WM9QP-15 Automotive Cyber Security
Introductory description
This module explores the intersection between automotive technology and cybersecurity. The core principles of safeguarding modern vehicles against cyber threats will be explored, covering industry-standard protocols, security infrastructure, and methods for secure communication. Emphasis is placed on real-world applications, allowing students to learn about the cyber security measures implemented in the automotive sector and to confront the challenges faced by industry professionals in this rapidly evolving field.
Module aims
The module aims to instil students with a thorough understanding of automotive cyber security principles. Foundational concepts will enable them to analyse and comprehend vehicle architectures, communication networks, and associated security measures. Advanced topics will involve identifying attack surfaces and vulnerabilities, in inter and intra-vehicle communication interfaces and Over-the-Air (OTA) updates. Additionally, students will be introduced to industry-standard platforms like AUTOSAR Classic and Adaptive and learn how cryptographic operations contribute to securing vehicle systems. Lastly, students will engage with cyber security standards and risk assessment methodologies designed for the automotive sector, develop skills in threat modelling, and understand the functionality of intrusion detection systems in an automotive context. By the end of the module, students will be well-prepared to contribute to the exciting and specialised field of automotive cyber security.
Outline syllabus
This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.
- Overview of vehicle architectures and types of ECUs
- Networks in vehicles including CAN, CAN FD, Ethernet, LIN
- Communication interfaces: intra-vehicle and inter-vehicle, and challenges of increased connectivity
- Exploring attack surfaces and vulnerabilities
- Security infrastructure and key management to secure vehicle communications
- Introduction to the AUTOSAR Classic and Adaptive platform
- Cryptographic operations within the AUTOSAR framework
- Role of OTA updates in automotive systems for maintaining security, performance, and functionality of modern vehicles
- Security requirements for OTA updates including protection against Denial of Service (DoS) attacks and rollback mechanisms
- Introduction to UNECE R155/R156 and ISO/SAE 21434 cyber security standards for automotive
- Using risk assessment methodologies such as the NIST Cybersecurity Framework and ISO/SAE PAS 8475 guidelines
- Application of threat modelling using attack trees, STRIDE, and DREAD methodologies
- Introduction to intrusion detection and types of intrusion detection systems in an automotive context
- Exploring emerging intrusion detection mechanisms
Learning outcomes
By the end of the module, students should be able to:
- Evaluate the fundamental automotive cyber security concepts, including vehicle architectures, communication networks, and the challenges of increased connectivity.
- Identify and analyse attack surfaces, vulnerabilities, and potential cyber threats in automotive systems, and provide appropriate security measures to mitigate them.
- Evaluate and apply industry-standard methods in risk assessments and threat modelling using. Analyse and assess cyber security and safety standards and frameworks relevant to the automotive industry, such as UNECE R155/R156 and ISO/SAE 21434.
- Develop a discerning perspective on the design and engineering of security measures, such as intrusion detection systems, cryptographic operations, and secure OTA update mechanisms, to safeguard automotive systems against cyber-attacks.
Indicative reading list
AUTOMOTIVE OPEN SYSTEM ARCHITECTURE. (n.d.). Retrieved from AUTOSAR: https://www.autosar.org/
Cybersecurity - New Challenges: ISO/SAE 21434, UNECE WP.29 R155 and R156. (n.d.). Retrieved from Bosch: https://www.bosch-engineering.com/stories/stories-detailpages/t-storypage-16.html
de Arroyabe, I. F., Watson, T., & Angelopoulou, O. (2015). Cybersecurity in the Automotive Industry: A Systematic Literature Review (SLR). Journal of Computer Information Systems, 63(3), 716-734.
Ghosal, A., Halder, S., & Conti, M. (2022). Secure over-the-air software update for connected vehicles. Computer Networks.
Hamad, M., Tsantekidis, M., & Prevelakis, V. (2021). Intrusion Response System for Vehicles: Challenges and Vision. Smart Cities, Green Technologies and Intelligent Transport Systems (pp. 321-341). Springer, Cham.
Jagannathan, V. (n.d.). Threat Modeling Architecting & Designing with Security in Mind. Retrieved from OWASP: https://owasp.org/www-pdf-archive/AdvancedThreatModeling.pdf
Lampe, B., & Meng, W. (2023). A survey of deep learning-based intrusion detection in automotive applications. Expert Systems with Applications.
Plappert, C., & Fuchs, A. (2023). Secure and Lightweight Over-the-Air Software Update Distribution for Connected Vehicles. 39th Annual Computer Security Applications Conference (pp. 268-282). Austin: Association for Computing Machinery.
Research element
There is a strong emphasis on the development, growth and enhancement of individual research skills so as to provide participants with the high level research knowledge, skills and competencies needed to undertake an independent, original piece of research. The module content draws upon and highlights research within the domain and the module assessment requires participants to perform further research before preparing a response to the assessment task.
Subject specific skills
Experience in both practical application and theoretical understanding of automotive cyber security concepts.
Mastery of vehicle architectures, networks, and communication interfaces, coupled with adept awareness of cyber security threats
Understanding of the AUTOSAR software standardisation for the automotive industry
Understanding how the functionality of modern vehicles is maintained and enhanced through secure updates
Experience in applying risk assessment, threat modelling, and intrusion detection in an automotive context.
Transferable skills
Teamwork; Research and analysis; Report writing and scientific communication; Data collection; Critical thinking and problem solving
Study time
Type | Required |
---|---|
Supervised practical classes | 30 sessions of 1 hour (20%) |
Online learning (independent) | 10 sessions of 1 hour (7%) |
Private study | 50 hours (33%) |
Assessment | 60 hours (40%) |
Total | 150 hours |
Private study description
Further practical lab work and research.
Costs
No further costs have been identified for this module.
You must pass all assessment components to pass the module.
Assessment group A
Weighting | Study time | Eligible for self-certification | |
---|---|---|---|
Assessment component |
|||
Analysis and reflection on experimental results | 25% | 15 hours | Yes (extension) |
A report presenting evidence backed critical analysis of results from lab work. |
|||
Reassessment component is the same |
|||
Assessment component |
|||
Risk assessment and securing an automotive system | 75% | 45 hours | Yes (extension) |
A report on performing a risk assessment and securing an automotive system from given specification. The assessment includes a practical element where based on the results from the risk assessment, students will be expected to secure the provide automotive system. |
|||
Reassessment component is the same |
Feedback on assessment
Feedback will be provided on a standard WMG feedback form.
There is currently no information about the courses for which this module is core or optional.