• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.49-59
• /
• 2022

Cyber security in the automobile sector is a key factor in the life cycle of automobiles, and cyber security evaluation standards are being strengthened worldwide. In addition, not only manufacturers who design and produce automobiles, but also due to the nature of automobiles consisting of complex components and various parts, the safety of cybersecurity can be secured only when the implementation level of the cybersecurity management system of companies participating in the entire supply chain is evaluated and managed. In this study, I analyzed the requirements of ISO/SAE 21434 and TISAX, which are representative standards for evaluating automotive cybersecurity. Through a survey conducted on domestic/overseas company security officers and related experts, suitability and feasibility were reviewed according to priorities and industries, so 6 areas and 45 evaluation criteria were derived and presented as final evaluation items. This study is meaningful as a study in that it presented a model that allows companies participating in the automotive supply chain to evaluate the current cybersecurity management level of the company by first applying ISO/SAE 21434 and TISAX overall control processes before uniformly introducing them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1151-1163
• /
• 2022

As wireless communication functions begin to be installed in vehicles, cyberattacks that exploit vulnerabilities in wireless communication functions are increasing. To respond to this, UNECE enacted the UN R156 regulation to safely distribute the software installed in the vehicle by using the wireless communication function. The regulations specify the requirements necessary to safely distribute the software for vehicles, but only the abstract requirements are presented without information on the components and detailed functions necessary to develop and implement the requirements. Therefore, in this paper, we propose a security evaluation standard that can evaluate whether a safe SUMS is built using threat modeling, a method for systematically analyzing security threats.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.9-19
• /
• 2023

Smart cars, which incorporate information and communication technologies (ICT) to improve driving safety and convenience for drivers, have recently emerged. However, the increasing risk of automotive cybersecurity due to the vulnerability of electronic control units (ECUs) and automotive networks, which are essential for realizing the autonomous driving functions of smart cars, is a major obstacle to the widespread adoption of smart cars. Although there have been only a few real-world cases of smart car hacking, drivers' concerns about the security of smart cars can have a negative impact on their proliferation. Therefore, it is important to understand the risk factors perceived by drivers and the trust in smart cars formed through them in order to promote the future diffusion of smart cars. This study examines the risk factors that affect the formation of trust in smart cars, focusing on security and privacy, and analyzes how these factors affect safety perceptions and trust in smart cars.

• International journal of advanced smart convergence
• /
• v.11 no.2
• /
• pp.7-12
• /
• 2022

Safety and security are the topmost priority in every environment. With the aid of Artificial Intelligence (AI), many objects are becoming more intelligent, conscious, and curious of their surroundings. The recent scientific breakthroughs in autonomous vehicular designs and development; powered by AI, network of sensors and the rapid increase of Internet of Things (IoTs) could be utilized in maintaining safety and security in our environments. AI based on deep learning architectures and models, such as Deep Neural Networks (DNNs), is being applied worldwide in the automotive design fields like computer vision, natural language processing, sensor fusion, object recognition and autonomous driving projects. These features are well known for their identification, detective and tracking abilities. With the embedment of sensors, cameras, GPS, RADAR, LIDAR, and on-board computers in many of these autonomous vehicles being developed, these vehicles can properly map their positions and proximity to everything around them. In this paper, we explored in detail several ways in which these enormous features embedded in these autonomous vehicles, such as the network of sensors fusion, computer vision and natural image processing, natural language processing, and activity aware capabilities of these automobiles, could be tapped and utilized in safeguarding our lives and environment.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.614-621
• /
• 2022

This paper proposes RIDS (Random Forest-Based Intrusion Detection), which is an intrusion detection system to detect hacking attack based on random forest. RIDS detects three typical attacks i.e. DoS (Denial of service) attack, fuzzing attack, and spoofing attack. It detects hacking attack based on four parameters, i.e. time interval between data frames, its deviation, Hamming distance between payloads, and its diviation. RIDS was designed in memory-centric architecture and node information is stored in memories. It was designed in scalable architecture where DoS attack, fuzzing attack, and spoofing attack can be all detected by adjusting number and depth of trees. Simulation results show that RIDS has 0.9835 accuracy and 0.9545 F1 score and it can detect three attack types effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.