Next Article in Journal
A Novel Deep Transfer Learning Approach Based on Depth-Wise Separable CNN for Human Posture Detection
Next Article in Special Issue
THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity
Previous Article in Journal
Fuzzy Keyword Searchable Encryption Scheme Based on Blockchain
Previous Article in Special Issue
A New Multivariate Approach for Real Time Detection of Routing Security Attacks in VANETs
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 13
Issue 11
10.3390/info13110518
Review Report
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Cybersecurity Comparison of Brain-Based Automotive Electrical and Electronic Architectures

Information 2022, 13(11), 518; https://0-doi-org.brum.beds.ac.uk/10.3390/info13110518
by Nadera Sultana Tany 1, Sunish Suresh 2, Durgesh Nandan Sinha 2, Chinmay Shinde 2, Cristina Stolojescu-Crisan 3,* and Rahamatullah Khondoker 4
Reviewer 1:
Subhojit Dawn
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Information 2022, 13(11), 518; https://0-doi-org.brum.beds.ac.uk/10.3390/info13110518
Submission received: 31 August 2022 / Revised: 30 September 2022 / Accepted: 3 October 2022 / Published: 31 October 2022
(This article belongs to the Special Issue Automotive System Security: Recent Advances and Challenges)

Round 1

Reviewer 1 Report

The authors present an important topic. The work is very interesting.

1. Modify this line in the abstract section: "Recently published "ISO/SAE 21434:2021 Road vehicle - Cybersecurity engineering" standard"

2. The main highlights of the paper need to be added in the Introduction section.

3. Add some recent literature.

4. Describe the result part briefly.

5. Conclusion part needs to be modified with giving focus on the result part of the paper.

Author Response

Reviewer 1

The authors present an important topic. The work is very interesting.

  1. Modify this line in the abstract section: "Recently published "ISO/SAE 21434:2021 Road vehicle - Cybersecurity engineering" standard"

Response: This sentence is changed as follows:

“The ISO/SAE 21434 Road vehicle - Cybersecurity engineering standard document was published in 2021 and can be considered as the Bible of automotive cybersecurity.”

  1. The main highlights of the paper need to be added in the Introduction section.

Response: It has been added to the end of the introduction section as follows:

This work explores the existing traditional, one-brain, two-brain, and three-brain E/E 59

architectures available in the automotive industry 60

  1. The authors have addressed the gap in the literature by providing a generic compari- 61

son between the architectures 62

  1. The four architectures are further analyzed in terms of vulnerability and the associated 63

risks, according to the ISO/SAE 21434 standard Joint collaboration [11] 64

  1. TARA and STRIDE methods are explored and analysed with MS Threat Modeling 65

Tool and Ansys Medini Analyze tool 66

  1. The results of the analysis is presented through a table named “E/E Architecture 67

comparison”

  1. Add some recent literature.

Response: We have added 7 more literature from the years 2021 and 2022. The breakdown of the number of literatures throughout the years are like this: 2016 - 3, 2017 - 7, 2018 - 5, 2019 - 3, 2020 - 8, 2021 - 14, 2022 - 5 publications from the last 7 years. 27 out of 62 citations are from the last 3 years.

  1. Describe the result part briefly.

Response: The researchers have added a results section to this paper and added the necessary details into it.

  1. Conclusion part needs to be modified with giving focus on the result part of the paper.

Response: We have added a result part just above the conclusion part. Other than that, the conclusion section is updated.

 

Author Response File: Author Response.docx

Reviewer 2 Report

This paper deals with cybersecurity and investigates threats to smart automotive systems. The topic of the paper is timely given the surge in self-driving cars. The paper is well written. Following are some clarifications that the authors can provide to further improve the appeal of the paper to a diverse audience. 

 

As computations on-board increase, the communication overhead between components in the vehicle increases. How scalable is the analysis presented in the paper? Can the authors comment on the scalability of the work presented in this paper?

 

CAN/LiN communication architecture is assumed in this work. This is ok, since this is historically and currently used in vehicles. However, future systems (e.g., EVs) which includes potentially large battery management systems may prefer integrating communications and the power topology in the vehicle, using, for example, power line communications. It also helps in sensing and monitoring as well. This exposes the infrastructure to more threats due to the open tapping nature of the communications medium (i.e., easier to tap power cables than CAN/LiN lines). Does the analysis change under these conditions?

 

Finally, can the authors provide any quantitative measures of performance between the systems compared? For example, cost, utility, longevity, scalability, etc.? Although qualitative analysis is also helpful, quantitative metrics help in better driving home the point and in quicker understanding of the methodology. Also, it allows more customization.

Author Response

Reviewer 2

 

This paper deals with cybersecurity and investigates threats to smart automotive systems. The topic of the paper is timely given the surge in self-driving cars. The paper is well written. Following are some clarifications that the authors can provide to further improve the appeal of the paper to a diverse audience. 

 

As computations on-board increase, the communication overhead between components in the vehicle increases. How scalable is the analysis presented in the paper? Can the authors comment on the scalability of the work presented in this paper?

 

Response: The work presented in this paper is scalable. As this is more of a generic analysis of the E/E architectures, there is always the scope for going into the details of the analysis components. For example, the cost effectiveness of the systems presented could be explored more into the details. For a specific component, different manufacturers are pricing them differently and a detailed quantitative analysis on this aspect is totally possible. The researcher can focus on the individual hardware details and price lists available.

 

This paper formulates a genric formula which is applicable for any number of HPCs, senors, and actuators.

 

CAN/LiN communication architecture is assumed in this work. This is ok, since this is historically and currently used in vehicles. However, future systems (e.g., EVs) which includes potentially large battery management systems may prefer integrating communications and the power topology in the vehicle, using, for example, power line communications. It also helps in sensing and monitoring as well. This exposes the infrastructure to more threats due to the open tapping nature of the communications medium (i.e., easier to tap power cables than CAN/LiN lines). Does the analysis change under these conditions?

 

Response: As this is a generic analysis of the E/E architectures, the discussion on the future battery management systems is out of the scope of this scientific work. The target of this work is to address the gap of a comparative analysis of the architectures in the current literature in this specific domain. This is more suited into the future scope of this discipline.

 

Finally, can the authors provide any quantitative measures of performance between the systems compared? For example, cost, utility, longevity, scalability, etc.? Although qualitative analysis is also helpful, quantitative metrics help in better driving home the point and in quicker understanding of the methodology. Also, it allows more customization.

Response:

The authors have added a results section to this paper and added the necessary details into it. Table 3 presents a comparison between the four E/E architectures in terms of various attributes that are further detailed.

 

Author Response File: Author Response.docx

Reviewer 3 Report

This manuscript studies four different E/E architecture modes in vehicles, and compares the cons and pros of the security of each architecture. At the end of it, the authors provide the possibility of improving the architecture. Overall, this research has implications for the development of the field, and here are some suggestions:

1) In the abstract, the contributions and research results should be highlighted.

2) The research method should be described in detail in Section II, and explain the research steps compactly.

3) I suggest that the author should explain the limitations of this work in the conclusion section.

Author Response

Reviewer 3

 

This manuscript studies four different E/E architecture modes in vehicles, and compares the cons and pros of the security of each architecture. At the end of it, the authors provide the possibility of improving the architecture. Overall, this research has implications for the development of the field, and here are some suggestions:

1) In the abstract, the contributions and research results should be highlighted.

Response: This work attempts to mitigate the gap in the scholarly literature by creating a comparative image of the E/E architectures on a generalized level. The exploratory method of the research provides the reader with knowledge on four different architecture types, their fundamental properties, advantages, and disadvantages along with a general overview of the threats and vulnerabilities associated individually under the light of ISO/SAE 21434 standard. The improvement possibilities of the studied architectures have been provided and their pros and cons have been highlighted.

 

We have also added a Results section in the paper.

 

2) The research method should be described in detail in Section II, and explain the research steps compactly.

Response: The goal of this study is to explore and analyze the existing automotive E/E architecture based knowledge in order to create a generalized comparative image of current ECU and HPC based vehicle cyber security systems. An exploratory research approach was conceived with a combination of architecture type specific case studies in order to accomplish this. In the case study part, risk and threat analysis of the architectures were conducted using TARA and STRIDE methods. This part was accomplished by using MS Threat analysis tools and Ansys Medini Analyze tools according to the “ISO/SAE 21434:2021 Road vehicle - Cybersecurity engineering" standard. The total research methodology is a combination of exploratory research with case studies.

 

3) I suggest that the author should explain the limitations of this work in the conclusion section.

Response: The future work section is renamed as “Limitations and Future scope”. The authors have addressed the limitations encountered during this work. On the basis of the limitations they proposed the future scope of this research work. The changed text is as follows:

 

This paper is mainly focused on the general comparison between the architectures.

It considered the fundamentally constructed use cases for the four architecture types

and analyzed the vulnerability and risk factors associated with them, according to the

ISO/SAE 21434 standard. The scope of this work is focused primarily on to produce a

comparative outlook for the readers. The limitation is that the authors were unable to

provide quantitative data of the parameters in detail for the comparative components (i.e.

cost, efficiency, redundancy, etc.) between the architectures. Each of these components

can be explored further into details from a qualitative and quantitative perspective and

analyzed to create a more in-depth knowledge. This is a limitation to the work presented

in this paper but represents a future scope for this domain of study. Other than that, the

authors have proposed architecture specific future scopes for their development.

 

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

The paper can be accepted in its present form.

Back to TopTop