• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.22 no.6
• /
• pp.299-312
• /
• 2023

Recently, the electronic control unit (ECU) has been integrating several functions into one beyond simple convenience functions. Accordingly, ECUs have more functions and external interfaces than before, and various cybersecurity problems are arising. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) issued UN Regulation No.155 to establish international standards for vehicle cybersecurity management systems in light of the growing threats to vehicle cybersecurity. According to international standards, vehicle manufacturers are required to establish a Cybersecurity Management System (CSMS) and receive a Vehicle Type Approval (VTA). However, opinions were raised that the implementation period should be adjusted because domestic preparations for this are insufficient. Therefore, in this paper, we propose a web-based solution that maps a checklist to check the status of CSMS in the requirement and various vehicle security companies and solutions to mitigate the identified gap.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1151-1163
• /
• 2022

As wireless communication functions begin to be installed in vehicles, cyberattacks that exploit vulnerabilities in wireless communication functions are increasing. To respond to this, UNECE enacted the UN R156 regulation to safely distribute the software installed in the vehicle by using the wireless communication function. The regulations specify the requirements necessary to safely distribute the software for vehicles, but only the abstract requirements are presented without information on the components and detailed functions necessary to develop and implement the requirements. Therefore, in this paper, we propose a security evaluation standard that can evaluate whether a safe SUMS is built using threat modeling, a method for systematically analyzing security threats.