Cybersecurity engineering: bridging the security gaps in advanced automotive systems and ISO/SAE 21434

Fahad Siddiqui, Rafiullah Khan, Sena Yengec Tasdemir, Henry Hui, Balmukund Sonigara, Sakir Sezer, Kieran McLaughlin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)
188 Downloads (Pure)

Abstract

Advanced Driver Assistance System} is one of the enabling technologies for autonomous driving. It senses and analyses the vehicle surroundings, detects the presence of potential risks as well as hazards and generates advisories. These advisories assist the autonomous driving system to take corrective measures to reduce safety risks and avoid fatal road accidents. For this purpose, ADAS uses various advanced sensing and data communication technologies to gather, process and share vehicle data. Nonetheless the use of these advanced connected technologies is expected to grow further in road infrastructure such as Vehicle-to-everything (V2X). In this regard, where this sharing of mix-critical data brings opportunities, if compromised, presents serious cybersecurity threats and safety risks due to the cyber-physical nature of these advanced automotive systems. Therefore, the automotive system design approach of adhering to functional safety standards (ISO 26262) alone is inadequate to protect the vehicle's critical functions from a range of cyber-attacks. To approach this challenge, the ISO/SAE 21434 standard provides a cybersecurity baseline for vehicle manufacturers to effectively manage cybersecurity risks and improve the cyber resilience of the automotive system. This paper adopts a holistic cybersecurity engineering process as a baseline and bridges the security gap by mapping the security engineering requirements of ISO/SAE 21434 to the traditional system design engineering processes including system generation and runtime phases. It also introduces an experimental automotive use case, defines the scope to establish the context, presents a comprehensive Threat Analysis and Risk Assessment and derives appropriate risk mitigation strategies. The proposed work facilitates automotive system designers to follow ISO/SAE 21434 standard guidelines by systematically identify, assess, protect and manage the cybersecurity risks across the automotive system life cycle.
Original languageEnglish
Title of host publication97th IEEE Vehicular Technology Conference (VTC2023-Spring)
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350311143
ISBN (Print)9798350311150
DOIs
Publication statusPublished - 14 Aug 2023
EventIEEE Vehicular Technology Conference - Firenzefiera Congress and Exhibition Center, Florence, Italy
Duration: 20 Jun 202323 Jun 2023
Conference number: 97
https://events.vtsociety.org/vtc2023-spring/

Publication series

Name IEEE Vehicular Technology Conference (VTC): Proceedings
ISSN (Print)1090-3038
ISSN (Electronic)2577-2465

Conference

ConferenceIEEE Vehicular Technology Conference
Abbreviated titleVTC2023-Spring
Country/TerritoryItaly
CityFlorence
Period20/06/202323/06/2023
Internet address

Keywords

  • Threat Analysis and Risk Assessment (TARA)
  • Secure-by-design
  • Cyber Resilience
  • Automotive
  • Threat Modeling
  • Safety-critical
  • Cybersecurity Engineering
  • ISO/SAE 21434

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Automotive Engineering
  • Safety, Risk, Reliability and Quality
  • General Computer Science
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Cybersecurity engineering: bridging the security gaps in advanced automotive systems and ISO/SAE 21434'. Together they form a unique fingerprint.

Cite this