Cybersecurity Consulting Services
UMTRI supports sponsors and clients in all aspects of transportation cybersecurity and privacy. Examples of UMTRI’s cybersecurity and privacy consulting services are listed below:
- Risk assessment. UMTRI performs risk assessments for transportation and embedded systems. The risk assessments are based on accepted NIST standards and provide a roadmap of cybersecurity in terms of solutions and priority.
- In-vehicle platform security design. design of secure in-vehicle electronics architectures, communication security protocols, secure wireless and wired interfaces, trustworthy computing platforms with secure micro-controllers, and security applications.
- Security strategies. define security strategies, evaluate potential risks and risk levels, and suggest roadmaps. Such security strategies were developed for a large variety of systems, reaching from entire product lines to individual electronic control units (ECU).
- Connected vehicle / V2X cybersecurity and privacy. design and optimize privacy preserving and secure vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication security mechanisms.
- Intrusion detection and prevention systems (IPS). design and optimize strategies to monitor the in-vehicle electronic control units, detect attacks and intrusion, prevent such attacks from further intrusion into the vehicle electronics, and react to attacks. On-going work is targeting current vehicle architectures and future work will also cover partly and fully automated vehicles.
- Secure CAN. design and optimize a secure in-vehicle communication protocol for the controller area network (CAN), and develop a prototype implementation of this secure communication software stack.
- Protection of component integrity. design of component identification protocols, secure software updates over-the-air, and secure boot solutions to protect the integrity of systems at start-up and during run-time.
- Transportation privacy. evaluation of existing systems in terms of end-user privacy and stakeholder confidentiality, and design of privacy preserving systems. The scope includes in-vehicle systems (e.g. event data recorder/black box), cloud systems, and communication systems (e.g. vehicle-to-vehicle communication).
For further information, please contact Dr. André Weimerskirch.