected vehicles. The firewall filters incoming and outgoing traffic, allowing only legitimate communications while blocking suspicious or harmful ones. The IDS constantly monitors system activity to identify any unusual traffic patterns associated with a DoS attack. Upon detecting signs of overload or malicious traffic, the firewall can react promptly by blocking connections from malicious sources and initiating mitigation measures.
7.1.3. Elevation of Privilege
- ComponentSecurity risk: The (main) ECU is the main component in the vehicle’s electronic control and is where all sensors and devices converge. As such, it is of high value for a potential malicious actor. The attack path is either physically to the CAN bus, locally via OBD-II, or via a vulnerable network interface to the TCU and then to the ECU. The access to the ECU provides read-only access to the information retrieved or sent by the ECU. An elevation-of-privilege attack towards the ECU allows the actor to change data, and damage other connected devices or the ECU itself. Some motivations for this attack range from clearing diagnostic trouble codes (DTCs), reconfiguring parameters, enabling paid-only features, or even damaging car electronics beyond repair (e.g., a ransomware attack).Security measure: The standard security controls for mitigating this risk are through authentication, role-based control, the least privilege principle, or multi-factor authentication.
7.1.4. Repudiation
- ComponentSecurity risk: The ECU could be compromised by a malicious attacker through the exploitation of the WiFi module and the TCU. In the absence of a reliable non-repudiation mechanism, any malicious activity performed on the ECU—and consequently affecting the entire vehicle—could be denied later on. Such a scenario has the potential to result in substantial operational and safety consequences for the entire system, ultimately undermining the effectiveness of critical features like the ACN.Security measure: Implementing digital signatures with asymmetric keys provided by reputable third parties stands out as a highly effective approach in guaranteeing non-repudiation. By adopting this method, the recipient of the message gains an accentuated sense of assurance, as it verifies the origin of the content to the intended source.
7.2. TCU
7.2.1. Tampering
- Ports and CommunicationsSecurity risk: The TCU is a controller that gathers and packages the GPS location, pictures, and sensor data from the ECU before sending them to outside services. Tampering assaults in the TCU have the power to alter the behavior of the device to the attacker’s advantage. By changing the properties of the transmission route, communication attacks can be either physical or virtual. Ports for input and output must be secured against these attacks.Security measure: One common method for preventing tampering attacks is the usage of data integrity checks by leveraging cryptographic hash functions. The ECU can calculate a cryptographic hash of the collected data and send it to the TCU. Upon receiving the data, the TCU recalculates the hash using the same algorithm and compares it. If they match, it indicates that the data has not been tampered with during transmission, securing both the outgoing and incoming communications. A trusted platform module (TPM) can be used for speeding up the encryption and decryption process using hardware acceleration.
7.2.2. Denial of Service
- ComponentSecurity risk: If unauthorized individuals are able to perform DoS on the TCU, the attacker will be able to block all the outgoing and incoming vehicle communication. Moreover, the in-vehicle functions communicate with each other using the networking protocols enabled by the TCU, making the entire communication system not available.Security measure: The communication between the TCU and external devices can be equipped with frequency-hopping spread spectrum (FHSS), which is a technique for hopping between random radio frequencies in a short amount of time. Such hopping in frequency is used to send and receive data on changing carriers that can help block DoS packages. The usage of hardware- or software-based solutions can be applied as an alternative to FHSS. A typical solution for preventing DoS attacks is the use of firewall-based applications that aim at preventing flooding attacks by detecting malicious traffic.
7.2.3. Elevation of Privilege
- ComponentSecurity risk: The TCU is the component in the car in charge of external communication, so in charge of V2X. The attack path is either physically to the CAN bus, locally via OBD-II, or via a vulnerable network interface to the TCU. The access to the TCU provides read-only access to the information retrieved or sent by the TCU as well as possible lateral movement to other ECUs. An elevation-of-privilege attack towards the TCU allows the actor to change data or damage other connected devices or the TCU itself. Some motivations for such an attack range from clearing DTCs, reconfiguring parameters, enabling paid-only features, allowing lateral movements, or even damaging car electronics beyond repair (e.g., a ransomware attack).Security measure: The standard security controls for mitigating this risk are through authentication, role-based control, the least privilege principle, or multi-factor authentication.
7.2.4. Information Disclosure
- Ports and CommunicationsSecurity risk: Threats to the TCU component’s information leakage may result in privacy concerns over the collection of sensitive information such as photographs shot with a camera. The most well-known attack in this area is the so-called man in the middle (MITM), which is carried out by listening to wireless transmission while utilizing a promiscuous antenna. One of the main hazards of information leakage is the packets collected in combination with bad data encryption.Security measure: MITM attacks cannot be avoided directly since a wireless channel is always available and can be listened to at any time, but some techniques can be used for obfuscating the content that flows on channels. Data encryption can be applied using a symmetric-key approach like Advanced Encryption Standard (AES) or session-key-based communication can be established between nodes in order to securely exchange data over the channel.
7.2.5. Repudiation
- ComponentSecurity risk: In the event of an ongoing MITM attack targeting the TCU communication, the absence of non-repudiation techniques becomes a critical concern. This vulnerability opens the door for the attacker to either steal sensitive data or inject falsified information into the system. In the latter scenario, the system would incorporate these data alongside legitimate inputs, eroding its reliability and undermining its intended functionality. Consequently, both the optimal operation of the vehicle and the safety of the driver could be compromised, especially in the event of a serious incident necessitating the activation of the ACN.Security measure: Among the most potent strategies to establish non-repudiation is the implementation of digital signatures utilizing asymmetric keys issued by trusted third parties. This approach instills confidence in the message recipient regarding the origin of the content, ensuring its authenticity. Also, in this case, TPM can be used to reduce the overhead introduced with digital signatures.
7.3. Emergency Response Service
7.3.1. Tampering
- ComponentSecurity risk: ERS tampering leads to a deliberate delay or obstruction of responses to emergencies, dissemination of inaccurate information leading to incorrect decisions, misallocation of resources, and compromise of operational efficiency. The attacker engages in activities such as manipulating data, modifying processes, or changing communication channels within the emergency response team, that is, compromising the integrity of the ERS system.Security measure: Measures like implementing strong access controls to limit who can interact with the system, user authentication and authorization mechanisms, database integrity verification using cryptographic hashes and digital signatures, system logging and auditing which records every database modification, and network segmentation to shrink the attack surface by isolating critical system components can be used.
- Ports and CommunicationSecurity risk: Tampering with ERS ports introduces both safety and privacy risks. If ERS is not able to correctly receive data, it will not be able to help the driver when needed. Moreover, considering the connection to the internet of such a component, many checks must be performed in order to avoid possible port tampering.Security measure: Like in the case of component analysis, in this case, possible countermeasures relate to authentication and traffic control. Securing the entire communication can prevent port tampering and reduce the overall risk.
7.3.2. Denial of Service
- ComponentSecurity risk: A DoS performed on the ERS could lead to a situation where the service becomes unavailable, potentially preventing critical crash notifications. This could be due to overwhelming traffic, malicious attacks, or technical failures.Security measure: It is possible to prevent DoS attacks through multiple mechanisms that can be applied directly to the server. By enforcing rate limits on incoming requests, it is possible to prevent excessive traffic from a single source. By applying anomaly detection mechanisms, the system can identify unusual traffic patterns that could indicate an attack. Web application firewall (WAF): Employ a WAF to filter and block malicious traffic before it reaches the web service. content delivery network (CDN): Use a CDN to distribute traffic and absorb distributed denial of service (DDoS) attacks, improving availability. Redundancy and failover: Set up redundant servers in different geographical regions and implement failover mechanisms to maintain service in case of a failure.
- PortsSecurity risk: DoS attacks on ports are high risk because they disrupt critical network services, causing downtime, data loss, and financial harm. Limited resources, collateral damage, reputation loss, and potential legal consequences make these attacks highly damaging.Security measures: Network-level protection: Firewalls—deploy firewalls to filter incoming traffic and block suspicious or excessive requests to the ports. Intrusion detection/ prevention systems (IDS/IPS)—use IDS/IPS systems to detect and prevent unauthorized access or abnormal traffic patterns. Access control list (ACL)—configure ACLs on network devices to allow only legitimate traffic to reach the ports. Encryption and authentication: Encryption—use encryption (e.g., hypertext transfer protocol secure (HTTPS)) to secure communication between clients and the web service, preventing unauthorized access and tampering. Authentication—install strong authentication mechanisms to ensure that only authorized users can access the service.
7.3.3. Elevation of Privilege
- ComponentSecurity risk: Considering the huge number of ports that are typically opened on a server and the multiple exploitation shown for performing privilege escalation this threat is particularly relevant since an attacker might be able to change the server configuration in order to deny access to the emergency services.Security measure: A typical countermeasure could be the IDS and firewall, both aiming at reducing the possible attacks. Moreover, considering that privilege escalation is usually associated with database systems, a simple denying port service could be enough.
7.3.4. Spoofing
- ComponentSecurity risk: Unauthorized persons can manipulate ERS components to intentionally trigger false crash notifications. This can lead to unnecessary deployment of emergency services, wasting resources, and causing confusion.Security measure: A possible mitigation may based on appropriate authentication mechanisms for the cloud.
7.3.5. Information Disclosure
- PortsSecurity risk: In the event of compromised communication between an autonomous vehicle and emergency services, the outcome can be ineffective, potentially culminating in accidents, harm, or even loss of life.Security measure: Enable the vehicle to communicate via multiple technologies, such as cellular networks, dedicated short-range communication (DSRC), and satellite links. This minimizes the likelihood of total communication breakdown.
7.4. Cloud
7.4.1. Denial of Service
- Ports and CommunicationSecurity risk: The cloud has a high-level of risk because the access vector is the network (the attacker only needs network access), and also because the operational impact is high. For example, if a crash occurs and the port is not working, the cloud will not be notified and this can result in bad consequences for the passengers.Security measures: A solution for this would be rate-limiting. Implementing a mechanism to limit the rate for the cloud can mitigate the risk level for denial of service of the cloud.
7.4.2. Spoofing
- ComponentSecurity risk: If someone is spoofing the cloud, they can obtain access to it by pretending they are someone else. The attacker can obtain data about the road user from the cloud. In some cases this can result in obtaining the user’s passwords and infotainment. The privacy of the road user will be highly affected. Also, the risk can be considered high because the attack vector is high, so the attacker can obtain access to the cloud via the internet.Security measures: Authentication can be a good solution for this attack. By implementing an authentication mechanism for the cloud, other entities cannot gain unauthorized access to the cloud.
7.4.3. Information Disclosure
- ComponentSecurity risk: The cloud has a high-level privacy risk because the attacker can potentially access the road user’s data from an access vector due to the always available resource on the network (the attacker only needs network access). Regarding financial losses, the company can suffer financial losses depending on the stolen information.Security measures: It is possible to leverage asymmetric encryption to protect road users data by encrypting them using a user private key, which can be exchanged with the legitimate destination of the data, or using proxy re-encryption [59], which is a special type of encryption. Such a technique allows a proxy (hosted in the cloud in our use case) to transform ciphertexts from one key to another without the proxy being able to learn any information about the original message. The cloud should implement encryption protection so that attackers cannot easily obtain access to the data.
7.5. WiFi
7.5.1. Tampering
- CommunicationsAn attacker can gain unauthorized access to the communication between the vehicle’s WiFi module sending data to the TCU, and thus tamper with the messages. Exploitation of this vulnerability can lead to the compromise of the vehicle software. Altered data reaching the WiFi module could significantly affect the operations: vehicle systems, performance, and operational decisions. Tampering with data exchange could expose or manipulate sensitive information, violating user privacy and security.Security measures: Measures that can be implemented are data integrity checks and proper penetration testing. For data integrity, checks can use cryptographic hashing or digital signatures in order to verify the integrity of the data during transmission.
7.5.2. Denial of Service (DoS)
- CommunicationsSecurity risk: If the attacker possesses knowledge about the network where the communication between the ERS and the vehicle occurs, they can execute a DoS attack by sending multiple packets to the ERS. The ERS not being able to receive information about an accident could have a severe impact on the road users’ safety. Also, the operation of the entire ACN system is compromised.Security measures: To mitigate the risk of this attack, firewalls and access control lists should be implemented in order to restrict communication between devices on the network. They would only allow necessary traffic to and from the ERS system. Other possible measures are rate limiting, load balancing, and anomaly detection.
7.5.3. Spoofing
- ComponentSecurity risk: If the information exchange is not properly protected, the attacker can gain access to WiFi and execute a spoofing attack by exploiting the Bluetooth interface and then gain access to the TCU and then to the WiFi module. Spoofing might allow the manipulation of certain features by an unauthorized user, leading to major safety complications. On the privacy side, the attacker could trick users into sharing personal information, which could be used for identity theft and fraudulent activities.Security measures: In order to mitigate this risk, the latest security protocol should be implemented, wireless protected access (WPA3), which provides stronger encryption and protection against brute force attacks.
7.6. Edge Gateway
7.6.1. Tampering
- ComponentSecurity risk: The risk associated with tampering with the edge gateway presents a threat with far-reaching implications. In this context, the edge gateway lacks a validation mechanism for incoming information, leaving it vulnerable to being tampered with by malicious actors. This vulnerability opens the door for attackers to manipulate the information before it reaches the edge gateway, enabling them to introduce erroneous data into the system. This lack of integrity checks introduces a severe risk, as the compromised information could potentially mislead emergency services, causing incorrect actions to be taken based on the tampered-with data.Security measures: To counter the risk of data tampering, implementing data integrity verification mechanisms is essential. Employing techniques like message authentication codes media access controls (MACs) or digital signatures can ensure that the information received by the edge gateway remains unaltered and originates from a trusted source.
7.6.2. Denial of Service (DoS)
- ComponentSecurity risk: The risk of denial of service (DoS) of edge gateway poses a critical threat with potentially severe consequences. In this context, an attacker with access to the WiFi network and sufficient resources can orchestrate a DoS attack, effectively overwhelming the edge gateway. By exploiting vulnerabilities such as those leading to a SYN flood attack, the attacker can inundate the edge gateway with a barrage of malicious requests. This vulnerability could lead to a severe disruption of service, rendering the edge gateway incapable of processing legitimate emergency requests.Security measures: Employing DDoS mitigation solutions can help detect and mitigate such attacks in real time. These solutions analyze incoming traffic patterns and automatically filter out malicious traffic, ensuring that legitimate requests reach the edge gateway. For example, implementing traffic monitoring and anomaly detection systems to identify unusual spikes in traffic patterns that could be indicative of a DoS attack.
7.6.3. Information Disclosure
- ComponentSecurity risk: The vulnerability of information disclosure of the edge gateway presents a significant high-risk scenario. In this context, the edge gateway lacks encryption for the information it receives, rendering it susceptible to man-in-the-middle attacks. This exposes a critical weakness in the system’s security architecture, allowing attackers to intercept and potentially steal sensitive data during transmission. The absence of encryption heightens the risk of unauthorized access, potentially compromising the integrity of the emergency communication process and the confidentiality of the transmitted information.Security measures: To mitigate the risk of information disclosure, it is imperative to implement robust encryption mechanisms. Encrypting the information transmitted to the edge gateway ensures that even if intercepted, the data remains unreadable to unauthorized parties, safeguarding the confidentiality and integrity of the communication.
7.6.4. Elevation of Privilege
- ComponentSecurity risk: If the attacker finds vulnerabilities in the authentication, for example, using a brute force attack or social engineering, they may be able to find out the password of the admin account. This leads to them gaining high-level privileges to the edge gateway. This could lead to a severe safety impact, like dispatching a fake call or denying the service. In order to isolate and fix the consequences of the attack, a lot of resources are consumed. The whole system could be compromised, and the attacker could obtain access to sensitive data.Security measures: In order to mitigate the attack risk, strong access controls should be implemented to limit who can access the edge gateway. The principle of least privilege is recommended, ensuring that users only have the permissions necessary for their tasks. Also, firewalls can be deployed to filter incoming and outgoing traffic, blocking unauthorized access attempts.
7.6.5. Repudiation
- ComponentSecurity risk: If the edge gateway has multiple legitimate accounts, the attacker might gain access to one of them and compromise the non-repudiation principle. This attack may compromise the whole system and also cause a major privacy impact, as important data can be stolen.Security measures: For mitigation, comprehensive logging of all relevant activities should be enabled on the edge gateway. Also, a trusted execution environment can be used, as well as multiple-factor authentication.
7.7. Camera
7.7.1. Tampering
- ComponentSecurity risk: Tampering with the camera itself in an ACN system compromises the accuracy of the crash data, potentially leading to inaccurate emergency response, delayed aid, and challenges in insurance claims processing. This endangers lives, undermines accountability, and hampers the system’s overall effectiveness.Security measures: Physical tamper-evident enclosures: Implementing tamper-evident enclosures for cameras can deter unauthorized access. These enclosures are designed to show clear signs of tampering if someone tries to open or manipulate the camera, alerting administrators to potential breaches.
- PortsSecurity risk: Tampering with the port connecting the ACN camera compromises the integrity of the data transmission, potentially leading to delayed or disrupted crash notifications. This can result in delayed emergency responses and hinder accurate accident reporting.Security measures: Intrusion detection algorithms that monitor the connection status and data flow through the ports can be implemented. Any abnormal patterns or unauthorized access attempts trigger alerts, allowing administrators to take appropriate action.
7.7.2. Denial of Service
- ComponentSecurity risk: Denial of service attacks targeting the camera can disrupt crash data collection and transmission, leading to delayed or missed crash notifications. This compromises the emergency response, hampers insurance claims processing, and undermines the overall effectiveness of the ACN system.Security measures: intrusion prevention systems (IPS) can be deployed to track network traffic and detect patterns indicative of DoS attacks. The system can automatically block or mitigate traffic from suspected attackers, ensuring the camera’s availability and data integrity.
- PortsSecurity risk: Denial of service attacks targeting the port connecting the ACN camera disrupt data transmission, leading to delayed crash notifications and compromised emergency response efforts.Security measures: The implementation of rate limiting on incoming connections to the port can prevent overload on the port with excessive requests and reduce the risk of DoS attacks causing disruptions in data transmission.
7.7.3. Elevation of Privilege
- ComponentSecurity risk: Elevation-of-privilege targeting of ACN camera systems is a significant concern as it allows unauthorized access to gain higher-level control, potentially compromising the integrity of accident data and system operations. This can lead to falsified crash reports, delayed emergency responses, and hindered insurance claims processing, undermining the overall effectiveness of ACN systems.Security measures: To mitigate this threat, multi-factor authentication (MFA) can be used. Implementing MFA requires users to provide many forms of verification before accessing ACN camera controls. This could include a combination of something they know (password), something they have (security token), or something they are (biometric data). MFA strengthens access controls and prevents unauthorized users from gaining elevated privileges, enhancing the security of the ACN camera system.
7.7.4. Repudiation
- ComponentSecurity risk: Repudiation threats against ACN camera systems are a critical concern as they enable malicious users to deny their involvement in recorded incidents, leading to legal and accountability issues. This jeopardizes the reliability of accident data, emergency response efforts, and insurance claims, undermining the trustworthiness of ACN systems.Security measure: Implementing digital signatures for all captured crash data and maintaining comprehensive audit logs can counter repudiation attempts. Digital signatures provide a unique and verifiable identifier for each piece of data, ensuring its authenticity and origin. Audit logs record all interactions and changes made to the system, creating a trail of evidence that can be used to confirm the legitimacy of the actions taken. These measures collectively deter users from denying their involvement in modifying or deleting crash data.
7.8. GPS
Repudiation
- ComponentSecurity risk: A critical risk lies in the potential compromise of non-repudiation within the GPS component of the ACN system, with implications that extend far beyond mere data manipulation. This vulnerability threatens the accuracy and reliability of crash event notifications, potentially leading to delayed or inadequate emergency responses and legal complications.Security measures: To mitigate this, the integration of robust cryptographic signatures, secure time synchronization, and immutable logs, combined with the use of hardware security modules (HSMs) and secure time synchronization protocols, bolsters the accuracy and veracity of GPS data. Digital certificates and public key infrastructure (PKI) facilitate trusted sender authentication, while anomaly detection and IPS monitor data streams for irregularities. Implementing redundant GPS sensors, frequent auditing, real-time data validation, and secure cross-referencing aligns with the security enhancements proposed in the system’s architecture. These measures collectively ensure data integrity, origin verification, and effective operation of the ACN system while preserving user safety and privacy.
7.9. Machine Learning
7.9.1. Tampering
- ComponentSecurity risk: The ML component is placed at a remote location and carries out the execution of algorithms to determine the initiation of an emergency response. Tampering with this component can lead to incorrect prediction, which means that some possible emergencies are not correctly detected. Typical attacks consist of data poisoning and other attacks which lead to confusing the model.Security measures: Data validation must be put in place by regularly validating the data used for training.
- PortsSecurity risk: An attacker can tamper with the connection between the ML and the cloud via network, thus making it a high risk level. The safety of the passengers can be highly affected. For instance, if a crash occurs, the ML program will not be able to communicate with the cloud. In this situation, there will be a big financial impact because if there is a false alarm, sending out the emergency services still costs a lot.Security measures: The communication between the ML and the cloud can be ensured through encryption. Communication between the cloud and ML units should implement encryption mechanisms to ensure that the communication remains secure and unaltered.
7.9.2. Repudiation
- ComponentSecurity risk: The absence of non-repudiation may assist a malevolent attacker in obtaining data from an untrustworthy source. This could have significant safety implications in the event of an accident, as the systems notifying the ERS might not be accessible, potentially leading to serious or even fatal injuries. Even without considering the security repercussions for the road users, the operational ramifications are also noteworthy. This is due to the fact that the lack of ACN continues to signify a significant failure of a core feature.Security measures: To mitigate the absence of non-repudiation, digital signatures remain one of the most potent methods. Thus, the machine learning service should incorporate asymmetric encryption for every data piece transmitted or received.
7.10. Privacy Measures
- Linkability: Apparently unrelated data can be linked together to identify a person or reveal sensitive information.
- Identifiability: An individual can be identified through a collection of data.
- Non-repudiation: The ability of an individual to deny an action or event they have undertaken.
- Detectability: Detecting that a user’s personal data has been collected and used without their consent.
- Disclosure of information: Collected data are disclosed to unauthorized third parties.
- Unawareness: The user is unaware that specific data are being collected.
- Non-compliance: The organization does not conform to privacy policies and laws.
- Differential privacy: Ensures that the addition or removal of a single individual’s data does not significantly impact the results of a data analysis. It allows for the collection of aggregate information while minimizing the risk of identifying individual contributors.
- Synthetic data: Generating artificial data that retains statistical properties of the original dataset, but does not contain actual sensitive information. This helps in sharing information for analysis while maintaining privacy.
- Homomorphic encryption: An encryption that allows computations to be performed on encrypted data without decrypting it first, preserving privacy during data processing.
- Zero-knowledge proofs: Allows it to be proved that a statement is true, without revealing any specific information about the statement itself.
- Trusted execution environments: Secure hardware-based environments that ensure the confidentiality and integrity of computations and data even in the presence of potentially compromised software.
- Secure multiparty computation: Enabling multiple parties to perform joint computations on their private data without revealing the actual data to each other.
- Private set intersection: A cryptographic technique that allows the intersection of their datasets to be determined without sharing the actual data contained within them.
- Federated learning: A machine learning approach where models are trained across decentralized devices or servers, allowing data to remain local and reducing the need for centralized data sharing.
8. Suggested Improvements
8.1. Encryption, Authentication, and Access Control
8.2. Intrusion Detection System
9. Conclusions
- User privacy: One of the first steps is to expand the scope of our analysis to consider how the system handles user data. This includes examining the practices for collecting, storing, and using data. It is important to look at how long data are retained and the potential for unauthorized access to these data. Decentralization solutions are expanding and can be provided by moving the data collected in the automotive context away from centralized servers, leveraging techniques related to user-centric data spaces.
- Ethical considerations: It is not just about technology; there are ethical dimensions to securing the ACN system. This involves diving deep into the moral and societal consequences of our actions. We must consider the safety of users, their privacy rights, and our responsibility as system developers. Establishing ethical disclosure practices for vulnerabilities is critical to maintaining trust and transparency. Modifications to Equation (1) can be applied in order to add the ethical impact (EI) of the considered feature.
- Autonomous system and regulatory compliance: We also need to ensure that our security measures align with legal and regulatory frameworks related to autonomous systems. This involves researching and understanding the specific rules and standards that apply to automated systems, which have always been characterized by privacy issues, such as in the case of GDPR. Compliance not only keeps us within the bounds of the law but also enhances security.
- Risk value determination: The parameters considered in Equation (1) consider the same weight for all the impacts (safety, financial, operational and privacy), but in some cases this is not completely correct. For example, certain parameters can be prioritized based on the application or business requirements, so that the equation can be modified as follows:
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
AACN | advanced automatic collision notification |
ACL | access control list |
ACN | automatic collision notification |
ADAS | advanced driver assistance system |
AES | Advanced Encryption Standard |
AI | artificial intelligence |
BLE | Bluetooth low energy |
BT | Bluetooth |
CAN | controller area network |
CDN | content delivery network |
CMI | crash momentum index |
CSI | crash severity index |
CVSS | Common Vulnerability Scoring System |
DDoS | distributed denial of service |
DoS | denial of service |
DSRC | dedicated short-range communication |
DTC | diagnostic trouble code |
GDPR | General Data Protection Regulation |
eCall | emergency call |
ECU | electronic control unit |
EDR | event data recorder |
EES | energy equivalent speed |
EoP | elevation of privilege |
ERS | emergency response service |
FHSS | frequency-hopping spread spectrum |
GNSS | Global Navigation Satellite System |
GPS | Global Positioning System |
GSM | Global System for Mobile Communications |
HSM | hardware security module |
HTTPS | hypertext transfer protocol secure |
I-V | in-vehicle |
IDS | intrusion detection system |
IEEE | Institute of Electrical and Electronics Engineers |
IIHS | Insurance Institute for Highway Safety |
IoT | internet of things |
IoV | internet of vehicles |
IPS | intrusion prevention systems |
IR | impact response |
ISO | International Organization for Standardization |
IVI | in-vehicle infotainment |
LoRa | long range |
MAC | media access control |
MEMS | micro-electro-mechanical system |
MFA | multi-factor authentication |
MITM | man in the middle |
ML | machine learning |
OBD | on-board diagnostics |
OBU | on-board unit |
OEM | original equipment manufacturer |
OpenCV | Open Source Computer Vision Library |
PCIs | pre-crash indicators |
PHP | hypertext preprocessor |
PKI | public key infrastructure |
pre | previous |
SAE | Society of Automotive Engineers |
SecOC | secure on-board communication protocol |
SMS | short message service |
SQL | Structured Query Language |
STRIDE | spoofing; tampering; repudiation; information disclosure; denial of service; elevation of privilege |
TARA | threat analysis and risk assessment |
TPM | trusted platform module |
TCP | transmission control protocol |
TCU | telematics control unit |
UART | universal asynchronous receiver/transmitter |
USB | universal serial bus |
V2C | vehicle-to-cloud |
V2I | vehicle-to-infrastructure |
V2P | vehicle-to-pedestrian |
V2V | vehicle-to-vehicle |
V2X | vehicle-to-everything |
WAF | web application firewall |
References
- Rahim, M.A.; Rahman, M.A.; Rahman, M.M.; Asyhari, A.T.; Bhuiyan, M.Z.A.; Ramasamy, D. Evolution of IoT-enabled connectivity and applications in automotive industry: A review. Veh. Commun. 2021, 27, 100285. [Google Scholar] [CrossRef]
- Mahmood, Z. Connected vehicles in the IoV: Concepts, technologies and architectures. In Connected Vehicles in the Internet of Things: Concepts, Technologies and Frameworks for the IoV; Springer: Berlin/Heidelberg, Germany, 2020; pp. 3–18. [Google Scholar]
- Scanlon, J.M.; Sherony, R.; Gabler, H.C. Injury mitigation estimates for an intersection driver assistance system in straight crossing path crashes in the United States. Traffic Inj. Prev. 2017, 18, S9–S17. [Google Scholar] [CrossRef]
- Spicer, R.; Vahabaghaie, A.; Bahouth, G.; Drees, L.; Martinez von Bülow, R.; Baur, P. Field effectiveness evaluation of advanced driver assistance systems. Traffic Inj. Prev. 2018, 19, S91–S95. [Google Scholar] [CrossRef] [PubMed]
- ISO/SAE 21434:2020; Road Vehicles—Cybersecurity Engineering. International Organization for Standardization and Society of Automotive Engineers. Available online: https://www.iso.org/standard/71639.html (accessed on 1 October 2023).
- Costantino, G.; De Vincenzi, M.; Matteucci, I. In-depth exploration of ISO/SAE 21434 and its correlations with existing standards. IEEE Commun. Stand. Mag. 2022, 6, 84–92. [Google Scholar] [CrossRef]
- ISO 26262:2018; Road Vehicles—Functional Safety. International Organization for Standardization. Available online: https://www.iso.org/standard/68383.html (accessed on 1 October 2023).
- Cui, J.; Liew, L.S.; Sabaliauskaite, G.; Zhou, F. A review on safety failures, security attacks, and available countermeasures for autonomous vehicles. Ad Hoc Netw. 2019, 90, 101823. [Google Scholar] [CrossRef]
- Ponte, G.; Ryan, G.A.; Anderson, R. Automatic Crash Notification. Tech. Report. Centre for Automotive Safety Research. 2013. Available online: https://casr.adelaide.edu.au/casrpubfile/1595/CASR124.pdf (accessed on 1 October 2023).
- Khot, I.; Jadhav, M.; Desai, A.; Bangar, V. Go Safe: Android application for accident detection and notification. Int. Res. J. Eng. Technol. 2018, 5, 4118–4122. [Google Scholar]
- Bonyár, A.; Géczy, A.; Krammer, O.; Sántha, H.; Illés, B.; Kámán, J.; Szalay, Z.; Hanák, P.; Harsányi, G. A review on current eCall systems for autonomous car accident detection. In Proceedings of the 2017 40th International Spring Seminar on Electronics Technology (ISSE), Sofia, Bulgaria, 10–14 May 2017; pp. 1–8. [Google Scholar] [CrossRef]
- Cheah, M.; Shaikh, S.A.; Bryans, J.; Wooderson, P. Building an automotive security assurance case using systematic security evaluations. Comput. Secur. 2018, 77, 360–379. [Google Scholar] [CrossRef]
- Tushara, D.B.; Vardhini, P.H. Wireless vehicle alert and collision prevention system design using Atmel microcontroller. In Proceedings of the 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT), Chennai, India, 3–5 March 2016; pp. 2784–2787. [Google Scholar] [CrossRef]
- Foggia, P.; Saggese, A.; Strisciuglio, N.; Vento, M.; Petkov, N. Car crashes detection by audio analysis in crowded roads. In Proceedings of the 2015 12th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS), Karlsruhe, Germany, 25–28 August 2015; pp. 1–6. [Google Scholar] [CrossRef]
- Gu, C.; Xu, J.; Li, S.; Gao, C.; Ma, Y. Injury Risk Assessment and Interpretation for Roadway Crashes Based on Pre-Crash Indicators and Machine Learning Methods. Appl. Sci. 2023, 13, 6983. [Google Scholar] [CrossRef]
- Tiusanen, R.; Malm, T.; Ronkainen, A. An overview of current safety requirements for autonomous machines—Review of standards. Open Eng. 2020, 10, 665–673. [Google Scholar] [CrossRef]
- Debouk, R. Review of the Latest Developments in Automotive Safety Standardization for Driving Automation Systems. J. Syst. Saf. 2023, 58, 40–45. [Google Scholar] [CrossRef]
- ISO/PAS 21448:2019; Road Vehicles—Safety of the Intended Functionality. Publicly Available Specification; International Organization for Standardization. Available online: https://www.iso.org/standard/70464.html (accessed on 1 October 2023).
- Kirovskii, O.; Gorelov, V. Driver assistance systems: Analysis, tests and the safety case. ISO 26262 and ISO PAS 21448. In Proceedings of the IOP Conference Series: Materials Science and Engineering; IOP Publishing: Bristol, UK, 2019; Volume 534, p. 012019. [Google Scholar]
- Kramer, B.; Neurohr, C.; Büker, M.; Böde, E.; Fränzle, M.; Damm, W. Identification and quantification of hazardous scenarios for automated driving. In International Symposium on Model-Based Safety and Assessment; Springer: Cham, Switzerland, 2020; pp. 163–178. [Google Scholar]
- Madala, K.; Avalos-Gonzalez, C.; Krithivasan, G. Workflow between ISO 26262 and ISO 21448 standards for autonomous vehicles. J. Syst. Saf. 2021, 57, 34–42. [Google Scholar] [CrossRef]
- Tabani, H.; Kosmidis, L.; Abella, J.; Cazorla, F.J.; Bernat, G. Assessing the adherence of an industrial autonomous driving framework to iso 26262 software guidelines. In Proceedings of the 56th Annual Design Automation Conference 2019, Las Vegas, NV, USA, 2–6 June 2019; pp. 1–6. [Google Scholar]
- Tany, N.S.; Suresh, S.; Sinha, D.N.; Shinde, C.; Stolojescu-Crisan, C.; Khondoker, R. Cybersecurity Comparison of Brain-Based Automotive Electrical and Electronic Architectures. Information 2022, 13, 518. [Google Scholar] [CrossRef]
- White, J.; Thompson, C.; Turner, H.; Dougherty, B.; Schmidt, D. WreckWatch: Automatic Traffic Accident Detection and Notification with Smartphones. Mob. Netw. Appl. 2011, 16, 285–303. [Google Scholar] [CrossRef]
- Choi, H.Y.; Han, I.S.; Lee, J.W.; Shin, J.K. Development of ACNS in Korea. In Proceedings of the 22nd International Technical Conference on the Enhanced Safety of Vehicles (ESV) National Highway Traffic Safety Administration, Washington, DC, USA, 13–16 June 2011. [Google Scholar]
- Topinkatti, A.; Yadav, D.; Kushwaha, V.S.; Kumari, A. Car accident detection system using GPS and GSM. Int. J. Eng. Res. Gen. Sci. 2015, 3, 1025–1033. [Google Scholar]
- Chang, W.J.; Chen, L.B.; Su, K.Y. DeepCrash: A Deep Learning-Based Internet of Vehicles System for Head-On and Single-Vehicle Accident Detection With Emergency Notification. IEEE Access 2019, 7, 148163–148175. [Google Scholar] [CrossRef]
- Khaliq, K.A.; Chughtai, O.; Shahwani, A.; Qayyum, A.; Pannek, J. Road accidents detection, data collection and data analysis using V2X communication and edge/cloud computing. Electronics 2019, 8, 896. [Google Scholar] [CrossRef]
- Fogue, M.; Garrido, P.; Martinez, F.J.; Cano, J.C.; Calafate, C.T.; Manzoni, P. Using data mining and vehicular networks to estimate the severity of traffic accidents. In Management Intelligent Systems: First International Symposium; Springer: Berlin/Heidelberg, Germany, 2012; pp. 37–46. [Google Scholar]
- Hassan, A.; Abbas, M.S.; Asif, M.; Ahmad, M.B.; Tariq, M.Z. An Automatic Accident Detection System: A Hybrid Solution. In Proceedings of the 2019 4th International Conference on Information Systems Engineering (ICISE), Shanghai, China, 4–6 May 2019; pp. 53–57, ISSN 2643-7309. [Google Scholar] [CrossRef]
- Sharma, H.; Reddy, R.K.; Karthik, A. S-CarCrash: Real-time crash detection analysis and emergency alert using smartphone. In Proceedings of the 2016 International Conference on Connected Vehicles and Expo (ICCVE), Seattle, WA, USA, 12–16 September 2016; pp. 36–42. [Google Scholar] [CrossRef]
- Manoharan, R.; Balamurugan, G.; Rajmohan, B. Enhanced automated crash reporting system in vehicles based on SMS & MMS with Fish eye CAM camera. In Proceedings of the 2012 International Conference on Radar, Communication and Computing (ICRCC), Tiruvannamalai, India, 21–22 December 2012; pp. 307–311. [Google Scholar] [CrossRef]
- Mohith, M.; Rahul, S.; Kumar, R. A Novel Internet of Things Assisted Car Accident Prevention and Alert System using an Intelligent Distance Measurement Sensor. In Proceedings of the 2023 2nd International Conference on Vision Towards Emerging Trends in Communication and Networking Technologies (ViTECoN), Vellore, India, 5–6 May 2023; pp. 1–6. [Google Scholar] [CrossRef]
- Parmar, K.; Solanki, D.; Sangada, J.; Parekh, R. Accident Detection and Notification System Using AWS. In Proceedings of the 2021 Second International Conference on Electronics and Sustainable Communication Systems (ICESC), Coimbatore, India, 4–6 August 2021; pp. 1468–1476. [Google Scholar] [CrossRef]
- Fernandes, B.; Alam, M.; Gomes, V.; Ferreira, J.; Oliveira, A. Automatic accident detection with multi-modal alert system implementation for ITS. Veh. Commun. 2016, 3, 1–11. [Google Scholar] [CrossRef]
- Pal, C.; Hirayama, S.; Sangolla, N.; Manoharan, J.; Kulothungan, V. A new approach in improving traffic accident injury prediction accuracy. Int. J. Automot. Eng. 2017, 8, 179–185. [Google Scholar] [CrossRef]
- Alwan, Z.; Alshaibani, H. Car Accident Detection and Notification System Using Smartphone. Int. J. Comput. Sci. Mob. Comput. 2015, 4, 620–635. [Google Scholar]
- Bhavana, K.; Munappa, S.; Bhavani, K.D.; Deshmanth, P.; Swathi, A.; Vanga, S.R. Automatic Pothole and Humps on Roads Detection and Notification Alert. In Proceedings of the 2023 Second International Conference on Electronics and Renewable Systems (ICEARS), Tuticorin, India, 2–4 March 2023; pp. 1–6. [Google Scholar]
- Miyoshi, T.; Koase, T.; Nishimoto, T.; Ishikawa, H. Evaluation of Threshold Used by Advanced Automatic Collision Notification System For Dispatching Doctors to Accident Sites; National Highway Traffic Safety Administration: Washington, DC, USA, 2019; pp. 1–12.
- Outay, F.; Bargaoui, H.; Chemek, A.; Kamoun, F.; Yasar, A. The COVCRAV project: Architecture and design of a cooperative V2V crash avoidance system. Procedia Comput. Sci. 2019, 160, 473–478. [Google Scholar] [CrossRef]
- Abdul Razak, S.F.; Suhaimi, F.A.; Yogarayan, S.; Abdullah, M.F.A. 2-Phase Crash Detection and Notification System. J. Logist. Inform. Serv. Sci. 2022, 9, 258–270. [Google Scholar]
- Chen, L.; Englund, C. Every second counts: Integrating edge computing and service oriented architecture for automatic emergency management. J. Adv. Transp. 2018, 2018, 1–13. [Google Scholar] [CrossRef]
- Manuja, M.; Kowshika, S.; Narmatha, S.; Theresa, G. IoT based automatic accident detection and rescue management in Vanet. SSRG Int. J. Comput. Sci. Eng. 2019, 2, 36–41. [Google Scholar]
- Boehme, M.; Stang, M.; Muetsch, F.; Sax, E. Talkycars: A distributed software platform for cooperative perception. In Proceedings of the 2020 IEEE Intelligent Vehicles Symposium (IV). IEEE, Las Vegas, NV, USA, 19 October 2020–13 November 2020; pp. 701–707. [Google Scholar]
- Ribeiro, B.; Nicolau, M.J.; Santos, A. Using Machine Learning on V2X Communications Data for VRU Collision Prediction. Sensors 2023, 23, 1260. [Google Scholar] [CrossRef] [PubMed]
- Prathiba, S.B.; Raja, G.; Kumar, N. Intelligent cooperative collision avoidance at overtaking and lane changing maneuver in 6G-V2X communications. IEEE Trans. Veh. Technol. 2021, 71, 112–122. [Google Scholar] [CrossRef]
- Iyoda, M.; Trisdale, T.; Sherony, R.; Mikat, D.; Rose, W. Event data recorder (EDR) developed by Toyota Motor Corporation. SAE Int. J. Transp. Saf. 2016, 4, 187–201. [Google Scholar] [CrossRef]
- Sahil, M.Y.S.S.M.; Kumathekar, A.P.A.S.; Deshmukh, P.S. Vehicle Crash Alert System. Int. J. Sci. Res. Eng. Trends 2019, 5, 2269–2271. [Google Scholar]
- Matuszczyk, G.; Åberg, R. Smartphone Based Automatic Incident Detection Algorithm and Crash Notification System for All-Terrain Vehicle Drivers. 2016, pp. 1–90. Available online: https://odr.chalmers.se/server/api/core/bitstreams/25193c95-c7b9-40dc-a2f6-daf2fa06b491/content (accessed on 1 October 2023).
- Nassar, L.; Kamel, M.S.; Karray, F. VANET IR-CAS for Safety ACN: Information Retrieval Context Aware System for VANET Automatic Crash Notification Safety Application. Int. J. Intell. Transp. Syst. Res. 2016, 14, 127–138. [Google Scholar] [CrossRef]
- Pareek, S.; Shanmughasundaram, R. Implementation of Broadcasting Protocol for Emergency Notification in Vehicular Ad hoc Network(VANET). In Proceedings of the 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India, 14–15 June 2018; pp. 1032–1037. [Google Scholar] [CrossRef]
- Kathiravan, M.; Reddy, M.P.K.; Malarvel, M.; Amrutha, A.; Reddy, P.H.; Kavitha, S. IoT-based Vehicle Surveillance and Crash Detection System. In Proceedings of the 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), Salem, India, 9–11 May 2022; pp. 1523–1529. [Google Scholar]
- Mukerji, A.; Chakraborty, R.; Chatterjee, K.; Banerjee, S. Design, modeling and fabrication of an efficient car crash management system. PREPARE@u®|Gen. Prepr. Serv. 2019, 1. [Google Scholar] [CrossRef]
- Blancou, J.; Almeida, J.; Fernandes, B.; Silva, L.; Alam, M.; Fonseca, J.; Ferreira, J. eCall++: An enhanced emergency call system for improved road safety. In Proceedings of the 2016 IEEE Vehicular Networking Conference (VNC), Columbus, OH, USA, 8–10 December 2016; pp. 1–8. [Google Scholar] [CrossRef]
- Jose, S.K.; Mary, X.A.; Mathew, N. Arm 7 based accident alert and vehicle tracking system. Int. J. Innov. Technol. Explor. Eng. 2013, 2, 93–96. [Google Scholar]
- Sammarco, M.; Detyniecki, M. Crashzam: Sound-based Car Crash Detection. In Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS 2018), Funchal, Portugal, 16–18 March 2018; pp. 27–35. [Google Scholar]
- Khaliq, K.A.; Qayyum, A.; Pannek, J. Prototype of automatic accident detection and management in vehicular environment using VANET and IoT. In Proceedings of the 2017 11th International Conference on Software, Knowledge, Information Management and Applications (SKIMA), Malabe, Sri Lanka, 6–8 December 2017; pp. 1–7. [Google Scholar]
- Razdan, R. Unsettled Issues Regarding Autonomous Vehicles and Open-source Software; Technical Report, SAE Technical Paper; SAE International: Warrendale, PA, USA, 2021. [Google Scholar]
- Green, M.; Ateniese, G. Identity-based proxy re-encryption. In Proceedings of the Applied Cryptography and Network Security: 5th International Conference, ACNS 2007, Zhuhai, China, 5–8 June 2007; Springer: Berlin/Heidelberg, Germany, 2007; pp. 288–306. [Google Scholar]
- Kakkar, A. A survey on secure communication techniques for 5G wireless heterogeneous networks. Inf. Fusion 2020, 62, 89–109. [Google Scholar] [CrossRef]
- Wang, D.; Bai, B.; Lei, K.; Zhao, W.; Yang, Y.; Han, Z. Enhancing information security via physical layer approaches in heterogeneous IoT with multiple access mobile edge computing in smart city. IEEE Access 2019, 7, 54508–54521. [Google Scholar] [CrossRef]
- Chen, S.; Sun, S.; Kang, S. System integration of terrestrial mobile communication and satellite communication—The trends, challenges and key technologies in B5G and 6G. China Commun. 2020, 17, 156–171. [Google Scholar] [CrossRef]
- Liu, Y.; Ni, L.; Peng, M. A secure and efficient authentication protocol for satellite-terrestrial networks. IEEE Internet Things J. 2022, 10, 5810–5822. [Google Scholar] [CrossRef]
- Berger, C.; Eichhammer, P.; Reiser, H.P.; Domaschka, J.; Hauck, F.J.; Habiger, G. A survey on resilience in the iot: Taxonomy, classification, and discussion of resilience mechanisms. ACM Comput. Surv. (CSUR) 2021, 54, 1–39. [Google Scholar] [CrossRef]
- Xie, Y.; Guo, Y.; Yang, S.; Zhou, J.; Chen, X. Security-related hardware cost optimization for CAN FD-based automotive cyber-physical systems. Sensors 2021, 21, 6807. [Google Scholar] [CrossRef] [PubMed]
- Xie, Y.; Zhou, Y.; Xu, J.; Zhou, J.; Chen, X.; Xiao, F. Cybersecurity protection on in-vehicle networks for distributed automotive cyber-physical systems: State-of-the-art and future challenges. Softw. Pract. Exp. 2021, 51, 2108–2127. [Google Scholar] [CrossRef]
- Humayed, A. An Overview of Vehicle OBD-II Port Countermeasures. In International Conference on Interactive Collaborative Robotics; Springer: Berlin/Heidelberg, Germany, 2023; pp. 256–266. [Google Scholar]
- Ali, G.; ElAffendi, M.; Ahmad, N. BlockAuth: A blockchain-based framework for secure vehicle authentication and authorization. PloS ONE 2023, 18, e0291596. [Google Scholar] [CrossRef]
- Krishnan, A.; Shyjila, P.; Kizhakethottam, J.J. Electronic-secure Vehicle Authorization Mechanism (e-SVAM). Procedia Technol. 2016, 25, 318–325. [Google Scholar] [CrossRef]
- Lampe, B.; Meng, W. IDS for CAN: A practical intrusion detection system for CAN bus security. In Proceedings of the GLOBECOM 2022-2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil, 4–8 December 2022; pp. 1782–1787. [Google Scholar]
- Lokman, S.F.; Othman, A.T.; Abu-Bakar, M.H. Intrusion detection system for automotive Controller Area Network (CAN) bus system: A review. EURASIP J. Wirel. Commun. Netw. 2019, 2019, 1–17. [Google Scholar] [CrossRef]
- Islam, R.; Refat, R.U.D. Improving CAN bus security by assigning dynamic arbitration IDs. J. Transp. Secur. 2020, 13, 19–31. [Google Scholar] [CrossRef]
- Liu, N.; Nikitas, A.; Parkinson, S. Exploring expert perceptions about the cyber security and privacy of Connected and Autonomous Vehicles: A thematic analysis approach. Transp. Res. Part Traffic Psychol. Behav. 2020, 75, 66–86. [Google Scholar] [CrossRef]
- Oberti, F.; Sanchez, E.; Savino, A.; Parisi, F.; Di Carlo, S. PSP Framework: A novel risk assessment method in compliance with ISO/SAE-21434. arXiv 2023, arXiv:2305.05309. [Google Scholar]
Feature | ISO 26262 | ISO PAS 21448 | ISO/SAE 21434 |
---|---|---|---|
Objective | Functional safety | Safety of intended functionality (SOTIF) | Cybersecurity |
Application | All electrical and electronic systems in vehicles | Vehicle road systems requiring a SOTIF assessment | Electrical and electronic systems in vehicles connected to a network or the internet |
Process | Development and verification of electrical and electronic systems | SOTIF management | Cybersecurity management |
Phases | Hazard identification and assessment, control definition and implementation, verification and validation | Hazard identification and assessment, control definition and implementation | Risk identification and assessment, control definition and implementation, verification and validation |
Results | Electrical and electronic systems in vehicles are designed and built to minimize the risk of malfunctions that could cause harm to people or properties | Vehicle road systems requiring a SOTIF assessment are designed and built to minimize the risk of malfunctions that could cause harm to people or properties due to reasonably foreseeable use by people | Electrical and electronic systems in vehicles connected to a network or the internet are designed and built to minimize the risk of cyberattacks |
Security | Mobile Application | Car Application | WiFi | Bluetooth | GPS | Cellular (4G, 5G) | Cloud | IoT | ML Model | ERS Call | Camera | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
[27] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
[28] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
[29] | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
[30] | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
[31] | ✓ | ✓ | ||||||||||
[32] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
[33] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
[34] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
[35] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
[36] | ✓ | ✓ | ✓ | |||||||||
[37] | ✓ | ✓ | ✓ | |||||||||
[38] | ✓ | ✓ | ||||||||||
[39] | ✓ | ✓ | ||||||||||
[40] | ✓ | ✓ | ✓ | |||||||||
[41] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
[42] | ✓ | |||||||||||
[43] | ✓ | ✓ | ✓ | |||||||||
[44] | ✓ | ✓ | ✓ | ✓ | ||||||||
[45] | ✓ | ✓ | ✓ | |||||||||
[46] | ✓ | ✓ | ||||||||||
[47] | ✓ | ✓ | ✓ | ✓ | ||||||||
[48] | ✓ | ✓ | ||||||||||
[49] | ✓ | ✓ | ✓ | |||||||||
[50] | ✓ | |||||||||||
[24] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
[25] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
[51] | ✓ | ✓ | ||||||||||
[52] | ✓ | |||||||||||
[15] | ✓ | |||||||||||
[53] | ✓ | ✓ | ||||||||||
[54] | ✓ | ✓ | ✓ | ✓ | ||||||||
[55] | ✓ | ✓ | ✓ | |||||||||
[56] | ✓ | ✓ | ✓ | ✓ | ✓ | |||||||
[57] | ✓ | ✓ | ✓ | |||||||||
[26] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
[58] | ✓ | ✓ | ✓ |
Risk Level | Min | Max |
---|---|---|
Very Low | 0 | 200 |
Low | 201 | 400 |
Medium | 401 | 800 |
High | 801 | 1600 |
Component | [27] | [28] |
---|---|---|
GPS | ✓ | ✓ |
Accelerometer and gyroscope (6-axis sensor) | ✓ | ✓ |
Camera | ✓ | ✓ |
Sound | ✓ | ✓ |
Temperature | ✓ | |
Pulse | ✓ | |
OBD-II redundancy | ✓ |
Threat | Very Low | Low | Medium | High |
---|---|---|---|---|
Information Disclosure | 31 (36.5%) | 23 (27.1%) | 37 (43.5%) | 1 (1.2%) |
Tampering | 28 (32.9%) | 16 (18.8%) | 32 (37.6%) | 13 (15.3%) |
DoS | 33 (38.4%) | 18 (20.9%) | 27 (31.4%) | 15 (17.4%) |
Repudiation | 6 (40%) | 3 (20%) | 4 (26.7%) | 3 (20%) |
Spoofing | 2 (13.3%) | 3 (20%) | 8 (53.3%) | 3 (20%) |
Elevation of Privilege | 6 (40%) | 1 (6.7%) | 4 (26.7%) | 4 (26.7%) |
Threat | Very Low | Low | Medium | High |
---|---|---|---|---|
Information Disclosure | 33 (38.8%) | 15 (17.6%) | 34 (40%) | 3 (3.5%) |
Tampering | 24 (28.2%) | 25 (29.4%) | 21 (24.7%) | 15 (17.6%) |
DoS | 26 (30.2.5%) | 24 (27.9%) | 21 (24.4%) | 15 (17.4%) |
Repudiation | 5 (33.3%) | 0 (0%) | 5 (33.3%) | 5 (33.3%) |
Spoofing | 4 (26.7%) | 3 (20%) | 6 (40%) | 2 (13.3%) |
Elevation of Privilege | 4 (26.7%) | 1 (6.7%) | 5 (33.3%) | 5 (33.3%) |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Boi, B.; Gupta, T.; Rinhel, M.; Jubea, I.; Khondoker, R.; Esposito, C.; Sousa, B.M. Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems. Vehicles 2023, 5, 1760-1802. https://doi.org/10.3390/vehicles5040096
Boi B, Gupta T, Rinhel M, Jubea I, Khondoker R, Esposito C, Sousa BM. Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems. Vehicles. 2023; 5(4):1760-1802. https://doi.org/10.3390/vehicles5040096
Chicago/Turabian StyleBoi, Biagio, Tarush Gupta, Marcelo Rinhel, Iuliana Jubea, Rahamatullah Khondoker, Christian Esposito, and Bruno Miguel Sousa. 2023. "Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems" Vehicles 5, no. 4: 1760-1802. https://doi.org/10.3390/vehicles5040096