Search Results

Automotive researchers and industry experts have extensively documented vulnerabilities arising from unauthorized in-vehicle communication through academic research, industry investigations, sponsored events, and learnings from real-world attacks. While current cybersecurity endeavors in the heavy-duty (HD) vehicle space focus on securing conventional communication technologies such as the controller area network (CAN), there is a notable deficiency in defensive research concerning legacy technologies, particularly those utilized between trucks and trailers. In fact, state-of-the-art attacks on these systems have only come to public attention through official disclosures and public presentations as recently as 2020. To address these risks, this paper introduces a system-wide security concept called Legacy Intrusion Detection System (LIDS) for heavy-duty vehicle applications utilizing the SAE J1708/J1587 protocol stack.

Maintaining and diagnosing vehicle systems often involves a technician connecting a service computer to the vehicle diagnostic port through a vehicle diagnostics adapter (VDA). This creates a connection from the service software to the vehicle network through a protocol adapter. Often, the protocols for the personal computer (PC) hosted diagnostic programs use USB, and the diagnostic port provides access to the controller area network (CAN). However, the PC can also communicate to the VDA via WiFi or Bluetooth. There may be scenarios where these wireless interfaces are not appropriate, such as maintaining military vehicles. As such, a method to defeature the wireless capabilities of a typical vehicle diagnostic adapter is demonstrated without access to the source code or modifying the hardware. The process of understanding the vehicle diagnostic adapter system, its hardware components, the firmware for the main processor and subsystems, and the update mechanism is explored.

Autonomous truck and trailer configurations face challenges when operating in reverse due to the lack of sensing on the trailer. It is anticipated that sensor packages will be installed on existing trailers to extend autonomous operations while operating in reverse in uncontrolled environments, like a customer's loading dock. Power Line Communication (PLC) between the trailer and the tractor cannot support high bandwidth and low latency communication. This paper explores the impact of using Ethernet or a wireless medium for commercial trailer-tractor communication on the lifecycle and operation of trailer electronic control units (ECUs) from a Systems Engineering perspective to address system requirements, integration, and security. Additionally, content-based and host-based networking approaches for in-vehicle communication, such as Named Data Networking (NDN) and IP-based networking are compared.

First responders and traffic crash investigators collect and secure evidence necessary to determine the cause of a crash. As vehicles with advanced autonomous features become more common on the road, inevitably they will be involved in such incidents. Thus, traditional data collection requirements may need to be augmented to accommodate autonomous technology and the connectivity associated with autonomous and semi-autonomous driving features. The objective of this paper is to understand the data from a fielded autonomous system and to motivate the development of requirements for autonomous vehicle data collection. The issue of data ownership and access will be discussed. Additional complicating factors, such as cybersecurity concerns combined with a first responder’s legal authority, may pose challenges for traditional data collection.

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic. We show, however, that MitM attacks can be realized without direct tampering of any CAN hardware. Our demonstration leverages how diagnostic applications based on RP1210 are vulnerable to Machine-In-The-Middle attacks. Test results show SAE J1939 communications, including single frame and multi-framed broadcast and on-request messages, are susceptible to data manipulation attacks where a shim DLL is used as a Machine-In-The-Middle. The demonstration shows these attacks can manipulate data that may mislead vehicle operators into taking the wrong actions.

There are numerous activities in the automotive industry in which a vehicle drives a pre-defined route multiple times such as portable emissions measurement systems testing or real-world electric vehicle range testing. The speed profile is not the same for each drive cycle due to uncontrollable real-world variables such as traffic, stoplights, stalled vehicles, or weather conditions. It can be difficult to compare each run accurately. To this end, this paper presents a method to compare and quantify the repeatability of real-world on-road vehicle driving schedules using dynamic time warping (DTW). DTW is a well-developed computational algorithm which compares two different time-series signals describing the same underlying phenomenon but occurring at different time scales. DTW is applied to real-world, on-road drive cycles, and metrics are developed to quantify similarities between these drive cycles.

Practical encryption is an important tool in improving the cybersecurity posture of vehicle data loggers and engineering tools. However, low-cost embedded systems struggle with reliably capturing and encrypting all frames on the vehicle networks. In this paper, implementations of symmetric and asymmetric algorithms were used to perform envelope encryption of session keys with symmetric encryption algorithms while logging vehicle controller area network (CAN) traffic. Maintaining determinism and minimizing latency are primary considerations when implementing cryptographic solutions in an embedded system. To satisfy the timing requirements for vehicle systems, the memory-mapped Cryptographic Acceleration Unit (mmCAU) on the NXP K66 processor enabled 6.4Mb/sec symmetric encryption rates, which enables logging of multiple channels at 100% bus load. Using AES-128 in Cipher Block Chaining (CBC) mode provides the encryption for data confidentiality.

Crashes involving Cummins powered heavy vehicles can damage the electronic control module (ECM) containing heavy vehicle event data recorder (HVEDR) records. When ECMs are broken and data cannot be extracted using vehicle diagnostics tools, more invasive and low-level techniques are needed to forensically preserve and decode HVEDR data. A technique for extracting non-volatile memory contents using non-destructive board level techniques through the available in-circuit debugging port is presented. Additional chip level data extraction techniques can also provide access to the HVEDR data. Once the data is obtained and preserved in a forensically sound manner, the binary record is decoded to reveal typical HVDER data like engine speed, vehicle speed, accelerator pedal position, and other status data. The memory contents from the ECM can be written to a surrogate and decoded with traditional maintenance and diagnostic software.

Cyber assurance of heavy trucks is a major concern with new designs as well as with supporting legacy systems. Many cyber security experts and analysts are used to working with traditional information technology (IT) networks and are familiar with a set of technologies that may not be directly useful in the commercial vehicle sector. To help connect security researchers to heavy trucks, a remotely accessible testbed has been prototyped for experimentation with security methodologies and techniques to evaluate and improve on existing technologies, as well as developing domain-specific technologies. The testbed relies on embedded Linux-based node controllers that can simulate the sensor inputs to various heavy vehicle electronic control units (ECUs). The node controller also monitors and affects the flow of network information between the ECUs and the vehicle communications backbone.

Recovery of snapshot data recorded by Caterpillar engine control modules (ECMs) using Caterpillar Electronic Technician (CatET) software requires a complete snapshot record that contains information gathered both before and after an event. However, if an event is set and a crash ensues, or a crash creates an event, then it is possible for the ECM to lose power and not complete the recording. As such, the data may not be recoverable with CatET maintenance software. An examination of the J1708 network traffic reveals the snapshot data does exist and is recoverable. A motivational case study of a crash test between a Caterpillar powered school bus and a parked transit bus is presented to establish the hypothesis. Subsequently, a digital forensic recovery algorithm is detailed as it is implemented in the Synercon Technologies Forensic Link Adapter (FLA).

The proper investigation of crashes involving commercial vehicles is critical for fairly assessing liability and damages, if they exist. In addition to traditional physics based approaches, the digital records stored within heavy vehicle electronic control modules (ECMs) are useful in determining the events leading to a crash. Traditional methods of extracting digital data use proprietary diagnostic and maintenance software and require a functioning ECM. However, some crashes induce damage that renders the ECM inoperable, even though it may still contain data. As such, the objective of this research is to examine the digital record in an ECM and understand its meaning. The research was performed on a Detroit Diesel DDEC V engine control module. The data extracted from the flash memory chips include: Last Stop Record, two Hard Brake events, and the Daily Engine Usage Log. The procedure of extracting and reading the memory chips is explained.

Concepts of forensic soundness as they are currently understood in the field of digital forensics are related to the digital data on heavy vehicle electronic control modules (ECMs). An assessment for forensic soundness addresses: 1) the integrity of the data, 2) the meaning of the data, 3) the processes for detecting or predicting errors, 4) transparency of the operation, and 5) the expertise of the practitioners. The integrity of the data can be verified using cryptographic hash functions. Interpreting and understanding the meaning of the data is based on standards or manufacturer software. Comparison of interpreted ECM data to external reference measurements is reviewed from the current literature. Meaning is also extracted from interpreting hexadecimal data based on the J1939 and J1587 standards. Error detection and mitigation strategies are discussed in the form of sensor simulators to eliminate artificial fault codes.

2013 and 2014 Ford Flex vehicles and airbag control modules with event data recorders (EDRs) were tested to determine the accuracy of speed and other data in the steady state condition, to evaluate time reporting delays under dynamic braking conditions, and to evaluate the accuracy of the stability control system data that the module records. This recorder is from the Autoliv RC6 family and this is the first known external research conducted on post 49CFR Part 563 Ford EDRs. The vehicle was instrumented with a VBox and a CAN data logger to compare external GPS based speeds to CAN data using the same synchronized time base. The vehicle was driven in steady state, hard braking, figure 8 and yaw conditions. The Airbag Control Module (ACM) was mounted onto a moving linear sled. The CAN bus data from driving was replayed as the sled created recordable events and the EDR data was compared to the reference instrumentation.

Prior EDR testing methodologies required setting events in the airbag control module in the vehicle during controlled driving behavior. Duplicating events was nearly impossible, and it was difficult to separate how much differences in recorded speeds to reference speeds was due to measurement error, wheel slip, reporting time delays, or data truncation within the EDR. Recording thresholds have also increased making non-deployment and deployment events closer in magnitude, increasing the risk of accidentally exceeding the deployment threshold while setting events. The new methodology eliminates the risk of accidentally deploying airbags while gathering GPS and CAN bus data in the test vehicle. The techniques presented in this paper also allows gathering of data in vehicle without tampering with the airbag control module, which reduces the potential liability to testers using rental or borrowed test vehicles.

Total station equipment, triangulation, or some other mapping technique can generate x-y coordinates describing curved tire marks on the pavement. These marks may result from a critical speed maneuver. Traditionally, these marks are assumed to follow a circular arc and a radius can be determined for use in the critical speed yaw formula. However, critical speed yaw marks typically have a decreasing radius in the direction of travel and a spiral is a more precise fit to the data. In this paper, a total least squares fitting approach is presented to fit the parameters of three types of spiral curves to coordinate data. These are a clothoid spiral, a logarithmic spiral, and an Archimedean spiral which are evaluated and compared for usability in a critical speed yaw analysis. A spreadsheet implementation is presented that makes use of the Microsoft Excel Solver Add-in to perform the minimization of the total least squares fit for the spirals.

Vehicles using controller area networks (CANs) for on-board device communications may have event data recorders (EDRs) that either capture or reflect network feeds from an array of sensors and other electronic control units. Using the data recorded in an EDR for investigative purposes requires external verification of accuracy. However, conducting external tests that set events can be expensive due to the time and equipment involved. This paper proposes a practical verification method that uses CAN bus monitoring tools to compare vehicle network traffic to external measurements. The premise of this work is that data reliability from an EDR can be determined if the reliability of the network data source for the EDR can be determined. Once the reliability of the source is determined, the reliability of the event data can be quantified based on effects of truncation and sampling.

Independent verification of the accuracy of data from Event Data Recorders (EDRs) is useful when using the information to help reconstruct a crash. To this end, the accuracy of the EDR function of the Airbag Control Module (ACM) was tested on 2010 and 2011 Toyota Camry sedans during straight line operation. During steady state operation, and maximum ABS-braking runs starting from approximately 80 km/h (50 mph), and 113 km/h (70 mph), non-deployment events were artificially induced to store event data. Following each run, the EDR was imaged using the Bosch Crash Data Retrieval (CDR) system. The CDR reported speed values were compared to Racelogic VBox differential GPS speed records. Data recorders were also used to monitor the vehicle Controller Area Network (CAN) bus traffic, including the indicated speed, brake pressure, engine RPM, and accelerator pedal position. The speed and RPM reporting algorithms stated in CDR Data Limitations were confirmed.

The accuracy of the Restraint Control Module (RCM) Event Data Recorder (EDR) was tested on a 2010 Ford Flex during both straight line steady state and maximum ABS braking. Six runs were made starting from 48 kph (30 mph), six runs starting from 80 kph (50 mph), and six runs starting from 113 kph (70 mph). Nondeployment events were artificially induced after a period of steady state driving followed by maximum braking for the last 2.5 seconds prior to creating the event, intended to simulate braking just prior to a crash. Following each run data was collected from the RCM EDR using the Bosch Crash Data Retrieval system. A Racelogic VBOX SL3 20 Hz differential GPS speed data recorder also served as a data acquisition system for vehicle CAN bus speed, accelerator position, RPM, and brake tape switch data. Graphs of RCM speed/brake/accel pedal data versus VBOX speed and other data over time are presented.

Accurately measuring the kinematics of a vehicle is necessary to understand vehicle dynamics. As such, a new technique for measuring planar motion of a vehicle using downward-facing high-speed or high-definition camera is presented in this paper. Forward, lateral, and angular velocities can be obtained simultaneously from a calibrated image sequence by using concepts from digital image correlation (DIC). The technique requires the use of a camera, mounting device (e.g. tripod) and computer for post processing the image sequence. The technique is shown to agree with Radar, GPS, and Accelerometer based techniques for measuring velocity. The camera based system may be well suited to measure lower velocities compared to other common instrumentation systems. Digital image correlation is a technique used to study displacement, deformation, and strain by examining a sequence of digital images of a random pattern on the surface of a material.

The Monte Carlo method is a well-known technique for propagating uncertainty in complex systems and has been applied to traffic crash reconstruction analysis. The Monte Carlo method is a probabilistic technique that randomly samples input distributions and then combines these samples according to a deterministic model. However, describing every input variable as a distribution requires knowledge of the distribution, which may or may not be available, and the time and expense of determining the distribution parameters may be prohibitive. Therefore, the most influential parameters from the input data, such as mean values, standard deviations, shape parameters, and correlation coefficients, can be determined using an analytical sensitivity calculation based on the score function.