Feng Luo,Xuan Zhang,Zhenyu Yang,Yifan Jiang,Jiajia Wang,Mingzhi Wu,Wanqiang Feng

DOI: https://doi.org/10.3390/s22239211

2022-11-26

Abstract:Modern vehicles are more complex and interconnected than ever before, which also means that attack surfaces for vehicles have increased significantly. Malicious cyberattacks will not only exploit personal privacy and property, but also affect the functional safety of electrical/electronic (E/E) safety-critical systems by controlling the driving functionality, which is life-threatening. Therefore, it is necessary to conduct cybersecurity testing on vehicles to reveal and address relevant security threats and vulnerabilities. Cybersecurity standards and regulations issued in recent years, such as ISO/SAE 21434 and UNECE WP.29 regulations (R155 and R156), also emphasize the indispensability of cybersecurity verification and validation in the development lifecycle but lack specific technical details. Thus, this paper conducts a systematic and comprehensive review of the research and practice in the field of automotive cybersecurity testing, which can provide reference and advice for automotive security researchers and testers. We classify and discuss the security testing methods and testbeds in automotive engineering. Furthermore, we identify gaps and limitations in existing research and point out future challenges.

Haichun Zhang,Jie Wang,Yijie Wang,Minfeng Li,Jinghan Song,Zhenglin Liu

DOI: https://doi.org/10.3390/app14010204

2023-01-01

Applied Sciences

Abstract:Intelligent connected vehicles (ICVs) are equipped with extensive electronic control units which offer convenience but also pose significant cybersecurity risks. Penetration testing, recommended in ISO/SAE 21434 “Road vehicles—Cybersecurity engineering”, is an effective approach to identify cybersecurity vulnerabilities in ICVs. However, there is limited research on vehicle penetration testing from a black-box perspective due to the complex architecture of ICVs. Additionally, no penetration testing framework has been proposed to guide security testers on conducting penetration testing for the whole vehicle. The lack of framework guidance results in the inexperienced security testers being uncertain about the processes to follow for conducting penetration testing. Moreover, the inexperienced security testers are unsure about which tests to perform in order to systematically evaluate the vehicle’s cybersecurity. To enhance the penetration testing efficiency of ICVs, this paper presents a black-box penetration testing framework, ICVTest. ICVTest proposes a standardized penetration testing process to facilitate step-by-step completion of the penetration testing, thereby addressing the issue of inexperienced testers lacking guidance on how to initiate work when confronted with ICV. Also, ICVTest includes 10 sets of test cases covering hardware and software security tests. Testers can select appropriate test cases based on the specific cybersecurity threats faced by the target object, thereby reducing the complexity of penetration testing tasks. Furthermore, we have developed a vehicle cybersecurity testing platform for ICVTest that seamlessly integrates various testing tools. The platform enables even novice testers to conduct vehicle black-box penetration testing in accordance with the given guidance which addresses the current industry’s challenge of an overwhelming number of testing tasks coupled with a shortage of skilled professionals. For the first time, we propose a comprehensive black-box penetration testing framework and implement the framework in the form of a cybersecurity testing platform. We apply ICVTest to evaluate an electric vehicle manufactured in 2021 for assessing the framework’s availability. With the aid of ICVTest, even testers with limited experience in automotive penetration can effectively evaluate the security risks of ICVs. In our experiments, numerous cybersecurity vulnerabilities were identified involving in-vehicle sensors, remote vehicle control systems, and in-vehicle controller area network (CAN) bus.

Ning Hu,Yan Jia,Man Zhang,Yun Li,Huanyu Zhao,Lei Luo

DOI: https://doi.org/10.1109/mnet.2024.3374341

IF: 10.294

2024-01-01

IEEE Network

Abstract:The rapid development of the mobile Internet and 5G technology has made the Internet of Vehicles possible. Through V2X technology, mobile vehicles can exchange information with roadside units and cloud-side applications. A vehicle with networking capabilities is called an intelligent connected vehicle (ICV). The emergence of ICVs allows people to experience the enjoyability of intelligent driving and the convenience of massive Internet applications. At the same time, networking breaks the closed control system of vehicles and introduces new network security issues. In recent years, attacks against ICVs have continued to occur, and network security issues have received widespread attention. Currently, passing security tests has become a necessary condition for ICVs to obtain sales licenses. However, due to the lack of complete infrastructure and testing methods, security testing of ICVs is still challenging. We propose a security testing method for ICVs based on the cyber range. By placing an ICV in an emulation environment constructed with a cyber range, security penetration testing is performed to analyze the potential security risks and vulnerabilities of the target vehicle. Conducting security evaluations of ICVs based on the cyber range can effectively extend the security testing time of vehicles and ensure the comprehensiveness and effectiveness of the test results. This article also introduces the architecture, application scenarios and testing process of the ICV cyber range. At present, this security assessment method for ICVs has been applied in the production processes of Chinese automobile manufacturing companies.

Stefan Marksteiner,Zhendong Ma

DOI: https://doi.org/10.48550/arXiv.1911.06589

2019-11-15

Cryptography and Security

Abstract:The advancing digitalization of vehicles and automotive systems bears many advantages for creating and enhancing comfort and safety-related systems ranging from drive-by-wire, inclusion of advanced displays, entertainment systems up to sophisticated driving assistance and autonomous driving. It, however, also contains the inherent risk of being used for purposes that are not intended for, raging from small non-authorized customizations to the possibility of full-scale cyberattacks that affect several vehicles to whole fleets and vital systems such as steering and engine control. To prevent such conditions and mitigate cybersecurity risks from affecting the safety of road traffic, testing cybersecurity must be adopted into automotive testing at a large scale. Currently, the manual penetration testing processes cannot uphold the increasing demand due to time and cost to test complex systems. We propose an approach for an architecture that (semi-)automates automotive cybersecurity test, allowing for more economic testing and therefore keeping up to the rising demand induced by new vehicle functions as well as the development towards connected and autonomous vehicles.

Zeinab El-Rewini,Karthikeyan Sadatsharan,Daisy Flora Selvaraj,Siby Jose Plathottam,Prakash Ranganathan

DOI: https://doi.org/10.1016/j.vehcom.2019.100214

IF: 6.7

2020-06-01

Vehicular Communications

Abstract:As modern vehicles are capable to connect to an external infrastructure and Vehicle-to-Everything (V2X) communication technologies mature, the necessity to secure communications becomes apparent. There is a very real risk that today's vehicles are subjected to cyber-attacks that target vehicular communications. This paper proposes a three-layer framework (sensing, communication and control) through which automotive security threats can be better understood. The sensing layer is made up of vehicle dynamics and environmental sensors, which are vulnerable to eavesdropping, jamming, and spoofing attacks. The communication layer is comprised of both in-vehicle and V2X communications and is susceptible to eavesdropping, spoofing, man-in-the-middle, and sybil attacks. At the top of the hierarchy is the control layer, which enables autonomous vehicular functionality, including the automation of a vehicle's speed, braking, and steering. Attacks targeting the sensing and communication layers can propagate upward and affect the functionality and can compromise the security of the control layer. This paper provides the state-of-the-art review on attacks and threats relevant to the communication layer and presents countermeasures.

telecommunications,transportation science & technology

Longkai Wang,Shilun Du,Guofang Gong,Yong Lei

DOI: https://doi.org/10.1109/M2VIP58386.2023.10413404

2023-01-01

Abstract:Controller Area Network (CAN) plays an important role in vehicle chassis control system, hence the reliability of CAN network relates to driving performance and even passenger safety. However, intermittent connection (IC) faults, including intermittent open connection (IOC) and intermittent short connection (ISC), can potentially affect the performance of the vehicle CAN network. In this work, a hardware-in-the-loop (HIL) real-time simulation platform for the in-vehicle CAN system is constructed, and the effects of IC faults on the system are studied. First, based on the virtualized vehicle dynamics model and the actual bus hardware, the HIL platform of the vehicle CAN system is built. Then, typical connectivity problems such as IOC and ISC faults are emulated on the vehicle chassis CAN system. Finally, the influence law of different electrical character (type, frequency, and intensity) of IC faults on the vehicle speed control performance is analyzed. The results demonstrate the varying performance of CAN-based control systems in terms of signal delay, control performance, system stability, and tolerable fault intensity in the presence of IC faults with different electrical characteristics.

Jinghua Yu,Feng Luo

DOI: https://doi.org/10.1155/2020/7169720

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:With the increasing connectivity of modern vehicles, protecting systems from attacks on cyber is becoming crucial and urgent. Meanwhile, a vehicle should guarantee a safe and comfortable trip for users. Therefore, how to design a cybersecurity-critical system in vehicles with safety and user experience (UX) considerations is increasingly essential. However, most co-design methods focus on safety engineering with attack concerns and do not discuss conflicts and integration, and few contain the UX aspect. Besides, most existing approaches are abstract at a high level without practical guidelines. This paper presents a literature review of existing safety and security design approaches and proposes a systematic approach for cybersecurity design of in-vehicle network systems based on the guideline in SAE J3061. The trade-off analysis is performed by using association keys and the proposed affecting map. The design process of an example Diagnostic on Internet Protocol (DoIP) system is reported to show how the approach works. Compared with the existing approaches, the proposed one considers safety, cybersecurity, and UX simultaneously, solves conflicts qualitatively or quantitatively, and obtains trade-off design requirements. This approach is applicable to the cybersecurity-driven design of in-vehicle network systems in the early stage with safety and UX considerations.

Sekar Kulandaivel,Wenjuan Lu,Brandon Barry,Jorge Guajardo

2024-04-03

Abstract:In the automotive security sector, the absence of a testing platform that is configurable, practical, and user-friendly presents considerable challenges. These difficulties are compounded by the intricate design of vehicle systems, the rapid evolution of attack vectors, and the absence of standardized testing methodologies. We propose a next-generation testing platform that addresses several challenges in vehicle cybersecurity testing and research domains. In this paper, we detail how the Vehicle Security Engineering Cloud (VSEC) Test platform enables easier access to test beds for efficient vehicle cybersecurity testing and advanced (e.g., penetration, fuzz) testing and how we extend such test beds to benefit automotive security research. We highlight methodology on how to use this platform for a variety of users and use cases with real implemented examples.

Cryptography and Security,Systems and Control

Irdin Pekaric,Clemens Sauerwein,Michael Felderer

DOI: https://doi.org/10.1145/3339252.3340329

2019-08-26

Abstract:Over the past few decades, the automotive industry was mostly focused on testing the safety aspects of a vehicle. However, this was not the case with security testing as it only began to be addressed recently. As a result, multiple approaches applying various security testing techniques on different software-based vehicle IT components emerged. With that said, the research and practice lack an overview about these techniques. In this paper, we conduct a systematic mapping study. This involved the investigation on the following five dimensions: (1) security testing techniques, (2) AUTOSAR layers, (3) functional interfaces of AUTOSAR, (4) vehicle lifecycle phases and (5) attacks. In total, 39 papers presenting approaches for security testing in automotive engineering were systematically selected and classified. The results identify multiple security testing techniques focusing on early phases of vehicle life cycle through the application and services layer of the AUTOSAR architecture. Finally, there is a need for security regression testing approaches, as well as combined security and safety testing approaches.

Haichun Zhang,Xu Meng,Xiong Zhang,Zhenglin Liu

DOI: https://doi.org/10.3390/s20174900

IF: 3.9

2020-08-30

Sensors

Abstract:The Internet of Things (IoT) is an industry-recognized next intelligent life solution that increases the level of comfort, efficiency, and automation for citizens through numerous sensors, smart devices, and cloud stations connected physically. As an important application scenario of IoT, the Internet of Vehicles (IoV) plays an extremely critical role in the intelligent transportation field. In fact, the In-Vehicle Network of smart vehicles that are recognized as the core roles in intelligent transportation is currently the Controller Area Network (CAN). However, the In-Vehicle CAN bus protocol has several vulnerabilities without any encryption, authentication, or integrity checking, which severely threatens the safety of drivers and passengers. Once malicious attackers hack the vehicular gateway and obtain the access right of the CAN, they may control the vehicle based on the vulnerabilities of the CAN bus protocol. Given the severe security risk of CAN, we proposed the CANsec, a practical In-Vehicle CAN security evaluation tool that simulates malicious attacks according to major attack models to evaluate the security risk of the In-Vehicle CAN. We also show a usage case of the CANsec without knowing any information from the vehicle manufacturer.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qiang Hu,Feng Luo

DOI: https://doi.org/10.1007/s12239-018-0085-1

2018-01-01

International Journal of Automotive Technology

Abstract:In the connected vehicles, connecting interfaces bring threats to the vehicles and they can be hacked to impact the vehicles and drivers. Compared with traditional vehicles, connected vehicles require more information transfer. Sensor signals and critical data must be protected to ensure the cyber security of connected vehicles. The communications among ECUs, sensors, and gateways are connected by in-vehicle networks. This paper discussed the state-of-art techniques about secure communication for in-vehicle networks. First, the related concepts in automotive secure communication have been provided. Then we have compared and contrasted existing approaches for secure communication. We have analyzed the advantages/disadvantages of MAC and digital signatures for message authentication and compared the performance and limitations of different cryptographic algorithms. Firewall and intrusion detection system are introduced to protect the networks. The constraints and features of different intrusion detection approaches are presented. After that, the technical requirements for cryptographic mechanism and intrusion detection policy are concluded. Based on the review of current researches, the future development directions of the automotive network security have been discussed. The purpose of this paper is to review current techniques on automotive secure communication and suggest suitable secure approaches to implement on the in-vehicle networks.

Yuefeng Du,Zhiqiang Cai,Le Yu,Wenkai Zhang,Pengfei Jing,Yingjie Cao,Shi Wu,Sen Nie,Xiapu Luo,Chenxiong Qian

DOI: https://doi.org/10.1109/SP54263.2024.00080

2024-05-19

Abstract:As modern vehicles become increasingly complex in terms of both external attack surfaces and internal in-vehicle network (IVN) topology, ensuring their cybersecurity remains a challenge. Existing standards and regulations, such as WP29 R155e and ISO 21434, attempt to establish a baseline for automotive cybersecurity, but their sufficiency in addressing the evolving threats is unclear. To fill in this gap, we first carried out an in-depth interview study with 15 experts in automotive cybersecurity, uncovering the particular challenges encountered during security activities and the limitations of current regulations. We identified 20 key insights from the interview data, ranging from the challenges and gaps in the existing automotive security industry to the limitations and recommendations for current regulations. Notably, we discovered that the quality of threat cases provided by existing regulations is unsatisfactory, and the Threat Analysis and Risk Assessment (TARA) process is often highly inefficient due to the lack of automatic tools. In response to the above limitations, we first built an improved threat database for automotive systems using the collected interview data, which enhanced the existing database both quantitatively and qualitatively. Additionally, we present CarVal, a datalog-based approach designed to infer multi-stage attack paths in IVNs and calculate risk values, thereby making TARA more efficient for automotive systems. By applying CarVal to five real vehicles, we performed extensive security analysis based on the generated attack paths and successfully exploited the corresponding attack chains in the newly gateway-segmented IVN, uncovering new automotive attack surfaces that previous research failed to cover, including the in-vehicle browser, official mobile app, backend server, and in-vehicle malware.

Engineering,Computer Science

Haojie Ji,Haiyang Yu,Yinghui Wang,Jing Peng

DOI: https://doi.org/10.1061/9780784483565.148

2021-01-01

Abstract:Automobile intelligent driving systems and communication services bring the widespread application of information technology and network technology. Meanwhile, there are increasing number of exploitable security vulnerabilities and risks in modern vehicles. These risks may cause serious consequences such as casualties and property losses for drivers. Risk assessment is an important activity in the life cycle of automobile cybersecurity and can provide a guarantee for the formation of correct cybersecurity requirements of products. Considering the current wide recognition standard for threat analysis and risk assessment, this paper proposes a systematic risk assessment method for automotive cybersecurity combined with risk assessment use cases. Finally, a typical use case of security-related component IVI is applied to illustrate the proposed risk assessment method and analysis process of cybersecurity assessment results.

Claudiu Vasile Kifor,Aurelian Popescu

DOI: https://doi.org/10.3390/s24186139

2024-09-23

Abstract:Modern vehicles are increasingly interconnected through various communication channels, which requires secure access for authorized users, the protection of driver assistance and autonomous driving system data, and the assurance of data integrity against misuse or manipulation. While these advancements offer numerous benefits, recent years have exposed many intrusion incidents, revealing vulnerabilities and weaknesses in current systems. To sustain and enhance the performance, quality, and reliability of vehicle systems, software engineers face significant challenges, including in diverse communication channels, software integration, complex testing, compatibility, core reusability, safety and reliability assurance, data privacy, and software security. Addressing cybersecurity risks presents a substantial challenge in finding practical solutions to these issues. This study aims to analyze the current state of research regarding automotive cybersecurity, with a particular focus on four main themes: frameworks and technologies, standards and regulations, monitoring and vulnerability management, and testing and validation. This paper highlights key findings, identifies existing research gaps, and proposes directions for future research that will be useful for both researchers and practitioners.

Haichun Zhang,Yuqian Pan,Zhaojun Lu,Jie Wang,Zhenglin Liu

DOI: https://doi.org/10.1109/access.2021.3124565

IF: 3.9

2021-01-01

IEEE Access

Abstract:Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a large number of ECUs have introduced a wider range of security threats for vehicles. The attackers can compromise a vehicle remotely through a vulnerable ECU. How to evaluate the cyber security of in-vehicle ECUs has become an important issue. Current Threat Analysis and Risk Assessment (TARA) only carries out theoretical analysis on the potential threats and risks faced by the vehicle in the conceptual design phase of the lifecycle, but lacks the details of actual security evaluation. In this paper, we proposed a Cyber Security Evaluation Framework (CSEF) to independently evaluate the security of the in-vehicle ECUs, which is composed of the asset identification, the threat analysis, the risk assessment, and the security test. The proposed CSEF is applied to a pre-installed On-Bord Unit (OBU) to provide a use case. The use case show that the proposed CSEF is able to figure out assets, threats, risks behind threats, and vulnerabilities of OBU, playing an important role in guiding others to conduct security evaluation. Moreover, CSEF can be extended to evaluate the cyber security of other critical ECUs, such as the Telematic Box, the infotainment units, and the gateway.

Stefan Marksteiner,Slava Bronfman,Markus Wolf,Eddie Lazebnik

DOI: https://doi.org/10.1109/EuroSPW54576.2021.00020

2021-07-15

Abstract:Cybersecurity testing of automotive systems has become a practical necessity, with the wide adoption of advanced driving assistance functions and vehicular communications. These functionalities require the integration of information and communication technologies that not only allow for a plethora of on-the-fly configuration abilities, but also provide a huge surface for attacks. Theses circumstances have also been recognized by standardization and regulation bodies, making the need for not only proper cybersecurity engineering but also proving the effectiveness of security measures by verification and validation through testing also a formal necessity. In order to keep pace with the rapidly growing demand of neutral-party security testing of vehicular systems, novel approaches are needed. This paper therefore presents a methodology to create and execute cybersecurity test cases on the fly in a black box setting by using pattern matching-based binary analysis and translation mechanisms to formal attack descriptions as well as model-checking techniques. The approach is intended to generate meaningful attack vectors on a system with next-to-zero a priori knowledge.

Cryptography and Security

J. Moukahal,Mohammad Zulkernine,Martin Soukup,Lama J. Moukahal

DOI: https://doi.org/10.1109/tr.2021.3112538

IF: 5.883

2021-12-01

IEEE Transactions on Reliability

Abstract:In an era of connectivity and automation, the vehicle industry is adopting numerous technologies to transform driver-centric vehicles into intelligent mechanical devices driven by software components. Software integration and network connectivity inherit numerous security issues that open the door for malicious attacks. Software security testing is a scalable and practical approach to identify systems' weaknesses and vulnerabilities at an early stage and throughout their life-cycle. Security specialists recommend fuzz testing to identify vulnerabilities within vehicle software systems. Nevertheless, the randomness and blindness of fuzzing hinder it from becoming a reliable security tool. This article presents a vulnerability-oriented fuzz (VulFuzz) testing framework that utilizes security vulnerability metrics designed particularly for connected and autonomous vehicles to direct and prioritize the fuzz testing toward the most vulnerable components. While most gray-box fuzzing techniques aim solely to expand code coverage, the proposed approach assigns weights to ensure a thorough examination of the most vulnerable components. Moreover, we employ an input structure-aware mutation technique that can bypass vehicle software systems' input formats to boost test performance and avoid dropped test cases. Such a testing technique will contribute to the quality assurance of vehicle software engineering. We implemented the proposed approach on OpenPilot, a driver assistance system, and compared our results to American fuzzy lop (AFL) and an unguided mutation-based fuzzer. Within 16.8 h, VulFuzz exposed 335 crashes, 41 times more than AFL and two times more than an unguided mutation-based fuzzer. VulFuzz is explicitly efficient for automotive systems, reaching the same code coverage as AFL but with more exposed crashes and fewer dropped messages.

Jürgen Dobaj,Damjan Ekert,Jakub Stolfa,Svatopluk Stolfa,Georg Macher,Richard Messnarz

DOI: https://doi.org/10.3897/jucs.72367

2021-08-28

Abstract:Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

Shichun Yang,Zheng Zuo,Bin Ma,Yifan Zheng,Sida Zhou,Mingyan Liu,Yu Lu,Qiangwei Li,Xinan Zhou,Mengyue Zhang,Yang Hua,Fei Chen,Yaoguang Cao

DOI: https://doi.org/10.1109/JIOT.2023.3299554

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Along with the promotion of intelligent connected vehicles (ICVs), the problems of network attacks have rapidly increased, and thus the cybersecurity has drawn much attention. Unfortunately, although remarkable progress has been achieved both in technics and standard, it still remains vague for designing vehicular cybersecurity. In this article, the general technical profile of cybersecurity for ICVs has been comprehensively reviewed, including threat analysis and risk assessment, static defense, and intrusion detection. The potential attacking vulnerabilities for ICVs are summarized, within in-vehicle network and mobile networks. Then, the identity authentication and secure communication methods are introduced from static defense, where the conventional and novel intelligent approach are included. And the intrusion detection is introduced as the active methods, including conventional and novel ones. Moreover, the general procedure and management for designing the vehicular cybersecurity are also summarized according to the current standard system. It hopes that the review of research progress on technical method may help researchers and manufactures, and delivers the potential direction for future cybersecurity development.

Jinghua Yu,Feng Luo,Geguang Pu,Mingsong Chen

DOI: https://doi.org/10.1007/978-981-99-1365-7_43

2023-01-01

Abstract:With the increasing connectivity of the modern automotive, cybersecurity is becoming increasingly essential for an auto. Security by design is a recommended way to protect automotive systems rather than after-sale solutions. However, other than cybersecurity, an auto should also be safe and comfortable to transport people and cargo. How to achieve a trade-off design considering various system requirements is a challenge. In this paper, a trade-off design approach for integrating various aspects, like cybersecurity, safety, and user experience, is proposed. The affecting map and the affecting score are proposed as tools to help the designer to select proper security countermeasures qualitatively or quantitatively. The proposed methods are compatible with the international standard ISO/SAE 21434. A case study of a Diagnostic on Internet Protocol (DoIP) system is demonstrated with details to show how to use the proposed methods, and also verify the feasibility and effectiveness of the approach.