An Adaptable Security by Design Approach for Ensuring a Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle

Victormills Iyieke; Jeremy Bryans; Tom Robinson; Odysseas Kosmas; Alastair Shipman; Hesamaldin Jadidbonab

doi:10.4271/2023-01-0579

An Adaptable Security by Design Approach for Ensuring a Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle

Victormills Iyieke, Jeremy Bryans, Tom Robinson, Odysseas Kosmas, Alastair Shipman, Hesamaldin Jadidbonab

Centre for Future Transport and Cities

Conigital Limited

Research output: Contribution to journal › Conference article › peer-review

1 Citation (Scopus)

2 Downloads (Pure)

Abstract

Remote Monitoring and Teleoperation (RMTO) of Autonomous Vehicles (AV) is advancing rapidly in the industry. Researchers and industrial partners explore the role RMTO plays in helping AV navigate complicated situations, among many others. At the heart of this lies the problem of potential pathways and attack vectors or threat surfaces by which a malicious attack can be carried out on an RMTO and an AV. The separation of cybersecurity considerations in RMTO is barely considered, as so far, most available research and activities are mainly focused on AV. The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. An adaptable security-by-design approach for RMTO covers Security Engineering Life-cycle, Logical Security Layered Concept, and Security Architecture. Based on the international automotive cybersecurity standards - ISO/SAE 21434, a Threat Analysis and Risk Assessment (TARA) with a formalisation of the highest level of threats identified from the TARA of the RMTO system is carried out, with corresponding mitigation actions as per UNECE WP29. The adaptable security-by-design approach has been then applied to a prototype RMTO system developed by an industrial partner. Finally, penetration testing has been carried out where the results verify the capability of the adoptable security-by-design to reinforce the security of the RMTO systems against some of the identified risks and threats.

Original language	English
Article number	2023-01-0579
Number of pages	19
Journal	SAE Technical Papers
DOIs	https://doi.org/10.4271/2023-01-0579
Publication status	Published - 11 Apr 2023
Event	2023 WCX SAE World Congress Experience - Huntington Place, Detroit, United States Duration: 18 Apr 2023 → 20 Apr 2023 https://wcx.sae.org/

Bibliographical note

© 2023 SAE International. All Rights Reserved.
Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.

This document is the author’s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.

Funding

Part of this research was done in collaboration with CONIGITAL LTD under the project SAVOR (Safely Advancing Vehicle Automation On Roads) agreement under student PhD sponsorship.

Funders	Funder number
Conigital Limited

Keywords

Cybersecurity
Autonomous vehicles
Risk assessments
Collaboration and partnering
Infants
Research and development

Access to Document

10.4271/2023-01-0579

Iyieke2023AAMAccepted author manuscript, 2.61 MBLicence: Other

Cite this

@article{f6db2b3a30fa47528f62ef245b7a6fc8,

title = "An Adaptable Security by Design Approach for Ensuring a Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle",

abstract = "Remote Monitoring and Teleoperation (RMTO) of Autonomous Vehicles (AV) is advancing rapidly in the industry. Researchers and industrial partners explore the role RMTO plays in helping AV navigate complicated situations, among many others. At the heart of this lies the problem of potential pathways and attack vectors or threat surfaces by which a malicious attack can be carried out on an RMTO and an AV. The separation of cybersecurity considerations in RMTO is barely considered, as so far, most available research and activities are mainly focused on AV. The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. An adaptable security-by-design approach for RMTO covers Security Engineering Life-cycle, Logical Security Layered Concept, and Security Architecture. Based on the international automotive cybersecurity standards - ISO/SAE 21434, a Threat Analysis and Risk Assessment (TARA) with a formalisation of the highest level of threats identified from the TARA of the RMTO system is carried out, with corresponding mitigation actions as per UNECE WP29. The adaptable security-by-design approach has been then applied to a prototype RMTO system developed by an industrial partner. Finally, penetration testing has been carried out where the results verify the capability of the adoptable security-by-design to reinforce the security of the RMTO systems against some of the identified risks and threats.",

keywords = "Cybersecurity, Autonomous vehicles, Risk assessments, Collaboration and partnering, Infants, Research and development",

author = "Victormills Iyieke and Jeremy Bryans and Tom Robinson and Odysseas Kosmas and Alastair Shipman and Hesamaldin Jadidbonab",

note = "{\textcopyright} 2023 SAE International. All Rights Reserved. Copyright {\textcopyright} and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders. This document is the author{\textquoteright}s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it. ; 2023 WCX SAE World Congress Experience, WCX 2023 ; Conference date: 18-04-2023 Through 20-04-2023",

year = "2023",

month = apr,

day = "11",

doi = "10.4271/2023-01-0579",

language = "English",

journal = "SAE Technical Papers",

issn = "0148-7191",

publisher = "SAE International",

url = "https://wcx.sae.org/",

}

TY - JOUR

T1 - An Adaptable Security by Design Approach for Ensuring a Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle

AU - Iyieke, Victormills

AU - Bryans, Jeremy

AU - Robinson, Tom

AU - Kosmas, Odysseas

AU - Shipman, Alastair

AU - Jadidbonab, Hesamaldin

N1 - © 2023 SAE International. All Rights Reserved. Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders. This document is the author’s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.

PY - 2023/4/11

Y1 - 2023/4/11

N2 - Remote Monitoring and Teleoperation (RMTO) of Autonomous Vehicles (AV) is advancing rapidly in the industry. Researchers and industrial partners explore the role RMTO plays in helping AV navigate complicated situations, among many others. At the heart of this lies the problem of potential pathways and attack vectors or threat surfaces by which a malicious attack can be carried out on an RMTO and an AV. The separation of cybersecurity considerations in RMTO is barely considered, as so far, most available research and activities are mainly focused on AV. The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. An adaptable security-by-design approach for RMTO covers Security Engineering Life-cycle, Logical Security Layered Concept, and Security Architecture. Based on the international automotive cybersecurity standards - ISO/SAE 21434, a Threat Analysis and Risk Assessment (TARA) with a formalisation of the highest level of threats identified from the TARA of the RMTO system is carried out, with corresponding mitigation actions as per UNECE WP29. The adaptable security-by-design approach has been then applied to a prototype RMTO system developed by an industrial partner. Finally, penetration testing has been carried out where the results verify the capability of the adoptable security-by-design to reinforce the security of the RMTO systems against some of the identified risks and threats.

AB - Remote Monitoring and Teleoperation (RMTO) of Autonomous Vehicles (AV) is advancing rapidly in the industry. Researchers and industrial partners explore the role RMTO plays in helping AV navigate complicated situations, among many others. At the heart of this lies the problem of potential pathways and attack vectors or threat surfaces by which a malicious attack can be carried out on an RMTO and an AV. The separation of cybersecurity considerations in RMTO is barely considered, as so far, most available research and activities are mainly focused on AV. The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. An adaptable security-by-design approach for RMTO covers Security Engineering Life-cycle, Logical Security Layered Concept, and Security Architecture. Based on the international automotive cybersecurity standards - ISO/SAE 21434, a Threat Analysis and Risk Assessment (TARA) with a formalisation of the highest level of threats identified from the TARA of the RMTO system is carried out, with corresponding mitigation actions as per UNECE WP29. The adaptable security-by-design approach has been then applied to a prototype RMTO system developed by an industrial partner. Finally, penetration testing has been carried out where the results verify the capability of the adoptable security-by-design to reinforce the security of the RMTO systems against some of the identified risks and threats.

KW - Cybersecurity

KW - Autonomous vehicles

KW - Risk assessments

KW - Collaboration and partnering

KW - Infants

KW - Research and development

UR - http://www.scopus.com/inward/record.url?scp=85160717325&partnerID=8YFLogxK

U2 - 10.4271/2023-01-0579

DO - 10.4271/2023-01-0579

M3 - Conference article

SN - 0148-7191

JO - SAE Technical Papers

JF - SAE Technical Papers

M1 - 2023-01-0579

T2 - 2023 WCX SAE World Congress Experience

Y2 - 18 April 2023 through 20 April 2023

ER -

An Adaptable Security by Design Approach for Ensuring a Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this