Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Automotive Cybersecurity Engineering Handbook

You're reading from   Automotive Cybersecurity Engineering Handbook The automotive engineer's roadmap to cyber-resilient vehicles

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781801076531
Length 392 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Dr. Ahmad MK Nasser Dr. Ahmad MK Nasser
Author Profile Icon Dr. Ahmad MK Nasser
Dr. Ahmad MK Nasser
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1:Understanding the Cybersecurity Relevance of the Vehicle Electrical Architecture
2. Chapter 1: Introducing the Vehicle Electrical/Electronic Architecture FREE CHAPTER 3. Chapter 2: Cybersecurity Basics for Automotive Use Cases 4. Chapter 3: Threat Landscape against Vehicle Components 5. Part 2: Understanding the Secure Engineering Development Process
6. Chapter 4: Exploring the Landscape of Automotive Cybersecurity Standards 7. Chapter 5: Taking a Deep Dive into ISO/SAE21434 8. Chapter 6: Interactions Between Functional Safety and Cybersecurity 9. Part 3: Executing the Process to Engineer a Secure Automotive Product
10. Chapter 7: A Practical Threat Modeling Approach for Automotive Systems 11. Chapter 8: Vehicle-Level Security Controls 12. Chapter 9: ECU-Level Security Controls 13. Index 14. Other Books You May Enjoy

ECU domains

An ECU domain is a grouping of ECUs that collaborate to achieve a common vehicle-level function, such as propulsion control or active braking. Such a grouping improves the efficiency of communication by limiting communication messages to the ECUs that are most co-dependent, thus reducing network congestion caused by non-domain-related messages. As the vehicle architecture evolves, ECU domains may be arranged in different configurations (as we will see in the last section of this chapter). For now, our focus is on understanding the various ECUs that are typically found in a standard vehicle architecture.

Note

The following list of ECUs is meant to be representative of ECUs found in vehicles rather than a comprehensive one with the aim of highlighting the security relevance of each.. Some ECU names can change as OEMs differ in the way they partition vehicle functions across different control units.

Fuel-based powertrain domain

The fuel-based powertrain domain is responsible for producing power in an internal combustion engine (ICE) and transmitting it to the wheels. An attacker who can gain access to any ECU in the powertrain domain may be able to affect the vehicle’s longitudinal motion, which has an obvious safety impact. However, the more common attack target of this domain is engine tuning to illegally increase performance, which has the side effect of increasing vehicle emissions.

Engine control module (ECM)

A vehicle engine’s performance is precisely regulated by the ECM, which pulls data from sensors layered throughout the engine. Among the control functions of the ECM are the engine starting procedure, spark plug ignition, fuel injection, and the cooling process.

Transmission control module (TCM)

The TCM uses different gear ratios to convert a fixed engine speed and torque into a variable driving speed and torque in automatic transmission vehicles. The TCM determines when to shift gears to optimize the vehicle’s performance, balancing factors such as fuel efficiency, power, and engine protection. This is based on a variety of input data, such as engine speed (RPM), vehicle speed, throttle position, and load on the vehicle.

Electric drive powertrain domain

This domain is responsible for battery charging and managing and distributing electric power to the motors, as well as the other electronics that require varying power levels. Like the fuel-based powertrain domain, protecting this domain against security breaches is essential to prevent several hazards, such as erratic vehicle motion control and unsafe battery management. The latter is a unique problem for electric vehicles with the potential to cause catastrophic thermal events if the batteries are not operated safely.

Battery management system (BMS)

The BMS’s primary function is to manage the state of charge (SoC) and state of health (SoH) of the battery pack by controlling the charging and discharging of the battery cells. It also monitors the battery pack’s status for hazardous conditions such as overheating or high current events to ensure fail-safe action is taken before it leads to a catastrophic failure.

Onboard charger

The onboard charger’s primary role is to convert the AC power provided by the electric vehicle supply equipment (EVSE) into DC power, which can then be used to charge the vehicle’s battery pack. This involves controlling the rate of charging to ensure the battery is charged safely and efficiently.

Additionally, it provides communication between the EVSE and the vehicle’s charging system. This is done using a power-line communication protocol, which allows data to be sent over the electrical power lines. This can be used to negotiate the charging rate based on factors such as the vehicle’s current state of charge, the capacity of the EVSE, and the temperature of the battery [8].

DC-AC converter

In electric vehicles, the high-voltage DC-AC converter, also known as the inverter, converts DC output from the battery pack to AC power for the electric motor(s).

Powertrain electronic control unit (PECU)

This ECU manages the speed and acceleration of the electric motors by controlling the supplied voltage frequency and magnitude.

Chassis safety control domain

The chassis safety control domain encompasses a variety of ECUs and in-vehicle sensors with a clear focus on active and passive safety management. Since the ECUs in this domain are responsible for vehicle safety, it can be argued that this domain is at the top of the list for security professionals regarding what needs to be protected against cyberattacks.

Electronic braking control module (EBCM)

The EBCM is a specialized module that supplies brake pressure to the wheels to achieve several active safety functions, such as ABS, ESC, and automatic emergency braking.

Airbag control module

As a passive safety system, airbags protect occupants from bodily harm in the case of a collision by inflating the airbags through controlled explosions of the squibs embedded in the airbag.

Electronic power steering (EPS)

The EPS is responsible for providing electronic steering assistance to the driver through the actuation of steering motors. The EPS can provide several enhanced driver assistance features, such as lane departure warnings and lane correction.

Advanced driver assistance (ADAS) control module

While several ADAS functions can be integrated within the EBCM and EPS, a dedicated ECU is common in more modern vehicles to achieve higher levels of autonomy.

This module can command the ECM, EBCM, and EPS to control engine torque and apply braking and steering based on the situation at hand. It integrates inputs from multiple sensors, which makes it possible for the ADAS ECU to perform autonomy functions such as automated parking and autonomous highway driving, to name a few.

Interior cabin domain

The interior cabin domain encompasses the comfort features expected from a modern vehicle. At first glance, this domain may seem less critical for security. On the contrary, due to its ability to control physical security, this domain is among the most targeted by attackers today as a breach of this domain translates to vehicle break-in and theft.

Body control module (BCM)

The BCM manages the remote keyless entry and access to the vehicle’s interior. Additionally, it can control seat positions and power windows, light controls, and windshield wipers.

Climate control module (CCM)

The primary function of the CCM is to provide heating and cooling of the cabin. It typically heats the air with a heater core and cools the air with an evaporator and a refrigerant that absorbs heat from the cabin’s air.

Infotainment and connectivity domain

The vehicle functions that engage the driver through the human-machine interface (HMI) are usually grouped in the infotainment domain. ECUs in this domain include the vehicle’s head unit, the central console, as well as the driver-facing instrument cluster. You have probably guessed by now that this domain is also security-critical due to the rich user interfaces it offers.

In-vehicle infotainment (IVI)

The IVI offers entertainment and information delivery to drivers and passengers. The IVI system accepts user input through touchscreens and physical controls and serves the occupants with audio, video, and navigation data. In some cases, the instrument cluster can be integrated with the IVI to provide the driver with a digital display of vehicle information such as speed, fuel level, and more. IVI systems enable vehicle occupants to connect their phones through Bluetooth and USB, making them an attractive target for attackers.

Telematics control unit (TCU)

The TCU is the primary remote access point to the vehicle and therefore is considered high on the list of security-critical ECUs. Among its features are the reception of GPS signals and providing connectivity through cellular and Wi-Fi communication to facilitate OTA updates, as well as the transmission of remote messages such as telemetry data and emergency assistance requests.

Cross-domain

The interconnection of all domains can be viewed as its own domain whose primary objective is providing reliable communication across the previously mentioned domains when message exchange is needed.

Central gateway (CGW)

While some vehicles may rely on individual ECUs to act as gateways between two or more vehicle subsystems, a more common trend is to dedicate a single gateway ECU to perform this function. When a CGW is used, it behaves as an in-vehicle router by allowing ECUs from different network segments to communicate with one another. The CGW translates data across different network systems, such as CAN to CAN, CAN to Ethernet, and CAN to LIN. Due to its access to all vehicle domains, the CGW can play an important role in security by segmenting the network architecture and dropping unwanted traffic.

Discussion point 7

Can you think of some unique assets of the CGW? Hint: Network filter rules are one such asset.

Now that we have explored the different ECUs and ECU domains, it’s time to dive into the networking technologies that enable them to exchange information.

You have been reading a chapter from
Automotive Cybersecurity Engineering Handbook
Published in: Oct 2023
Publisher: Packt
ISBN-13: 9781801076531
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image